Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Zz5yIBSrbED084ns_Kyu_7tjBM8.cer
File:                     Zz5yIBSrbED084ns_Kyu_7tjBM8.cer (raw, json)
Hash identifier:          CLUvpDoJB7rHgzD/WbF6phld+4gg/XFKbI3m+pfG6z8=
Subject key identifier:   67:3E:72:20:14:AB:6C:40:F4:F3:89:EC:FC:AC:AE:FF:BB:63:04:CF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5DBE90DE19FC327DFD7882FB553446B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e9/9188a4-7c7b-4e19-84ce-5b4905a28d83/1/Zz5yIBSrbED084ns_Kyu_7tjBM8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e9/9188a4-7c7b-4e19-84ce-5b4905a28d83/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 16:29:32 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 216354

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:e9:0d:e1:9f:c3:27:df:d7:88:2f:b5:53:44:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 16:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=673e722014ab6c40f4f389ecfcacaeffbb6304cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3b:e9:60:ff:ad:d2:9e:c9:52:14:be:61:9b:
                    8c:be:98:09:e7:59:ab:04:d0:17:e3:2a:45:de:82:
                    f7:54:86:1d:c6:69:2a:c7:d9:4f:b9:b9:93:95:5c:
                    07:8e:aa:e5:a1:67:3a:60:c8:09:05:7d:f9:ab:57:
                    3e:08:49:c3:8e:42:d8:27:61:82:33:f9:4c:37:b6:
                    b1:b9:22:7c:ec:54:38:9f:ce:04:b1:17:5c:16:4e:
                    e6:b7:24:29:fa:9c:fe:2b:c2:71:50:e8:c1:7c:ed:
                    99:9a:88:86:03:56:bc:c0:46:65:69:e6:dc:f5:22:
                    9f:2b:12:a0:28:a3:e0:9b:8f:ca:e3:d5:20:fe:98:
                    cd:98:6c:39:56:bf:81:ae:75:2c:0a:67:e6:03:2a:
                    a8:95:56:52:f2:30:77:42:e7:91:5d:5b:f7:5f:e4:
                    33:f2:60:23:22:2f:92:9c:92:b0:00:a0:7c:28:41:
                    91:ec:35:dc:69:67:e9:ee:a3:af:da:2f:73:d3:1f:
                    37:8d:18:82:1e:35:90:e6:44:51:74:7d:31:f9:2c:
                    c7:c6:15:3e:0a:5c:11:d7:cc:5e:20:8d:b4:10:d9:
                    b3:b9:48:9a:25:13:49:02:77:35:34:0f:8a:c7:08:
                    65:c7:26:ea:5c:71:21:a9:a1:e1:78:35:3e:b0:d2:
                    44:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:3E:72:20:14:AB:6C:40:F4:F3:89:EC:FC:AC:AE:FF:BB:63:04:CF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/9188a4-7c7b-4e19-84ce-5b4905a28d83/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/9188a4-7c7b-4e19-84ce-5b4905a28d83/1/Zz5yIBSrbED084ns_Kyu_7tjBM8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  216354

    Signature Algorithm: sha256WithRSAEncryption
         02:0d:c2:7d:7c:5c:9a:f3:71:94:7c:4b:23:1a:cf:81:45:57:
         1d:da:49:f3:5a:b3:36:ba:a5:a4:b8:95:e9:c3:d6:a1:28:b6:
         de:f2:b9:fa:46:1a:84:9c:38:ca:d4:d5:e7:81:d9:4f:a6:02:
         36:a2:ef:82:30:7f:c9:d8:4e:68:e2:0a:1f:7e:35:ac:9f:b0:
         06:7e:91:4d:e5:da:d3:cf:bc:32:ec:2c:e8:88:da:a0:f6:45:
         1a:73:7a:32:59:bc:e6:f3:c4:d9:e2:bd:e1:3e:ba:c3:a0:a3:
         26:4d:71:73:60:12:86:d9:0c:2f:13:96:65:14:ef:a9:51:89:
         d3:f8:97:cb:35:a3:36:38:c5:56:b1:22:bd:79:3d:d0:d5:55:
         a5:45:7d:4d:d6:b8:d5:ad:91:97:71:fe:86:29:8f:de:bb:2d:
         55:bb:fe:d0:0b:cb:6d:f5:40:aa:ee:9b:18:fc:5e:56:37:cc:
         01:22:b1:06:74:63:b5:ad:d5:a1:27:51:aa:71:78:11:a6:27:
         1c:40:b5:97:4d:ad:61:83:2c:be:6a:0a:f6:57:54:7f:d2:81:
         c2:da:c8:ea:bf:5f:14:57:f3:15:79:be:81:70:b2:1a:e3:54:
         b2:b5:08:1c:05:5a:a3:f1:cb:5a:2a:1c:87:cc:09:db:44:0f:
         f1:b6:4d:75
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzF2+kN4Z/DJ9/XiC+1U0RrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzNlNzIyMDE0YWI2YzQwZjRmMzg5ZWNmY2FjYWVmZmJiNjMwNGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDvpYP+t0p7JUhS+YZuMvpgJ51mr
BNAX4ypF3oL3VIYdxmkqx9lPubmTlVwHjqrloWc6YMgJBX35q1c+CEnDjkLYJ2GC
M/lMN7axuSJ87FQ4n84EsRdcFk7mtyQp+pz+K8JxUOjBfO2ZmoiGA1a8wEZlaebc
9SKfKxKgKKPgm4/K49Ug/pjNmGw5Vr+BrnUsCmfmAyqolVZS8jB3QueRXVv3X+Qz
8mAjIi+SnJKwAKB8KEGR7DXcaWfp7qOv2i9z0x83jRiCHjWQ5kRRdH0x+SzHxhU+
ClwR18xeII20ENmzuUiaJRNJAnc1NA+KxwhlxybqXHEhqaHheDU+sNJEQQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFGc+ciAUq2xA9POJ7Pysrv+7YwTPMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U5LzkxODhh
NC03YzdiLTRlMTktODRjZS01YjQ5MDVhMjhkODMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTkvOTE4OGE0
LTdjN2ItNGUxOS04NGNlLTViNDkwNWEyOGQ4My8xL1p6NXlJQlNyYkVEMDg0bnNf
S3l1Xzd0akJNOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNNIjANBgkqhkiG9w0BAQsFAAOCAQEAAg3CfXxcmvNx
lHxLIxrPgUVXHdpJ81qzNrqlpLiV6cPWoSi23vK5+kYahJw4ytTV54HZT6YCNqLv
gjB/ydhOaOIKH341rJ+wBn6RTeXa08+8Muws6IjaoPZFGnN6Mlm85vPE2eK94T66
w6CjJk1xc2AShtkMLxOWZRTvqVGJ0/iXyzWjNjjFVrEivXk90NVVpUV9Tda41a2R
l3H+himP3rstVbv+0AvLbfVAqu6bGPxeVjfMASKxBnRjta3VoSdRqnF4EaYnHEC1
l02tYYMsvmoK9ldUf9KBwtrI6r9fFFfzFXm+gXCyGuNUsrUIHAVao/HLWioch8wJ
20QP8bZNdQ==
-----END CERTIFICATE-----