Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/_PLPcoTXoDRugvN4rYMPV8OWG20.cer
File:                     _PLPcoTXoDRugvN4rYMPV8OWG20.cer (raw, json)
Hash identifier:          wN7z866WMovG/qQinsuC4meg38RNBrksCnZnuJMyYB4=
Subject key identifier:   FC:F2:CF:72:84:D7:A0:34:6E:82:F3:78:AD:83:0F:57:C3:96:1B:6D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA9A0B8CCF84B1A3122CF14814F00229
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/95/ddad9b-c9f1-431b-b093-b6835b732ad6/1/_PLPcoTXoDRugvN4rYMPV8OWG20.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/95/ddad9b-c9f1-431b-b093-b6835b732ad6/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 14:35:42 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 49722
                          IP: 91.215.224.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:9a:0b:8c:cf:84:b1:a3:12:2c:f1:48:14:f0:02:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 14:35:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fcf2cf7284d7a0346e82f378ad830f57c3961b6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:7f:09:69:d3:eb:f5:9e:8a:4a:b8:bf:1c:0b:
                    5e:f3:b9:d4:9c:04:8c:70:ec:b9:3c:07:cd:12:d2:
                    1f:d9:f3:c4:46:7b:ca:69:5c:ce:c0:e0:3f:44:0b:
                    e8:6f:7e:00:d9:8d:2f:81:2e:b7:4a:41:b2:b7:a3:
                    7e:1f:0c:80:86:ab:52:47:ca:03:99:8e:0b:2a:9f:
                    aa:25:80:8c:ff:06:f8:bb:87:de:e3:03:1c:f6:0c:
                    92:22:a9:e4:ed:20:bd:d5:79:04:84:2e:34:22:5b:
                    ba:03:ee:30:4f:51:cb:94:c6:ab:da:81:9d:65:ef:
                    aa:66:09:21:4c:c3:de:0b:54:6a:41:5b:a1:5c:aa:
                    ac:a4:6d:7f:9c:d3:a4:2b:b7:5f:b7:96:1a:ff:5b:
                    6c:1c:11:c0:41:28:ed:73:da:c8:de:03:23:10:60:
                    cb:a1:e2:b6:86:08:1b:28:74:52:95:bd:9d:95:cc:
                    0a:3d:e9:a9:2d:4f:e4:3f:78:82:82:70:e6:4e:03:
                    d2:6c:b1:b8:d9:35:cc:26:3d:d3:ea:7d:15:53:fd:
                    ba:dc:6e:97:d2:21:12:74:48:10:0e:95:36:fa:ae:
                    54:b1:ad:eb:ee:3e:a2:34:cc:e0:d6:a4:65:eb:1e:
                    73:eb:31:55:c6:26:92:d3:ce:ec:a4:a9:c1:60:7d:
                    c3:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:F2:CF:72:84:D7:A0:34:6E:82:F3:78:AD:83:0F:57:C3:96:1B:6D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/ddad9b-c9f1-431b-b093-b6835b732ad6/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/ddad9b-c9f1-431b-b093-b6835b732ad6/1/_PLPcoTXoDRugvN4rYMPV8OWG20.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.215.224.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  49722

    Signature Algorithm: sha256WithRSAEncryption
         2c:84:e3:3d:76:24:95:95:63:a8:a3:44:7a:04:59:07:ef:90:
         90:fc:73:4e:69:64:d1:0a:31:00:72:2d:11:28:c0:39:6d:ed:
         7e:20:62:ce:df:ec:7a:51:10:b5:30:36:38:b8:9f:4c:cf:8a:
         e3:f9:ca:18:68:d5:ba:39:84:e8:6f:3d:50:d2:0a:44:71:6b:
         d9:66:41:a4:c2:7a:de:a4:04:b5:75:bb:6c:b9:84:89:64:44:
         0f:e4:c0:ae:53:9d:2f:75:f7:40:da:e7:98:34:fc:48:21:63:
         3e:8a:c8:33:34:29:5d:06:dd:78:97:13:09:96:f2:fa:1e:25:
         f5:8c:48:ad:bb:6f:67:8c:06:ba:25:ea:f9:53:bf:96:05:84:
         4b:a5:88:a1:7e:6a:de:f1:63:d3:57:aa:f0:0c:bc:08:a1:e4:
         16:6a:20:f1:c3:4a:d1:f9:87:bb:e9:c0:a6:a9:c1:1c:7a:7c:
         96:89:52:b0:25:33:3a:91:5c:97:7a:fa:e0:23:6f:ae:85:5b:
         22:fa:39:d4:f9:b6:0c:5a:11:88:8c:ab:a7:aa:ec:f3:98:36:
         d3:4b:74:fd:fb:5f:a8:34:8b:d5:2f:b9:e4:be:ff:19:cb:6c:
         39:a8:ca:a3:df:81:b3:4a:0c:6f:d4:cd:aa:6f:7e:64:75:a9:
         7c:20:80:cc
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzKmguMz4SxoxIs8UgU8AIpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTQzNTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2YyY2Y3Mjg0ZDdhMDM0NmU4MmYzNzhhZDgzMGY1N2MzOTYxYjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsn8JadPr9Z6KSri/HAte87nUnASM
cOy5PAfNEtIf2fPERnvKaVzOwOA/RAvob34A2Y0vgS63SkGyt6N+HwyAhqtSR8oD
mY4LKp+qJYCM/wb4u4fe4wMc9gySIqnk7SC91XkEhC40Ilu6A+4wT1HLlMar2oGd
Ze+qZgkhTMPeC1RqQVuhXKqspG1/nNOkK7dft5Ya/1tsHBHAQSjtc9rI3gMjEGDL
oeK2hggbKHRSlb2dlcwKPempLU/kP3iCgnDmTgPSbLG42TXMJj3T6n0VU/263G6X
0iESdEgQDpU2+q5Usa3r7j6iNMzg1qRl6x5z6zFVxiaS087spKnBYH3DiQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFPzyz3KE16A0boLzeK2DD1fDlhttMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk1L2RkYWQ5
Yi1jOWYxLTQzMWItYjA5My1iNjgzNWI3MzJhZDYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTUvZGRhZDli
LWM5ZjEtNDMxYi1iMDkzLWI2ODM1YjczMmFkNi8xL19QTFBjb1RYb0RSdWd2TjRy
WU1QVjhPV0cyMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCW9fgMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDCOjANBgkqhkiG9w0BAQsFAAOCAQEALITjPXYklZVjqKNEegRZB++QkPxzTmlk
0QoxAHItESjAOW3tfiBizt/selEQtTA2OLifTM+K4/nKGGjVujmE6G89UNIKRHFr
2WZBpMJ63qQEtXW7bLmEiWRED+TArlOdL3X3QNrnmDT8SCFjPorIMzQpXQbdeJcT
CZby+h4l9YxIrbtvZ4wGuiXq+VO/lgWES6WIoX5q3vFj01eq8Ay8CKHkFmog8cNK
0fmHu+nApqnBHHp8lolSsCUzOpFcl3r64CNvroVbIvo51Pm2DFoRiIyrp6rs85g2
00t0/ftfqDSL1S+55L7/GctsOajKo9+Bs0oMb9TNqm9+ZHWpfCCAzA==
-----END CERTIFICATE-----