Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/_dcAK_Oi6s_IgdXhoCEQmMZplWw.cer
File:                     _dcAK_Oi6s_IgdXhoCEQmMZplWw.cer (raw, json)
Hash identifier:          8Fn3/NnFOzhDO4TfKKDc4yFc+d2cAQUytIkLwSlGDak=
Subject key identifier:   FD:D7:00:2B:F3:A2:EA:CF:C8:81:D5:E1:A0:21:10:98:C6:69:95:6C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941F8C127378B6913DEDEAC61C157AB9B8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/bd/101bcf-d1df-47c4-a2eb-2161ff47881c/1/_dcAK_Oi6s_IgdXhoCEQmMZplWw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/bd/101bcf-d1df-47c4-a2eb-2161ff47881c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 01:47:41 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 29273
                          IP: 193.41.36.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:12:73:78:b6:91:3d:ed:ea:c6:1c:15:7a:b9:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fdd7002bf3a2eacfc881d5e1a0211098c669956c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ae:45:21:42:6b:a7:fa:fd:ba:31:bc:53:64:
                    2a:ec:09:0a:27:10:6d:81:21:9c:1c:10:17:e9:e9:
                    77:dc:45:9f:9e:b2:ac:84:ff:60:47:c3:a2:6e:e5:
                    98:46:34:29:4a:56:f4:24:20:73:a1:32:48:2d:04:
                    16:ad:a9:2d:73:59:fc:c9:f2:b8:7d:8e:85:7d:d3:
                    cb:aa:ee:02:fe:ca:3a:66:b9:b9:34:3f:b6:f7:7b:
                    61:77:59:80:50:57:28:aa:98:3e:7e:56:b9:b1:d9:
                    98:8a:47:8b:dd:5a:ec:50:0c:a5:d5:8d:58:99:04:
                    37:75:12:60:de:26:1f:91:f7:df:37:36:40:03:59:
                    0f:5b:83:95:96:34:d1:48:72:6f:07:8b:b5:1f:c2:
                    f6:fd:90:85:91:49:9c:0d:b9:1a:18:76:21:78:95:
                    5b:57:76:52:8e:8d:59:f2:3d:30:5b:0e:60:e3:a2:
                    68:23:97:43:09:e7:37:4b:d3:c7:58:a1:b8:84:a1:
                    12:af:b6:fc:73:c7:2e:31:a0:d4:62:03:92:b7:57:
                    00:29:4b:03:d1:aa:2b:08:92:47:aa:95:16:e0:e9:
                    3f:0d:20:59:4f:d4:46:bb:96:4e:45:1c:f7:fb:0a:
                    eb:b3:39:a5:92:3d:9d:b7:04:b1:8e:51:b2:6f:44:
                    40:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:D7:00:2B:F3:A2:EA:CF:C8:81:D5:E1:A0:21:10:98:C6:69:95:6C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/101bcf-d1df-47c4-a2eb-2161ff47881c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/101bcf-d1df-47c4-a2eb-2161ff47881c/1/_dcAK_Oi6s_IgdXhoCEQmMZplWw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.36.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  29273

    Signature Algorithm: sha256WithRSAEncryption
         49:85:7e:26:df:59:76:6a:da:f9:8b:be:1f:80:d5:74:81:6e:
         4e:33:2c:ce:86:00:33:48:9d:bb:99:63:a4:46:48:a4:80:fc:
         e8:c0:25:f9:33:53:b4:53:b0:9b:f3:ee:76:76:8f:72:03:b5:
         8d:b0:95:64:40:fa:b3:cb:8b:9e:40:fe:34:a1:62:26:13:26:
         15:55:d1:e8:b3:d7:be:01:c0:87:c5:99:9d:17:93:a2:7b:f7:
         ad:a6:07:42:e3:9f:45:f3:0f:41:12:7b:51:95:1a:db:b0:7a:
         e0:56:2d:04:9b:d1:c8:c8:67:6b:83:b9:be:a5:6e:d5:df:74:
         18:9b:ca:9b:bf:2a:dc:2f:80:24:c8:ed:09:71:af:30:47:f7:
         1b:24:08:61:c6:75:71:95:89:3d:70:cc:8a:59:08:bf:2f:e1:
         6a:3b:af:36:88:29:3d:4d:05:b9:b6:eb:7b:05:56:74:40:a0:
         dc:1c:1a:e7:a6:84:71:e7:b3:29:d6:e0:a1:a2:ee:61:91:2d:
         46:82:5a:6d:99:a7:c7:ba:8f:76:03:a1:a5:2a:2f:26:55:e8:
         60:d4:b3:7f:bc:98:12:a6:b2:d0:80:b9:1a:8f:41:cb:3c:03:
         f5:8d:72:98:ea:21:e8:16:fd:85:91:42:42:e2:a7:5e:56:38:
         59:5b:24:fe
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAZQfjBJzeLaRPe3qxhwVerm4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDE0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGQ3MDAyYmYzYTJlYWNmYzg4MWQ1ZTFhMDIxMTA5OGM2Njk5NTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoq5FIUJrp/r9ujG8U2Qq7AkKJxBt
gSGcHBAX6el33EWfnrKshP9gR8OibuWYRjQpSlb0JCBzoTJILQQWraktc1n8yfK4
fY6FfdPLqu4C/so6Zrm5ND+293thd1mAUFcoqpg+fla5sdmYikeL3VrsUAyl1Y1Y
mQQ3dRJg3iYfkfffNzZAA1kPW4OVljTRSHJvB4u1H8L2/ZCFkUmcDbkaGHYheJVb
V3ZSjo1Z8j0wWw5g46JoI5dDCec3S9PHWKG4hKESr7b8c8cuMaDUYgOSt1cAKUsD
0aorCJJHqpUW4Ok/DSBZT9RGu5ZORRz3+wrrszmlkj2dtwSxjlGyb0RAPQIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFP3XACvzourPyIHV4aAhEJjGaZVsMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JkLzEwMWJj
Zi1kMWRmLTQ3YzQtYTJlYi0yMTYxZmY0Nzg4MWMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmQvMTAxYmNm
LWQxZGYtNDdjNC1hMmViLTIxNjFmZjQ3ODgxYy8xL19kY0FLX09pNnNfSWdkWGhv
Q0VRbU1acGxXdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwSkkMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AnJZMA0GCSqGSIb3DQEBCwUAA4IBAQBJhX4m31l2atr5i74fgNV0gW5OMyzOhgAz
SJ27mWOkRkikgPzowCX5M1O0U7Cb8+52do9yA7WNsJVkQPqzy4ueQP40oWImEyYV
VdHos9e+AcCHxZmdF5Oie/etpgdC459F8w9BEntRlRrbsHrgVi0Em9HIyGdrg7m+
pW7V33QYm8qbvyrcL4AkyO0Jca8wR/cbJAhhxnVxlYk9cMyKWQi/L+FqO682iCk9
TQW5tut7BVZ0QKDcHBrnpoRx57Mp1uChou5hkS1GglptmafHuo92A6GlKi8mVehg
1LN/vJgSprLQgLkaj0HLPAP1jXKY6iHoFv2FkUJC4qdeVjhZWyT+
-----END CERTIFICATE-----