Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/azT6U9HYTbq-aY1bvMrt8QnRV64.cer
File:                     azT6U9HYTbq-aY1bvMrt8QnRV64.cer (raw, json)
Hash identifier:          Fxzwwj1ULa3z9TW4wFUkYYIF7PuyRQYjjVrlmdBx6vo=
Subject key identifier:   6B:34:FA:53:D1:D8:4D:BA:BE:69:8D:5B:BC:CA:ED:F1:09:D1:57:AE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941FFA11CE203140E4B8746935A8EF803C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6b/528de1-8f68-4cb9-b6ce-ffaaa299af61/1/azT6U9HYTbq-aY1bvMrt8QnRV64.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6b/528de1-8f68-4cb9-b6ce-ffaaa299af61/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 03:47:49 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 8762
                          IP: 147.95.0.0/16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:11:ce:20:31:40:e4:b8:74:69:35:a8:ef:80:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 03:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b34fa53d1d84dbabe698d5bbccaedf109d157ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:2a:22:a0:fa:3a:b4:f3:c9:83:57:dd:6e:0d:
                    62:af:3f:ea:3a:c4:0c:79:4b:8c:9f:8e:29:39:90:
                    7d:29:85:6c:d8:1a:b6:7d:20:32:66:80:66:89:e0:
                    97:aa:37:e1:39:0c:83:08:ad:e4:b4:7e:7b:09:b6:
                    7d:99:16:5c:13:6f:ba:70:6e:39:c1:39:38:d7:67:
                    59:5e:a9:46:30:9f:03:b5:1d:d9:df:99:cc:d3:52:
                    e2:6d:eb:bb:1d:0f:2a:0a:d1:28:38:50:da:18:e1:
                    1c:ac:3e:46:10:22:df:85:24:ad:68:c4:72:fa:7b:
                    a4:6f:ea:81:d2:1e:46:06:f8:bb:e6:0b:cf:88:88:
                    fa:ce:f3:f8:5a:59:5a:73:57:aa:36:cb:3e:11:f8:
                    0e:75:7c:ed:7f:e1:ea:59:63:37:10:94:5d:d3:52:
                    b4:54:79:d4:80:64:98:c3:96:ba:ee:10:0b:93:0a:
                    ea:b9:52:0b:3c:5d:f3:a3:67:7f:a6:41:c9:f9:72:
                    41:19:c6:9c:99:20:09:8d:49:8a:75:a5:a7:8a:d4:
                    32:e3:b8:13:15:0d:66:71:39:e1:01:e1:74:16:5e:
                    29:a9:61:75:33:65:78:63:0f:62:f2:9b:2b:7b:b0:
                    b4:5f:37:75:8f:6f:ea:08:ec:57:f5:b2:52:fe:d3:
                    b3:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:34:FA:53:D1:D8:4D:BA:BE:69:8D:5B:BC:CA:ED:F1:09:D1:57:AE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/528de1-8f68-4cb9-b6ce-ffaaa299af61/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/528de1-8f68-4cb9-b6ce-ffaaa299af61/1/azT6U9HYTbq-aY1bvMrt8QnRV64.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.95.0.0/16

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  8762

    Signature Algorithm: sha256WithRSAEncryption
         55:e2:14:a1:53:ca:da:e2:55:57:fa:8d:df:f4:41:1d:b4:43:
         c6:08:e1:a1:7b:03:7d:09:cc:39:a0:22:e7:bd:d0:84:53:46:
         2a:a7:53:d1:00:92:cf:4e:50:96:44:43:3c:6c:1a:18:fc:bd:
         ee:75:14:d9:55:ae:1d:68:1d:de:e0:95:8d:f2:d5:64:d0:57:
         8a:0e:38:ef:cb:f8:7e:4a:c7:ed:19:1d:49:83:b2:ac:ba:82:
         a5:5a:7f:f0:6b:77:4f:d4:b5:e6:55:11:68:49:66:83:23:98:
         d6:bd:84:10:56:d8:14:0d:7c:73:49:61:00:8e:a2:8b:cd:9e:
         ff:5a:0b:d8:f5:a5:e4:be:7d:00:4b:d1:cc:e0:2b:f4:81:2e:
         4c:25:3b:fb:90:55:f0:19:ba:9f:c6:db:a9:28:4e:76:df:ff:
         7b:44:cd:16:98:da:7a:94:14:2b:0e:3e:24:eb:c3:44:97:ca:
         0b:56:28:0b:1e:a1:38:30:07:08:14:e0:bd:6e:f8:c0:76:6c:
         6a:fe:7c:c9:87:8b:d5:32:7e:e7:3a:31:67:ca:db:e7:3a:b7:
         46:d2:bf:08:88:c6:8a:0d:42:d3:ab:ac:df:75:a2:bf:72:85:
         21:b2:42:d4:f6:45:c0:bd:6e:a0:8d:65:c9:a3:01:a4:fd:fc:
         d4:cf:22:29
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgISAZQf+hHOIDFA5Lh0aTWo74A8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDM0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjM0ZmE1M2QxZDg0ZGJhYmU2OThkNWJiY2NhZWRmMTA5ZDE1N2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApioioPo6tPPJg1fdbg1irz/qOsQM
eUuMn44pOZB9KYVs2Bq2fSAyZoBmieCXqjfhOQyDCK3ktH57CbZ9mRZcE2+6cG45
wTk412dZXqlGMJ8DtR3Z35nM01Libeu7HQ8qCtEoOFDaGOEcrD5GECLfhSStaMRy
+nukb+qB0h5GBvi75gvPiIj6zvP4Wllac1eqNss+EfgOdXztf+HqWWM3EJRd01K0
VHnUgGSYw5a67hALkwrquVILPF3zo2d/pkHJ+XJBGcacmSAJjUmKdaWnitQy47gT
FQ1mcTnhAeF0Fl4pqWF1M2V4Yw9i8psre7C0Xzd1j2/qCOxX9bJS/tOzvwIDAQAB
o4ICnjCCApowHQYDVR0OBBYEFGs0+lPR2E26vmmNW7zK7fEJ0VeuMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZiLzUyOGRl
MS04ZjY4LTRjYjktYjZjZS1mZmFhYTI5OWFmNjEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmIvNTI4ZGUx
LThmNjgtNGNiOS1iNmNlLWZmYWFhMjk5YWY2MS8xL2F6VDZVOUhZVGJxLWFZMWJ2
TXJ0OFFuUlY2NC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUF
BwEHAQH/BA8wDTALBAIAATAFAwMAk18wGQYIKwYBBQUHAQgBAf8ECjAIoAYwBAIC
IjowDQYJKoZIhvcNAQELBQADggEBAFXiFKFTytriVVf6jd/0QR20Q8YI4aF7A30J
zDmgIue90IRTRiqnU9EAks9OUJZEQzxsGhj8ve51FNlVrh1oHd7glY3y1WTQV4oO
OO/L+H5Kx+0ZHUmDsqy6gqVaf/Brd0/UteZVEWhJZoMjmNa9hBBW2BQNfHNJYQCO
oovNnv9aC9j1peS+fQBL0czgK/SBLkwlO/uQVfAZup/G26koTnbf/3tEzRaY2nqU
FCsOPiTrw0SXygtWKAseoTgwBwgU4L1u+MB2bGr+fMmHi9Uyfuc6MWfK2+c6t0bS
vwiIxooNQtOrrN91or9yhSGyQtT2RcC9bqCNZcmjAaT9/NTPIik=
-----END CERTIFICATE-----