Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c-9Luv3HPlPAmdTVLpye_6g3m08.cer
File:                     c-9Luv3HPlPAmdTVLpye_6g3m08.cer (raw, json)
Hash identifier:          x4HyHANH9goOvDveKipKb2MUUagn0+ZJ36nR8snBldE=
Subject key identifier:   73:EF:4B:BA:FD:C7:3E:53:C0:99:D4:D5:2E:9C:9E:FF:A8:37:9B:4F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC7951C60DD5D52015257F709F89712E6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/eb/362a4d-9ae6-4012-b5b8-2cc753e53955/1/c-9Luv3HPlPAmdTVLpye_6g3m08.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/eb/362a4d-9ae6-4012-b5b8-2cc753e53955/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:31:27 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 45.67.68.0/22
                          IP: 2a09:71c0::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:1c:60:dd:5d:52:01:52:57:f7:09:f8:97:12:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73ef4bbafdc73e53c099d4d52e9c9effa8379b4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:ea:39:92:53:77:35:85:ab:03:81:77:3e:c7:
                    80:5c:74:4c:eb:97:16:4c:cb:c0:03:ff:41:dd:31:
                    4e:49:82:4e:52:cd:9a:8c:5f:32:18:26:2d:5c:cd:
                    e8:30:24:e4:0f:02:ec:cc:44:b8:33:ee:26:ac:c3:
                    58:34:40:af:9f:6d:aa:14:74:f4:e3:9a:d0:b5:d9:
                    24:cf:1c:02:5e:04:12:73:ae:fe:2a:c2:87:2d:c8:
                    b7:ae:24:c5:3c:f3:29:a4:62:50:e8:9b:26:c4:fc:
                    64:9e:ec:46:4f:5c:35:d3:8a:f6:ec:a2:c4:21:eb:
                    c0:67:a5:bf:d9:98:25:08:a1:3d:6c:c5:f9:e1:0d:
                    64:17:c9:ba:37:be:de:e0:a9:3f:66:df:c4:03:96:
                    69:b9:af:31:a9:8f:c4:d8:e7:a3:27:ec:fe:4d:6f:
                    7b:7c:0d:e8:cb:69:77:62:97:b6:2f:aa:a9:4c:c7:
                    46:a8:e0:55:f5:da:07:06:77:42:3c:95:d8:a8:91:
                    ef:d6:24:95:85:ae:41:de:fd:97:df:f6:9b:f0:62:
                    5c:ba:d3:6e:51:b3:f1:dd:8d:22:00:fa:5c:56:2d:
                    3f:09:1d:01:2e:86:92:b4:82:e7:0e:ce:c4:a7:7c:
                    81:a6:a3:97:b8:d1:ca:95:c8:92:d9:db:eb:ba:52:
                    77:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:EF:4B:BA:FD:C7:3E:53:C0:99:D4:D5:2E:9C:9E:FF:A8:37:9B:4F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/362a4d-9ae6-4012-b5b8-2cc753e53955/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/362a4d-9ae6-4012-b5b8-2cc753e53955/1/c-9Luv3HPlPAmdTVLpye_6g3m08.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.68.0/22
                IPv6:
                  2a09:71c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         63:29:14:49:1f:a5:79:d0:6d:ee:ef:9d:15:c1:da:da:06:94:
         de:bf:6b:42:a5:de:c6:53:ee:18:e3:f8:db:bc:eb:f5:5f:a2:
         77:76:8f:55:0b:5d:aa:96:7a:1c:36:bf:ac:fe:4a:ee:9f:fa:
         21:c2:92:5b:55:24:26:9f:59:bd:b2:bb:b4:6d:bf:b7:29:de:
         6d:a7:f6:8e:13:01:bd:84:e6:68:6c:1f:f5:4b:95:31:b1:ac:
         e9:98:0e:f0:af:8b:12:f0:a5:11:eb:84:1b:e9:03:c9:c6:af:
         60:d7:6a:56:a4:fa:29:08:3d:4f:a0:e3:e9:90:0f:3f:0e:d7:
         31:57:43:0b:6e:2c:9f:88:ef:12:08:e9:1e:ee:04:eb:01:13:
         08:91:41:3a:9a:3d:f1:40:73:50:ef:3f:6c:8c:d2:f7:d3:b4:
         44:8d:1c:c1:2c:b7:5c:42:df:d6:67:2f:10:e1:b7:b6:8f:93:
         74:69:f2:62:9c:ff:f5:d1:63:01:66:13:b8:b8:c3:f5:ff:70:
         80:3d:1f:40:2c:34:a5:4f:d3:9e:c7:b0:c1:44:e5:d8:cb:7f:
         a0:67:b3:05:83:00:25:ef:73:c9:3e:a1:1e:9f:ad:ed:db:1f:
         b1:75:96:66:ed:51:3a:04:a9:63:e7:42:6e:c3:ac:31:ec:26:
         51:41:c7:c5
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzHlRxg3V1SAVJX9wn4lxLmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2VmNGJiYWZkYzczZTUzYzA5OWQ0ZDUyZTljOWVmZmE4Mzc5YjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzuo5klN3NYWrA4F3PseAXHRM65cW
TMvAA/9B3TFOSYJOUs2ajF8yGCYtXM3oMCTkDwLszES4M+4mrMNYNECvn22qFHT0
45rQtdkkzxwCXgQSc67+KsKHLci3riTFPPMppGJQ6JsmxPxknuxGT1w104r27KLE
IevAZ6W/2ZglCKE9bMX54Q1kF8m6N77e4Kk/Zt/EA5Zpua8xqY/E2OejJ+z+TW97
fA3oy2l3Ype2L6qpTMdGqOBV9doHBndCPJXYqJHv1iSVha5B3v2X3/ab8GJcutNu
UbPx3Y0iAPpcVi0/CR0BLoaStILnDs7Ep3yBpqOXuNHKlciS2dvrulJ32wIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFHPvS7r9xz5TwJnU1S6cnv+oN5tPMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ViLzM2MmE0
ZC05YWU2LTQwMTItYjViOC0yY2M3NTNlNTM5NTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWIvMzYyYTRk
LTlhZTYtNDAxMi1iNWI4LTJjYzc1M2U1Mzk1NS8xL2MtOUx1djNIUGxQQW1kVFZM
cHllXzZnM20wOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCLUNEMA0EAgACMAcDBQMqCXHAMA0GCSqGSIb3
DQEBCwUAA4IBAQBjKRRJH6V50G3u750VwdraBpTev2tCpd7GU+4Y4/jbvOv1X6J3
do9VC12qlnocNr+s/krun/ohwpJbVSQmn1m9sru0bb+3Kd5tp/aOEwG9hOZobB/1
S5UxsazpmA7wr4sS8KUR64Qb6QPJxq9g12pWpPopCD1PoOPpkA8/DtcxV0MLbiyf
iO8SCOke7gTrARMIkUE6mj3xQHNQ7z9sjNL307REjRzBLLdcQt/WZy8Q4be2j5N0
afJinP/10WMBZhO4uMP1/3CAPR9ALDSlT9Oex7DBROXYy3+gZ7MFgwAl73PJPqEe
n63t2x+xdZZm7VE6BKlj50Juw6wx7CZRQcfF
-----END CERTIFICATE-----