Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5LD_GkVSsfVFbysnaoH54vCKcw.cer
File:                     d5LD_GkVSsfVFbysnaoH54vCKcw.cer (raw, json)
Hash identifier:          Shm+kYY/ijci6+cOHw9dxB8+fk1jQ/0oXxInH02F+NU=
Subject key identifier:   77:92:C3:FC:69:15:4A:C7:D5:15:BC:AC:9D:AA:07:E7:8B:C2:29:CC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5DC2C0ED29FB28ADBCA99E337D0AB44
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ed/52b48d-28a8-48f5-a4df-4db40a36563e/1/d5LD_GkVSsfVFbysnaoH54vCKcw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ed/52b48d-28a8-48f5-a4df-4db40a36563e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 16:29:49 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.99.56.0/22
                          IP: 2a06:10c0::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:2c:0e:d2:9f:b2:8a:db:ca:99:e3:37:d0:ab:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 16:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7792c3fc69154ac7d515bcac9daa07e78bc229cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:f6:cd:ff:70:3a:2d:15:09:48:2c:57:e0:fa:
                    f9:3f:56:74:c1:74:a9:4a:9a:0e:be:f0:48:5b:33:
                    d7:e2:05:e1:f3:27:50:c0:83:48:1f:76:2d:a5:fb:
                    2b:0c:fc:33:07:9e:20:57:73:91:64:3d:b8:4f:fa:
                    0c:f0:08:85:fa:61:3d:a8:53:d3:21:c0:8d:0a:57:
                    3a:9d:da:98:cb:79:72:63:b6:37:2c:c4:25:2c:cc:
                    87:4e:57:6e:10:f5:9b:80:1c:92:2b:bb:57:f7:05:
                    2c:66:3a:39:4c:11:fd:e8:2e:8a:51:0d:48:b7:76:
                    bb:1a:2c:d7:0b:fa:c0:40:1d:29:c4:5b:db:d0:b0:
                    a8:41:4f:95:b3:d3:de:b5:94:f3:3c:c0:8e:8c:85:
                    63:79:94:2e:0f:a2:c9:22:c6:2b:9b:57:ea:21:a0:
                    0e:08:d0:21:fd:cc:42:b0:1c:9b:c6:b6:60:76:a8:
                    8c:4e:9e:bb:2e:11:83:e3:77:94:02:94:57:c9:e2:
                    a9:3d:c8:f4:81:5f:1d:64:3e:39:1c:e5:ca:41:f4:
                    73:36:dd:62:19:43:30:c0:28:6e:83:74:f5:23:65:
                    56:ab:e6:39:96:bf:da:b1:72:7c:1e:12:34:5d:89:
                    1e:5f:15:b7:e2:56:04:bc:98:32:34:0f:a1:1b:2d:
                    52:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:92:C3:FC:69:15:4A:C7:D5:15:BC:AC:9D:AA:07:E7:8B:C2:29:CC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/52b48d-28a8-48f5-a4df-4db40a36563e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/52b48d-28a8-48f5-a4df-4db40a36563e/1/d5LD_GkVSsfVFbysnaoH54vCKcw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.99.56.0/22
                IPv6:
                  2a06:10c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         4d:1f:59:93:6c:15:ef:c0:99:16:f4:37:96:06:d4:5e:82:03:
         c4:ff:0e:3b:33:52:4e:be:3a:7a:78:4a:1b:0c:4d:47:a1:79:
         5c:11:67:b3:85:46:66:53:81:3f:09:91:5f:08:48:a3:cd:3a:
         dd:28:1c:79:01:d8:12:27:57:a5:6c:15:bf:5b:35:a9:88:5e:
         d1:f4:c2:c0:ba:32:82:cc:9a:97:c1:29:ff:c4:a7:09:e1:3a:
         19:64:18:c9:34:74:d5:74:41:74:6b:eb:b1:e4:5c:f9:56:8e:
         9c:e8:5e:69:aa:3a:ba:f2:9a:52:f3:6c:ce:7e:c8:d2:63:ca:
         93:5c:9f:4f:bf:51:81:4c:e1:58:2e:4e:8e:ee:5d:00:91:10:
         04:5c:00:49:40:4d:e2:c6:6f:46:88:1f:36:b9:03:6c:4d:25:
         a8:b2:1a:a2:f3:4e:8e:0a:ad:d5:f8:38:6c:8c:55:b3:be:d7:
         ce:63:e5:fd:d5:11:f7:d2:d8:4e:0c:f0:0e:3f:b8:3b:97:11:
         7e:54:5f:cb:7f:79:ba:8b:38:c0:06:69:bb:85:57:5e:14:ee:
         9e:1a:a8:b8:60:85:5d:d0:a7:f8:2b:9a:9d:b5:5c:23:c7:09:
         85:eb:a5:9e:5d:d8:16:a5:1f:9f:da:86:f9:b5:69:c3:e4:96:
         6e:26:a1:ba
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzF3CwO0p+yitvKmeM30KtEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTYyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzkyYzNmYzY5MTU0YWM3ZDUxNWJjYWM5ZGFhMDdlNzhiYzIyOWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvbN/3A6LRUJSCxX4Pr5P1Z0wXSp
SpoOvvBIWzPX4gXh8ydQwINIH3YtpfsrDPwzB54gV3ORZD24T/oM8AiF+mE9qFPT
IcCNClc6ndqYy3lyY7Y3LMQlLMyHTlduEPWbgBySK7tX9wUsZjo5TBH96C6KUQ1I
t3a7GizXC/rAQB0pxFvb0LCoQU+Vs9PetZTzPMCOjIVjeZQuD6LJIsYrm1fqIaAO
CNAh/cxCsBybxrZgdqiMTp67LhGD43eUApRXyeKpPcj0gV8dZD45HOXKQfRzNt1i
GUMwwChug3T1I2VWq+Y5lr/asXJ8HhI0XYkeXxW34lYEvJgyNA+hGy1SyQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFHeSw/xpFUrH1RW8rJ2qB+eLwinMMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VkLzUyYjQ4
ZC0yOGE4LTQ4ZjUtYTRkZi00ZGI0MGEzNjU2M2UvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWQvNTJiNDhk
LTI4YTgtNDhmNS1hNGRmLTRkYjQwYTM2NTYzZS8xL2Q1TERfR2tWU3NmVkZieXNu
YW9INTR2Q0tjdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuWM4MA0EAgACMAcDBQMqBhDAMA0GCSqGSIb3
DQEBCwUAA4IBAQBNH1mTbBXvwJkW9DeWBtReggPE/w47M1JOvjp6eEobDE1HoXlc
EWezhUZmU4E/CZFfCEijzTrdKBx5AdgSJ1elbBW/WzWpiF7R9MLAujKCzJqXwSn/
xKcJ4ToZZBjJNHTVdEF0a+ux5Fz5Vo6c6F5pqjq68ppS82zOfsjSY8qTXJ9Pv1GB
TOFYLk6O7l0AkRAEXABJQE3ixm9GiB82uQNsTSWoshqi806OCq3V+DhsjFWzvtfO
Y+X91RH30thODPAOP7g7lxF+VF/Lf3m6izjABmm7hVdeFO6eGqi4YIVd0Kf4K5qd
tVwjxwmF66WeXdgWpR+f2ob5tWnD5JZuJqG6
-----END CERTIFICATE-----