Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dim08aCQrAe-F2LewzjmoP412X4.cer
File:                     dim08aCQrAe-F2LewzjmoP412X4.cer (raw, json)
Hash identifier:          44wvW6VQ/WlOhih+Tjj72AV21v4z03fwfsM2q1GwvMQ=
Subject key identifier:   76:29:B4:F1:A0:90:AC:07:BE:17:62:DE:C3:38:E6:A0:FE:35:D9:7E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942748469CFC977DAB127F1CC97C87591D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/de/a1ef63-16a7-4a94-b114-5f175b5ae038/1/dim08aCQrAe-F2LewzjmoP412X4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/de/a1ef63-16a7-4a94-b114-5f175b5ae038/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 13:50:35 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 193.37.37.0/24
                          IP: 2a14:7e80::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:46:9c:fc:97:7d:ab:12:7f:1c:c9:7c:87:59:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 13:50:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7629b4f1a090ac07be1762dec338e6a0fe35d97e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:02:f7:3c:30:28:14:d7:a2:2b:07:b1:d3:95:
                    3c:89:33:66:eb:67:54:ce:2a:02:be:49:c0:57:89:
                    b5:01:03:71:f9:0a:42:ed:90:6e:18:7b:ba:1d:22:
                    85:52:39:dc:2f:ee:64:e8:9f:56:36:1b:a1:c0:f1:
                    67:63:0d:9a:f9:9e:c3:98:bb:d6:30:10:5a:32:9c:
                    8f:33:6e:50:82:20:75:63:5b:4b:5b:04:9d:4c:09:
                    d9:18:85:e9:35:6e:ef:60:ba:d4:8d:c1:80:48:0d:
                    07:d2:47:3c:89:22:9a:65:b2:c4:f6:6b:54:66:89:
                    78:85:f3:ec:35:bb:d8:7e:0b:5e:0a:7e:25:27:d9:
                    9c:69:d6:b7:56:3e:63:84:cb:1e:08:71:5e:59:91:
                    e5:8d:19:15:36:a0:b9:83:0e:b8:c7:ae:46:8e:6d:
                    bb:80:f7:dd:a6:82:a1:e6:45:21:91:1d:37:d0:a3:
                    82:83:ec:ac:ef:ac:cf:32:5e:be:34:93:c6:62:78:
                    38:75:06:75:19:a8:cc:81:29:3a:64:87:6a:0b:7b:
                    08:92:dc:d5:e5:32:6e:47:24:de:66:1a:cf:1c:9d:
                    1e:ca:da:31:c2:c2:15:9e:2b:25:91:78:c2:67:ab:
                    2a:97:49:43:c7:b6:d5:b5:f6:5f:de:e8:b4:f1:73:
                    f9:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:29:B4:F1:A0:90:AC:07:BE:17:62:DE:C3:38:E6:A0:FE:35:D9:7E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/a1ef63-16a7-4a94-b114-5f175b5ae038/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/a1ef63-16a7-4a94-b114-5f175b5ae038/1/dim08aCQrAe-F2LewzjmoP412X4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.37.0/24
                IPv6:
                  2a14:7e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         94:8d:4b:13:c2:e4:36:00:7f:05:ab:c5:50:91:d2:f2:3f:fb:
         7e:e7:bc:a2:34:9d:8d:05:a4:2d:46:bb:87:38:85:9d:bd:c0:
         0b:0a:c4:2e:ed:a8:ae:56:2e:05:03:c6:42:40:6e:b0:15:77:
         03:11:ea:27:ea:6f:fe:99:45:a6:19:4a:02:e8:56:80:6d:8d:
         da:38:d4:a7:f5:12:62:3f:b7:9c:dd:da:09:80:4a:cc:0a:b8:
         1a:0f:91:4a:05:73:f7:a9:5b:f9:fe:3a:66:f6:aa:60:92:e3:
         3d:c3:19:f3:9d:93:34:00:7b:c8:bb:3a:43:05:6c:ab:94:42:
         d0:8f:14:98:5d:a0:78:b5:81:53:3f:73:1c:0b:2f:9f:7d:2a:
         03:de:04:0b:ea:70:1d:17:0f:93:3e:fc:91:c2:05:de:8e:31:
         3c:aa:d4:3c:f3:90:5e:64:96:89:d7:ad:01:e0:fd:41:54:e6:
         64:68:24:8f:e8:e6:17:48:fe:da:2a:d5:8c:d0:7f:38:76:95:
         04:14:14:7c:ef:0d:d6:4d:a6:62:d4:ee:07:7d:9f:b1:56:b6:
         fd:3f:b7:6b:aa:83:16:20:1c:ae:62:8a:64:29:a8:39:41:b8:
         10:10:2c:9c:b6:3f:f9:6b:5f:c6:f6:ff:06:4b:83:3c:b3:bc:
         35:be:4e:77
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQnSEac/Jd9qxJ/HMl8h1kdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTM1MDM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjI5YjRmMWEwOTBhYzA3YmUxNzYyZGVjMzM4ZTZhMGZlMzVkOTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQL3PDAoFNeiKwex05U8iTNm62dU
zioCvknAV4m1AQNx+QpC7ZBuGHu6HSKFUjncL+5k6J9WNhuhwPFnYw2a+Z7DmLvW
MBBaMpyPM25QgiB1Y1tLWwSdTAnZGIXpNW7vYLrUjcGASA0H0kc8iSKaZbLE9mtU
Zol4hfPsNbvYfgteCn4lJ9mcada3Vj5jhMseCHFeWZHljRkVNqC5gw64x65Gjm27
gPfdpoKh5kUhkR030KOCg+ys76zPMl6+NJPGYng4dQZ1GajMgSk6ZIdqC3sIktzV
5TJuRyTeZhrPHJ0eytoxwsIVnislkXjCZ6sql0lDx7bVtfZf3ui08XP5mwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFHYptPGgkKwHvhdi3sM45qD+Ndl+MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2RlL2ExZWY2
My0xNmE3LTRhOTQtYjExNC01ZjE3NWI1YWUwMzgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGUvYTFlZjYz
LTE2YTctNGE5NC1iMTE0LTVmMTc1YjVhZTAzOC8xL2RpbTA4YUNRckFlLUYyTGV3
emptb1A0MTJYNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAwSUlMA0EAgACMAcDBQMqFH6AMA0GCSqGSIb3
DQEBCwUAA4IBAQCUjUsTwuQ2AH8Fq8VQkdLyP/t+57yiNJ2NBaQtRruHOIWdvcAL
CsQu7aiuVi4FA8ZCQG6wFXcDEeon6m/+mUWmGUoC6FaAbY3aONSn9RJiP7ec3doJ
gErMCrgaD5FKBXP3qVv5/jpm9qpgkuM9wxnznZM0AHvIuzpDBWyrlELQjxSYXaB4
tYFTP3McCy+ffSoD3gQL6nAdFw+TPvyRwgXejjE8qtQ885BeZJaJ160B4P1BVOZk
aCSP6OYXSP7aKtWM0H84dpUEFBR87w3WTaZi1O4HfZ+xVrb9P7drqoMWIByuYopk
Kag5QbgQECyctj/5a1/G9v8GS4M8s7w1vk53
-----END CERTIFICATE-----