Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fUX7_9Yv4k4mM5GTrZpsMYtduyQ.cer
File:                     fUX7_9Yv4k4mM5GTrZpsMYtduyQ.cer (raw, json)
Hash identifier:          xf0cZ2fLUB/NkKMzxW1/hSDYsCV1F/GNr68yyb34HZQ=
Subject key identifier:   7D:45:FB:FF:D6:2F:E2:4E:26:33:91:93:AD:9A:6C:31:8B:5D:BB:24
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC4923E211E3DA1B91E0886989077CB0F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/0c/b2953a-d987-46b0-bea3-87a62e0fc48c/1/fUX7_9Yv4k4mM5GTrZpsMYtduyQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/0c/b2953a-d987-46b0-bea3-87a62e0fc48c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 10:29:27 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 210732

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:3e:21:1e:3d:a1:b9:1e:08:86:98:90:77:cb:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 10:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d45fbffd62fe24e26339193ad9a6c318b5dbb24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:df:b9:88:a4:3c:b0:62:10:03:a4:0a:cd:3f:
                    d3:2c:b7:c6:8b:a7:56:37:4c:e0:a8:f1:48:4f:02:
                    44:b6:35:34:36:f9:a2:fd:a0:36:dc:13:85:c8:3c:
                    04:ea:fe:cb:a3:5d:aa:04:84:f1:a4:78:c2:91:34:
                    d0:38:23:a4:c2:40:6e:80:76:ee:91:dd:bf:f4:a8:
                    69:1a:9b:6c:5a:e7:68:63:d9:7d:c2:69:ce:56:2f:
                    9e:17:92:78:98:3e:b3:29:88:4d:a8:b7:14:72:87:
                    df:9c:ff:f3:5c:7d:1a:af:0a:18:a6:26:af:d0:17:
                    3e:00:02:32:4c:df:4c:aa:f1:23:d4:a8:e1:80:44:
                    95:3a:4f:5a:b5:32:58:de:2c:e1:06:44:01:3a:5d:
                    d0:7e:7b:f8:01:75:d5:d0:76:7f:fb:89:e8:0b:c8:
                    30:5a:29:58:47:ea:53:97:fc:b6:df:6a:59:82:61:
                    d2:7a:f9:ce:02:e2:17:ec:22:69:27:b4:60:58:0c:
                    c2:88:d1:75:61:bd:1a:75:6b:36:32:93:81:73:44:
                    8f:5a:b8:02:71:f9:49:5c:82:e5:b5:ea:e7:44:80:
                    cc:b1:67:d7:dd:29:af:c5:0f:fb:b6:cc:b6:e9:0d:
                    03:ec:23:7c:75:f3:49:64:dd:1e:1e:2e:e3:a8:94:
                    d3:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:45:FB:FF:D6:2F:E2:4E:26:33:91:93:AD:9A:6C:31:8B:5D:BB:24
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/b2953a-d987-46b0-bea3-87a62e0fc48c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/b2953a-d987-46b0-bea3-87a62e0fc48c/1/fUX7_9Yv4k4mM5GTrZpsMYtduyQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210732

    Signature Algorithm: sha256WithRSAEncryption
         0f:9c:ea:e7:57:2d:5e:ed:cb:b1:66:78:39:fd:34:73:ed:26:
         73:51:a1:93:6f:b6:86:73:49:c4:c8:40:78:76:45:1c:1e:0a:
         93:78:fe:3d:23:1b:11:d2:a9:ea:b0:96:63:72:23:8a:77:aa:
         ba:1d:c0:8f:46:18:38:29:c9:4c:02:5e:6d:5d:f0:87:1b:eb:
         ac:97:d8:db:0b:db:8f:d5:61:3f:8d:03:37:6f:0f:0e:f9:41:
         8d:17:4e:9d:7a:8f:6e:67:38:2e:36:d3:43:09:70:7f:a8:7d:
         1f:29:3d:35:ff:18:80:32:a3:13:0a:81:8c:f4:41:e0:df:85:
         b1:25:92:64:d1:b0:94:3f:9c:bf:7d:2f:90:e2:0b:4a:5a:2f:
         20:b0:a4:65:23:20:3a:c6:74:51:d3:0d:a9:11:6a:54:b9:1a:
         44:3c:e5:13:93:fc:3b:59:f8:03:57:b3:2d:ae:53:08:74:e0:
         92:8e:fa:21:c8:b3:51:0c:d1:d0:75:9f:b8:43:a9:36:ae:99:
         81:66:a6:07:e5:92:79:cd:70:d2:89:30:d8:d7:48:b7:ba:8c:
         c0:58:21:91:0f:af:67:20:7d:79:cc:00:89:53:de:ee:90:4f:
         db:2b:77:71:54:8e:a8:d9:43:40:16:e8:37:66:fe:24:4f:bb:
         40:b0:ac:4d
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzEkj4hHj2huR4IhpiQd8sPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDQ1ZmJmZmQ2MmZlMjRlMjYzMzkxOTNhZDlhNmMzMThiNWRiYjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnt+5iKQ8sGIQA6QKzT/TLLfGi6dW
N0zgqPFITwJEtjU0Nvmi/aA23BOFyDwE6v7Lo12qBITxpHjCkTTQOCOkwkBugHbu
kd2/9KhpGptsWudoY9l9wmnOVi+eF5J4mD6zKYhNqLcUcoffnP/zXH0arwoYpiav
0Bc+AAIyTN9MqvEj1KjhgESVOk9atTJY3izhBkQBOl3Qfnv4AXXV0HZ/+4noC8gw
WilYR+pTl/y232pZgmHSevnOAuIX7CJpJ7RgWAzCiNF1Yb0adWs2MpOBc0SPWrgC
cflJXILlternRIDMsWfX3SmvxQ/7tsy26Q0D7CN8dfNJZN0eHi7jqJTTCwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFH1F+//WL+JOJjORk62abDGLXbskMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBjL2IyOTUz
YS1kOTg3LTQ2YjAtYmVhMy04N2E2MmUwZmM0OGMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGMvYjI5NTNh
LWQ5ODctNDZiMC1iZWEzLTg3YTYyZTBmYzQ4Yy8xL2ZVWDdfOVl2NGs0bU01R1Ry
WnBzTVl0ZHV5US5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM3LDANBgkqhkiG9w0BAQsFAAOCAQEAD5zq51ctXu3L
sWZ4Of00c+0mc1Ghk2+2hnNJxMhAeHZFHB4Kk3j+PSMbEdKp6rCWY3Ijinequh3A
j0YYOCnJTAJebV3whxvrrJfY2wvbj9VhP40DN28PDvlBjRdOnXqPbmc4LjbTQwlw
f6h9Hyk9Nf8YgDKjEwqBjPRB4N+FsSWSZNGwlD+cv30vkOILSlovILCkZSMgOsZ0
UdMNqRFqVLkaRDzlE5P8O1n4A1ezLa5TCHTgko76IcizUQzR0HWfuEOpNq6ZgWam
B+WSec1w0okw2NdIt7qMwFghkQ+vZyB9ecwAiVPe7pBP2yt3cVSOqNlDQBboN2b+
JE+7QLCsTQ==
-----END CERTIFICATE-----