Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fZbkzCmFWohmf6mONSkt_v_6nX8.cer
File:                     fZbkzCmFWohmf6mONSkt_v_6nX8.cer (raw, json)
Hash identifier:          AG5cx3Zv1WG/tjQxsAQfWno6sEMpn7uxkxC9YkVWcS8=
Subject key identifier:   7D:96:E4:CC:29:85:5A:88:66:7F:A9:8E:35:29:2D:FE:FF:FA:9D:7F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01935E36E948EADB9166844C3A5647740A3A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ff/93143a-44b0-4e13-8947-e20a3197e79f/1/fZbkzCmFWohmf6mONSkt_v_6nX8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ff/93143a-44b0-4e13-8947-e20a3197e79f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 24 Nov 2024 12:47:57 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.246.31.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:5e:36:e9:48:ea:db:91:66:84:4c:3a:56:47:74:0a:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Nov 24 12:47:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d96e4cc29855a88667fa98e35292dfefffa9d7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:ae:c3:c0:9a:39:9e:36:40:44:f8:ed:58:e3:
                    c9:23:57:fb:09:70:cc:0d:86:d4:92:05:95:d4:63:
                    10:da:fb:de:d0:1e:ff:92:98:18:e9:1f:92:4b:a2:
                    7e:7f:c4:a8:ed:28:07:ae:42:cf:46:4c:ed:d7:e3:
                    49:6b:54:79:49:cb:17:eb:9a:18:85:1f:b0:3f:d7:
                    74:c6:98:f9:77:41:80:2f:65:5b:42:f7:3d:c0:c3:
                    68:28:08:81:df:f5:29:f3:8f:e9:26:92:ab:12:38:
                    12:25:aa:d8:20:34:1f:ae:6c:40:49:20:31:ec:25:
                    68:f5:4b:66:b3:66:d1:8e:67:1a:41:93:eb:56:1d:
                    ca:e8:6f:c1:d5:0e:00:ca:f3:a3:4b:83:8c:87:f9:
                    1d:2a:16:6a:29:24:0d:30:c0:b3:6d:19:0b:c9:9b:
                    95:59:1d:7d:d6:b7:f7:ad:03:91:a3:05:8c:55:ba:
                    2f:2d:f1:ca:b6:f0:03:23:a6:ab:9f:34:e0:1e:11:
                    97:bc:ea:b3:d3:3d:91:76:aa:e8:f1:78:fe:6f:06:
                    a9:14:31:e1:8b:59:d0:4f:b6:fd:e7:ca:f9:a8:b2:
                    55:a9:71:ca:cd:d7:d4:07:18:b7:41:4b:04:aa:4c:
                    c5:85:39:d3:dd:b0:7a:34:75:1e:86:86:55:ff:12:
                    54:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:96:E4:CC:29:85:5A:88:66:7F:A9:8E:35:29:2D:FE:FF:FA:9D:7F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/93143a-44b0-4e13-8947-e20a3197e79f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/93143a-44b0-4e13-8947-e20a3197e79f/1/fZbkzCmFWohmf6mONSkt_v_6nX8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.246.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:95:91:df:5d:d3:e2:ab:d7:7c:69:84:5b:f3:d8:5a:6b:41:
         7f:d5:d2:46:b1:2c:5b:36:9a:cd:a8:a3:9e:28:f5:91:be:eb:
         54:9c:ff:e6:42:0f:68:c9:bc:76:f9:65:1e:06:87:38:19:1e:
         cc:08:3b:dc:bb:35:3f:7d:9a:ef:74:82:f5:cc:aa:2f:93:95:
         6e:41:e9:77:2f:23:91:82:c3:04:d0:91:20:f4:63:8f:f7:fc:
         67:87:64:0c:f8:eb:e2:51:32:bb:5c:68:57:8b:ed:61:de:1f:
         1d:35:d8:17:31:a2:91:ac:96:79:b3:62:ef:81:df:22:c2:9d:
         ac:ca:6c:f3:b4:2f:6e:0b:96:e6:78:c9:cc:bd:01:41:55:78:
         a3:87:ae:1a:ec:4c:f2:d8:14:2e:6a:5e:cd:5b:ab:1c:fe:64:
         a0:1b:8e:4b:e3:ee:51:01:5e:81:c3:2e:36:dd:30:84:f9:ab:
         62:76:16:72:99:1c:83:0d:80:8b:35:33:17:b5:e9:f6:e9:b1:
         a0:7a:2b:7d:54:3b:c3:7e:53:cf:f0:88:9b:96:d7:21:e5:55:
         63:e3:cd:65:b3:11:39:c8:c1:e5:b4:d0:a4:ca:17:bf:8a:1e:
         d8:8f:c8:d2:4b:af:ed:78:57:f9:6f:cf:b6:cc:b6:43:c4:83:
         3e:a4:68:39
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZNeNulI6tuRZoRMOlZHdAo6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQxMTI0MTI0NzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDk2ZTRjYzI5ODU1YTg4NjY3ZmE5OGUzNTI5MmRmZWZmZmE5ZDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3a7DwJo5njZARPjtWOPJI1f7CXDM
DYbUkgWV1GMQ2vve0B7/kpgY6R+SS6J+f8So7SgHrkLPRkzt1+NJa1R5ScsX65oY
hR+wP9d0xpj5d0GAL2VbQvc9wMNoKAiB3/Up84/pJpKrEjgSJarYIDQfrmxASSAx
7CVo9Utms2bRjmcaQZPrVh3K6G/B1Q4AyvOjS4OMh/kdKhZqKSQNMMCzbRkLyZuV
WR191rf3rQORowWMVbovLfHKtvADI6arnzTgHhGXvOqz0z2Rdqro8Xj+bwapFDHh
i1nQT7b958r5qLJVqXHKzdfUBxi3QUsEqkzFhTnT3bB6NHUehoZV/xJUYQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFH2W5MwphVqIZn+pjjUpLf7/+p1/MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZmLzkzMTQz
YS00NGIwLTRlMTMtODk0Ny1lMjBhMzE5N2U3OWYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmYvOTMxNDNh
LTQ0YjAtNGUxMy04OTQ3LWUyMGEzMTk3ZTc5Zi8xL2ZaYmt6Q21GV29obWY2bU9O
U2t0X3ZfNm5YOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW/YfMA0GCSqGSIb3DQEBCwUAA4IBAQCflZHf
XdPiq9d8aYRb89haa0F/1dJGsSxbNprNqKOeKPWRvutUnP/mQg9oybx2+WUeBoc4
GR7MCDvcuzU/fZrvdIL1zKovk5VuQel3LyORgsME0JEg9GOP9/xnh2QM+OviUTK7
XGhXi+1h3h8dNdgXMaKRrJZ5s2Lvgd8iwp2symzztC9uC5bmeMnMvQFBVXijh64a
7Ezy2BQual7NW6sc/mSgG45L4+5RAV6Bwy423TCE+atidhZymRyDDYCLNTMXten2
6bGgeit9VDvDflPP8Iibltch5VVj481lsxE5yMHltNCkyhe/ih7Yj8jSS6/teFf5
b8+2zLZDxIM+pGg5
-----END CERTIFICATE-----