Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fduZ9z57WCw1KJDjrVeF02efiJE.cer
File:                     fduZ9z57WCw1KJDjrVeF02efiJE.cer (raw, json)
Hash identifier:          PPg3RfkCh+gfxiLyzV0XuLM8LtgVQB65MqYkqx+B95E=
Subject key identifier:   7D:DB:99:F7:3E:7B:58:2C:35:28:90:E3:AD:57:85:D3:67:9F:88:91
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC9BBFE3E841E4292B173843CE7E983D9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/b64c075f-eb10-4426-bb40-3a833fe0f9fb/1/7DDB99F73E7B582C352890E3AD5785D3679F8891.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/b64c075f-eb10-4426-bb40-3a833fe0f9fb/1
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 10:33:09 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 210397

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:fe:3e:84:1e:42:92:b1:73:84:3c:e7:e9:83:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 10:33:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ddb99f73e7b582c352890e3ad5785d3679f8891
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:4f:38:bd:b2:25:ab:20:56:be:39:58:21:0b:
                    5c:64:61:a0:9b:d0:8b:37:4b:34:cd:66:2a:e5:b0:
                    fd:63:25:2c:65:39:2f:c1:86:31:c6:a5:80:ac:00:
                    ed:78:bc:9f:1b:42:e6:26:5c:47:05:7b:91:16:9b:
                    b4:03:ca:92:98:dd:6a:69:64:60:52:4e:6d:73:79:
                    89:a9:9d:6f:88:50:33:da:34:4a:e4:c2:37:94:e3:
                    f7:70:eb:e1:8c:61:1d:32:97:cc:d9:b3:0b:9a:05:
                    cc:6b:41:63:5e:d7:12:44:71:8c:44:3a:da:45:35:
                    3e:47:59:45:7f:f6:56:44:70:42:99:b8:2c:63:30:
                    18:80:97:89:e2:a6:f6:3a:26:8d:7f:2f:1b:bc:05:
                    af:ef:cf:ee:08:58:8f:31:be:9d:1d:e1:3c:b3:f6:
                    32:90:76:5c:1c:2a:a2:71:d7:e0:82:c1:e9:d9:a5:
                    69:7f:3d:dc:9f:3e:99:27:d7:7e:a3:38:1c:1d:b5:
                    0f:64:34:5d:73:d4:6c:e9:0c:df:3a:6a:8d:93:d8:
                    86:3a:77:7d:4f:51:b1:3f:59:5c:73:1a:58:e3:c4:
                    dd:72:7a:f2:f4:ac:51:88:90:c1:55:c2:3b:14:00:
                    e0:5e:31:75:ab:0b:03:1f:e9:e8:e5:14:24:f6:7d:
                    03:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:DB:99:F7:3E:7B:58:2C:35:28:90:E3:AD:57:85:D3:67:9F:88:91
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/b64c075f-eb10-4426-bb40-3a833fe0f9fb/1
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/b64c075f-eb10-4426-bb40-3a833fe0f9fb/1/7DDB99F73E7B582C352890E3AD5785D3679F8891.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210397

    Signature Algorithm: sha256WithRSAEncryption
         3f:cd:e5:6b:0a:95:aa:eb:ab:6d:a8:26:83:af:1d:8d:1a:cc:
         22:4d:eb:4b:22:bd:7d:e5:8d:9c:95:3f:0b:bb:c9:f8:41:ad:
         15:e4:55:49:a1:e8:4c:60:7f:96:f4:22:00:ba:4a:5e:f6:ce:
         53:24:a7:dc:93:a2:03:87:49:32:37:2a:27:b4:d4:c0:97:13:
         f3:27:7d:db:2f:07:9f:c8:b0:6a:70:fe:4e:0a:20:08:1a:eb:
         bf:fe:a7:64:05:c5:6d:08:6a:18:d3:41:f6:44:63:d9:0c:c4:
         4b:08:a4:05:59:8e:bb:7d:d5:87:7d:cf:60:c3:e3:65:c3:6d:
         b8:52:bd:7e:e0:e5:d8:97:83:4b:49:21:dd:ce:72:9f:cc:d5:
         9a:af:48:66:d8:12:d7:bb:d8:16:8b:4a:fd:b4:e6:49:65:8e:
         b6:d3:93:05:fb:81:97:1c:5a:c7:cc:cc:7a:1b:f0:77:28:3d:
         5d:4e:da:b4:e2:28:68:12:a2:cd:aa:d9:d0:39:07:ec:7d:95:
         47:1e:36:fe:ad:0d:31:ec:58:f3:0f:32:bd:90:b4:4c:87:0f:
         6c:ad:8a:32:04:e7:5a:9a:0b:3a:ab:ae:63:33:a7:36:85:ef:
         b1:02:15:27:bc:0a:03:b3:73:7a:fa:b0:9c:0c:4b:9a:a7:ab:
         7c:4a:4b:42
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgISAYzJu/4+hB5CkrFzhDzn6YPZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTAzMzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGRiOTlmNzNlN2I1ODJjMzUyODkwZTNhZDU3ODVkMzY3OWY4ODkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsU84vbIlqyBWvjlYIQtcZGGgm9CL
N0s0zWYq5bD9YyUsZTkvwYYxxqWArADteLyfG0LmJlxHBXuRFpu0A8qSmN1qaWRg
Uk5tc3mJqZ1viFAz2jRK5MI3lOP3cOvhjGEdMpfM2bMLmgXMa0FjXtcSRHGMRDra
RTU+R1lFf/ZWRHBCmbgsYzAYgJeJ4qb2OiaNfy8bvAWv78/uCFiPMb6dHeE8s/Yy
kHZcHCqicdfggsHp2aVpfz3cnz6ZJ9d+ozgcHbUPZDRdc9Rs6QzfOmqNk9iGOnd9
T1GxP1lccxpY48Tdcnry9KxRiJDBVcI7FADgXjF1qwsDH+no5RQk9n0DTQIDAQAB
o4ICmjCCApYwHQYDVR0OBBYEFH3bmfc+e1gsNSiQ461XhdNnn4iRMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE+BggrBgEFBQcBCwSCATAwggEsMF4GCCsGAQUFBzAFhlJy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2I2NGMw
NzVmLWViMTAtNDQyNi1iYjQwLTNhODMzZmUwZjlmYi8xMIGLBggrBgEFBQcwCoZ/
cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9iNjRj
MDc1Zi1lYjEwLTQ0MjYtYmI0MC0zYTgzM2ZlMGY5ZmIvMS83RERCOTlGNzNFN0I1
ODJDMzUyODkwRTNBRDU3ODVEMzY3OUY4ODkxLm1mdDA8BggrBgEFBQcwDYYwaHR0
cHM6Ly9ycmRwLnBhYXMucnBraS5yaXBlLm5ldC9ub3RpZmljYXRpb24ueG1sMFkG
A1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNybDAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwM13TAN
BgkqhkiG9w0BAQsFAAOCAQEAP83lawqVquurbagmg68djRrMIk3rSyK9feWNnJU/
C7vJ+EGtFeRVSaHoTGB/lvQiALpKXvbOUySn3JOiA4dJMjcqJ7TUwJcT8yd92y8H
n8iwanD+TgogCBrrv/6nZAXFbQhqGNNB9kRj2QzESwikBVmOu33Vh33PYMPjZcNt
uFK9fuDl2JeDS0kh3c5yn8zVmq9IZtgS17vYFotK/bTmSWWOttOTBfuBlxxax8zM
ehvwdyg9XU7atOIoaBKizarZ0DkH7H2VRx42/q0NMexY8w8yvZC0TIcPbK2KMgTn
WpoLOquuYzOnNoXvsQIVJ7wKA7NzevqwnAxLmqerfEpLQg==
-----END CERTIFICATE-----