Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/frsTAxu1qUujKTO0JdyRUBYclSg.cer
File:                     frsTAxu1qUujKTO0JdyRUBYclSg.cer (raw, json)
Hash identifier:          FWuZE3jQrssN7CM64wtPoyu248CRZjvFID8QTmCnnnk=
Subject key identifier:   7E:BB:13:03:1B:B5:A9:4B:A3:29:33:B4:25:DC:91:50:16:1C:95:28
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941F8C201D081F20F9B52BB10EB1F23FA1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d3/2efb68-ff0e-44c1-aaa1-ecb1f29ccff2/1/frsTAxu1qUujKTO0JdyRUBYclSg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d3/2efb68-ff0e-44c1-aaa1-ecb1f29ccff2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 01:47:44 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 195.189.156.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:20:1d:08:1f:20:f9:b5:2b:b1:0e:b1:f2:3f:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ebb13031bb5a94ba32933b425dc9150161c9528
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:df:19:ea:77:8d:90:5a:d7:b2:a3:a1:82:69:
                    7c:40:86:4e:b1:1b:45:bf:69:4b:1a:db:c1:0f:bf:
                    74:39:be:0a:28:e7:ff:00:ba:92:78:9d:aa:bc:6a:
                    e2:ec:f6:15:1a:4a:98:59:78:96:ee:99:fa:e6:79:
                    ab:e5:9e:60:cd:c4:38:57:e5:b8:a9:2f:89:17:53:
                    12:43:15:ed:d7:90:a2:c6:9a:bf:ae:54:b6:d8:b0:
                    c5:31:2c:e6:66:e5:0b:da:ae:5b:cc:20:93:34:3b:
                    e2:b6:6c:51:56:5a:fe:a0:8d:cc:a0:53:58:87:fd:
                    3e:41:cd:2c:60:7c:e4:79:dd:14:77:4d:a2:6d:70:
                    72:e0:76:22:74:c0:61:7c:ff:e6:f3:fe:12:a8:c4:
                    f6:c9:09:dc:c2:63:a0:b1:a4:54:b4:29:ee:65:aa:
                    67:10:13:19:45:fd:43:a0:3c:3f:51:6a:7f:75:8f:
                    4d:b0:9d:92:8d:2f:6d:b7:51:4a:0a:61:16:87:d9:
                    7e:0e:c9:c1:1b:b3:02:0f:45:d1:d1:4c:52:b0:12:
                    52:25:35:5a:22:79:bf:4d:00:b0:38:36:8b:ea:da:
                    06:5b:a7:15:36:57:12:00:bc:19:f0:dc:28:9e:98:
                    54:41:28:31:5d:b2:c7:3c:86:db:29:d0:d3:e1:de:
                    6b:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:BB:13:03:1B:B5:A9:4B:A3:29:33:B4:25:DC:91:50:16:1C:95:28
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/2efb68-ff0e-44c1-aaa1-ecb1f29ccff2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/2efb68-ff0e-44c1-aaa1-ecb1f29ccff2/1/frsTAxu1qUujKTO0JdyRUBYclSg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.189.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:04:63:27:fa:7d:74:20:08:6f:f4:50:cf:7f:cc:17:e2:90:
         dd:a6:f3:6d:09:41:e3:cb:5b:d0:fd:ab:77:5a:88:02:03:c6:
         55:52:c6:e8:85:12:72:f1:05:ad:34:4f:12:a5:0a:09:d7:59:
         20:4c:1a:26:7d:5d:6d:bb:6b:66:b0:cc:0f:3d:3d:5b:87:b4:
         25:cf:c9:47:57:ee:fb:63:f0:da:52:02:3c:3c:a8:88:c7:b7:
         dc:c9:c1:6b:0d:0b:4c:3e:2f:4c:14:e5:50:d0:e8:31:b8:31:
         b6:2a:29:5b:32:21:88:19:90:d7:90:50:05:c6:b4:82:b3:b0:
         89:5a:59:e8:7f:88:a4:9c:c6:1d:3c:63:db:ce:63:2e:1a:7d:
         98:f2:26:91:bd:0d:12:bc:40:9f:41:4e:ef:d1:0c:f8:19:3f:
         2c:a9:0e:72:67:4d:21:65:42:27:09:d9:26:34:33:ea:bb:03:
         0f:22:cd:bc:e2:cb:83:54:15:57:d1:0a:29:7c:1c:4f:71:82:
         ce:b1:ad:98:e9:2f:68:77:20:de:86:8e:17:dd:fc:e9:79:82:
         77:38:b1:50:a7:3a:bc:b4:9a:48:f3:07:74:9d:0c:df:54:22:
         8c:dc:42:0d:66:d6:e7:75:a1:16:48:35:24:06:48:bd:79:98:
         96:ad:24:5f
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQfjCAdCB8g+bUrsQ6x8j+hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDE0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWJiMTMwMzFiYjVhOTRiYTMyOTMzYjQyNWRjOTE1MDE2MWM5NTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxN8Z6neNkFrXsqOhgml8QIZOsRtF
v2lLGtvBD790Ob4KKOf/ALqSeJ2qvGri7PYVGkqYWXiW7pn65nmr5Z5gzcQ4V+W4
qS+JF1MSQxXt15Cixpq/rlS22LDFMSzmZuUL2q5bzCCTNDvitmxRVlr+oI3MoFNY
h/0+Qc0sYHzked0Ud02ibXBy4HYidMBhfP/m8/4SqMT2yQncwmOgsaRUtCnuZapn
EBMZRf1DoDw/UWp/dY9NsJ2SjS9tt1FKCmEWh9l+DsnBG7MCD0XR0UxSsBJSJTVa
Inm/TQCwODaL6toGW6cVNlcSALwZ8NwonphUQSgxXbLHPIbbKdDT4d5rmQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFH67EwMbtalLoykztCXckVAWHJUoMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2QzLzJlZmI2
OC1mZjBlLTQ0YzEtYWFhMS1lY2IxZjI5Y2NmZjIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDMvMmVmYjY4
LWZmMGUtNDRjMS1hYWExLWVjYjFmMjljY2ZmMi8xL2Zyc1RBeHUxcVV1aktUTzBK
ZHlSVUJZY2xTZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAw72cMA0GCSqGSIb3DQEBCwUAA4IBAQCTBGMn
+n10IAhv9FDPf8wX4pDdpvNtCUHjy1vQ/at3WogCA8ZVUsbohRJy8QWtNE8SpQoJ
11kgTBomfV1tu2tmsMwPPT1bh7Qlz8lHV+77Y/DaUgI8PKiIx7fcycFrDQtMPi9M
FOVQ0OgxuDG2KilbMiGIGZDXkFAFxrSCs7CJWlnof4iknMYdPGPbzmMuGn2Y8iaR
vQ0SvECfQU7v0Qz4GT8sqQ5yZ00hZUInCdkmNDPquwMPIs284suDVBVX0QopfBxP
cYLOsa2Y6S9odyDeho4X3fzpeYJ3OLFQpzq8tJpI8wd0nQzfVCKM3EINZtbndaEW
SDUkBki9eZiWrSRf
-----END CERTIFICATE-----