Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/gd8f5SA1TdO7PpJkp2z1PrB9sHI.cer
File:                     gd8f5SA1TdO7PpJkp2z1PrB9sHI.cer (raw, json)
Hash identifier:          h87gFQS8P0Zzce99cYiW1N7/qh0s8VPYfuG8Z05Z2+E=
Subject key identifier:   81:DF:1F:E5:20:35:4D:D3:BB:3E:92:64:A7:6C:F5:3E:B0:7D:B0:72
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DB3328C431AFE964EE36801DBADF73
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/88/ad975c-2011-4b9c-ad3e-53f07b1f621e/1/gd8f5SA1TdO7PpJkp2z1PrB9sHI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/88/ad975c-2011-4b9c-ad3e-53f07b1f621e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:54 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 210086
                          IP: 85.117.248.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:33:28:c4:31:af:e9:64:ee:36:80:1d:ba:df:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81df1fe520354dd3bb3e9264a76cf53eb07db072
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:98:9f:dd:16:eb:07:6c:ba:82:be:07:2d:40:
                    4c:34:52:11:a4:4d:83:69:de:58:47:2c:2f:6c:26:
                    45:06:06:4d:7f:fd:49:02:6a:9c:24:7a:32:4a:d2:
                    7e:0a:4c:b0:7f:10:ef:b6:43:81:20:5c:79:e3:c0:
                    ae:ad:a8:78:e9:a3:d2:af:d0:c2:90:d6:df:d0:e1:
                    fb:0f:ae:58:c8:14:66:5e:78:0d:ba:05:6d:77:a0:
                    d7:db:dc:5f:7e:87:64:a3:3c:eb:cc:69:c3:f2:e1:
                    e3:bc:b5:da:44:fe:92:45:8b:1c:eb:68:98:0f:c3:
                    50:ca:5a:f2:29:5e:0c:5b:5b:c9:24:d9:e9:7c:21:
                    1e:c6:73:48:2d:d7:14:11:16:d7:0e:7e:eb:75:4b:
                    15:45:5f:2e:30:33:f5:56:bb:07:dd:16:5d:b2:d0:
                    a7:c6:f3:de:98:fb:aa:d0:8f:1a:ce:57:01:97:83:
                    6d:76:7d:06:d0:80:a6:6b:ee:54:ab:1d:7c:ac:62:
                    11:68:22:b8:d5:37:7d:05:c6:f9:2e:03:6c:37:0a:
                    4a:c8:be:07:9c:5a:f8:b7:b7:07:d0:98:18:71:d5:
                    6e:76:14:98:9c:65:2b:f2:0b:d5:59:40:0d:f5:66:
                    91:1b:2b:4f:24:11:5f:8d:d3:22:f1:da:ff:b7:0c:
                    ed:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:DF:1F:E5:20:35:4D:D3:BB:3E:92:64:A7:6C:F5:3E:B0:7D:B0:72
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/ad975c-2011-4b9c-ad3e-53f07b1f621e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/ad975c-2011-4b9c-ad3e-53f07b1f621e/1/gd8f5SA1TdO7PpJkp2z1PrB9sHI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.117.248.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210086

    Signature Algorithm: sha256WithRSAEncryption
         10:90:e6:eb:1b:92:aa:db:59:78:68:f7:0c:f9:43:a6:a8:09:
         7e:8f:a0:57:c4:09:57:84:55:b1:74:bc:ed:56:29:b4:2a:06:
         4a:d3:e1:4a:c8:a0:0d:70:a3:56:d7:dd:6e:88:b8:11:3e:1b:
         6d:db:27:8b:46:56:0d:ee:e8:31:79:78:c4:f0:2a:d0:5c:23:
         63:05:11:c1:8e:e4:74:8d:ef:9c:ff:25:40:63:c4:d4:65:83:
         cb:6a:30:46:ec:0a:ce:17:8e:8b:96:29:4d:67:a5:45:93:4d:
         12:ad:43:d2:62:5b:2f:83:a7:4e:4a:b9:8f:e8:85:3a:4f:30:
         b6:f8:5f:e8:7e:13:d3:68:00:84:4a:04:90:54:60:1c:ca:fe:
         72:3d:36:0a:1a:a7:a9:9c:5b:4d:9e:ba:34:86:0d:c0:f4:dc:
         53:a1:5c:31:bd:fc:c0:61:8b:72:b0:9e:fd:a7:a6:b4:4d:c5:
         f1:b6:2d:3f:c0:1a:63:ee:8f:3b:dc:f1:81:2f:c4:f2:f9:b0:
         cb:4d:1c:62:8a:1d:50:84:12:be:4d:e0:04:a1:1c:18:a8:a0:
         8c:4d:c9:dd:4a:81:69:64:b1:5c:c5:8c:dc:c3:7a:84:64:2a:
         bc:07:f5:8b:d2:53:47:2b:24:a6:6c:6b:75:65:1c:0d:3e:14:
         a2:c1:f5:d0
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzC2zMoxDGv6WTuNoAdut9zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWRmMWZlNTIwMzU0ZGQzYmIzZTkyNjRhNzZjZjUzZWIwN2RiMDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJif3RbrB2y6gr4HLUBMNFIRpE2D
ad5YRywvbCZFBgZNf/1JAmqcJHoyStJ+CkywfxDvtkOBIFx548Curah46aPSr9DC
kNbf0OH7D65YyBRmXngNugVtd6DX29xffodkozzrzGnD8uHjvLXaRP6SRYsc62iY
D8NQylryKV4MW1vJJNnpfCEexnNILdcUERbXDn7rdUsVRV8uMDP1VrsH3RZdstCn
xvPemPuq0I8azlcBl4Ntdn0G0ICma+5Uqx18rGIRaCK41Td9Bcb5LgNsNwpKyL4H
nFr4t7cH0JgYcdVudhSYnGUr8gvVWUAN9WaRGytPJBFfjdMi8dr/twztoQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFIHfH+UgNU3Tuz6SZKds9T6wfbByMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg4L2FkOTc1
Yy0yMDExLTRiOWMtYWQzZS01M2YwN2IxZjYyMWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODgvYWQ5NzVj
LTIwMTEtNGI5Yy1hZDNlLTUzZjA3YjFmNjIxZS8xL2dkOGY1U0ExVGRPN1BwSmtw
MnoxUHJCOXNISS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCVXX4MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwM0pjANBgkqhkiG9w0BAQsFAAOCAQEAEJDm6xuSqttZeGj3DPlDpqgJfo+gV8QJ
V4RVsXS87VYptCoGStPhSsigDXCjVtfdboi4ET4bbdsni0ZWDe7oMXl4xPAq0Fwj
YwURwY7kdI3vnP8lQGPE1GWDy2owRuwKzheOi5YpTWelRZNNEq1D0mJbL4OnTkq5
j+iFOk8wtvhf6H4T02gAhEoEkFRgHMr+cj02ChqnqZxbTZ66NIYNwPTcU6FcMb38
wGGLcrCe/aemtE3F8bYtP8AaY+6PO9zxgS/E8vmwy00cYoodUIQSvk3gBKEcGKig
jE3J3UqBaWSxXMWM3MN6hGQqvAf1i9JTRyskpmxrdWUcDT4UosH10A==
-----END CERTIFICATE-----