Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ghIZRpxt92z0dvJ0zc8n5S-PDfg.cer
File:                     ghIZRpxt92z0dvJ0zc8n5S-PDfg.cer (raw, json)
Hash identifier:          Tsnams1ltHj+Xd23ouCUjezs3/OYR/jEi5P6X5nur6Y=
Subject key identifier:   82:12:19:46:9C:6D:F7:6C:F4:76:F2:74:CD:CF:27:E5:2F:8F:0D:F8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCFA9C8A38CF4E86989D4D3D113665EA7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7d/a1a11d-11fb-4424-8cd4-0daa0704b992/1/ghIZRpxt92z0dvJ0zc8n5S-PDfg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7d/a1a11d-11fb-4424-8cd4-0daa0704b992/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 03 Jan 2024 14:10:59 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 188.65.160.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:cf:a9:c8:a3:8c:f4:e8:69:89:d4:d3:d1:13:66:5e:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  3 14:10:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=821219469c6df76cf476f274cdcf27e52f8f0df8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ca:af:cf:ef:72:93:05:c0:f4:df:9d:6b:87:
                    8d:5e:81:91:f6:2e:f1:ec:39:ee:b1:17:e6:ad:f4:
                    6d:39:55:d2:1b:60:7f:4a:16:5a:2c:f4:f9:79:32:
                    2b:74:de:08:fe:86:98:79:90:92:6a:29:9a:ee:40:
                    03:4b:4f:dd:10:7d:15:e8:89:24:fd:94:8a:22:8b:
                    77:91:3e:13:05:6f:16:8e:9f:c4:34:18:e9:e0:fa:
                    81:c7:ff:62:1f:2c:3d:73:40:2a:95:e7:85:04:3b:
                    f9:1a:71:ac:04:ca:cf:d3:19:40:06:10:e2:86:c7:
                    bc:3d:89:d4:fd:93:a1:df:18:92:07:65:05:5a:3f:
                    b8:f0:6b:6a:42:8a:2d:52:0e:5c:fe:d3:47:14:47:
                    43:c6:86:26:6d:0b:4d:72:5e:80:32:91:7f:9d:87:
                    9b:69:95:30:51:34:2a:d0:05:4f:19:de:3d:b2:9b:
                    3f:18:65:cc:d1:72:88:66:b8:62:60:2e:d3:68:59:
                    43:63:67:c9:b5:e4:37:61:f8:ee:24:8e:d9:9d:9f:
                    7d:e3:73:06:a8:69:32:49:16:78:3e:f4:c5:ab:0c:
                    3f:8b:13:32:1b:2c:45:51:f4:e1:46:ff:6c:12:e1:
                    ba:14:69:a7:72:e6:54:71:9b:7b:44:1a:69:c0:ed:
                    27:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:12:19:46:9C:6D:F7:6C:F4:76:F2:74:CD:CF:27:E5:2F:8F:0D:F8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a1a11d-11fb-4424-8cd4-0daa0704b992/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a1a11d-11fb-4424-8cd4-0daa0704b992/1/ghIZRpxt92z0dvJ0zc8n5S-PDfg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.65.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:02:f6:f7:66:0d:4f:24:e7:c3:89:28:41:b9:ae:c7:73:5a:
         24:e6:f7:01:32:06:3d:bf:a3:3e:70:a5:21:42:e0:4a:b9:d8:
         69:1c:2d:57:28:2a:bd:63:98:7a:e2:09:6c:f6:93:18:d6:55:
         d1:12:1e:0f:53:71:44:51:70:20:4d:6f:95:f3:54:b3:55:07:
         d7:7d:59:e8:ff:38:4d:f2:60:7c:12:bf:c5:3d:ac:a8:8c:f2:
         1a:b4:2e:ee:6b:26:67:7f:00:81:01:26:18:8f:ec:5b:af:5d:
         6a:44:dd:4c:f9:6c:17:af:a5:c5:32:65:f0:9e:77:90:fe:74:
         f7:9c:1d:33:c8:43:12:fd:2e:2b:07:7e:79:da:45:80:31:25:
         e7:41:d1:b9:4e:eb:77:09:e4:3e:84:a9:93:50:90:77:b3:4d:
         cd:68:2d:6d:4a:f6:ad:14:99:b5:10:7d:51:fb:8b:07:9f:88:
         ad:16:03:ac:97:0d:5c:06:be:91:89:fb:bf:dc:32:13:a5:f6:
         29:d5:63:33:98:93:4e:cf:54:fa:e5:c8:1c:d0:e6:94:e5:3f:
         c9:83:a9:64:69:60:de:03:54:85:1b:7e:e6:ff:23:0a:22:92:
         40:cd:8a:7c:c8:32:3a:55:c7:1a:cf:4f:d8:66:5e:3b:cd:9f:
         fd:08:da:87
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzPqcijjPToaYnU09ETZl6nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAzMTQxMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjEyMTk0NjljNmRmNzZjZjQ3NmYyNzRjZGNmMjdlNTJmOGYwZGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucqvz+9ykwXA9N+da4eNXoGR9i7x
7DnusRfmrfRtOVXSG2B/ShZaLPT5eTIrdN4I/oaYeZCSaima7kADS0/dEH0V6Ikk
/ZSKIot3kT4TBW8Wjp/ENBjp4PqBx/9iHyw9c0AqleeFBDv5GnGsBMrP0xlABhDi
hse8PYnU/ZOh3xiSB2UFWj+48GtqQootUg5c/tNHFEdDxoYmbQtNcl6AMpF/nYeb
aZUwUTQq0AVPGd49sps/GGXM0XKIZrhiYC7TaFlDY2fJteQ3YfjuJI7ZnZ9943MG
qGkySRZ4PvTFqww/ixMyGyxFUfThRv9sEuG6FGmncuZUcZt7RBppwO0nPwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFIISGUacbfds9HbydM3PJ+Uvjw34MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdkL2ExYTEx
ZC0xMWZiLTQ0MjQtOGNkNC0wZGFhMDcwNGI5OTIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2QvYTFhMTFk
LTExZmItNDQyNC04Y2Q0LTBkYWEwNzA0Yjk5Mi8xL2doSVpScHh0OTJ6MGR2SjB6
YzhuNVMtUERmZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAvEGgMA0GCSqGSIb3DQEBCwUAA4IBAQACAvb3
Zg1PJOfDiShBua7Hc1ok5vcBMgY9v6M+cKUhQuBKudhpHC1XKCq9Y5h64gls9pMY
1lXREh4PU3FEUXAgTW+V81SzVQfXfVno/zhN8mB8Er/FPayojPIatC7uayZnfwCB
ASYYj+xbr11qRN1M+WwXr6XFMmXwnneQ/nT3nB0zyEMS/S4rB3552kWAMSXnQdG5
Tut3CeQ+hKmTUJB3s03NaC1tSvatFJm1EH1R+4sHn4itFgOslw1cBr6Rifu/3DIT
pfYp1WMzmJNOz1T65cgc0OaU5T/Jg6lkaWDeA1SFG37m/yMKIpJAzYp8yDI6Vcca
z0/YZl47zZ/9CNqH
-----END CERTIFICATE-----