Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/h6rdkfbTF97tGoJo9_2wRWPHbQE.cer
File:                     h6rdkfbTF97tGoJo9_2wRWPHbQE.cer (raw, json)
Hash identifier:          JumJhW7DBuDtm9vAZFN2QA3njqKzYZH402sQwy448CE=
Subject key identifier:   87:AA:DD:91:F6:D3:17:DE:ED:1A:82:68:F7:FD:B0:45:63:C7:6D:01
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC7276B29E952FB55685BA5F31883ABFB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e6/0879b4-298b-4ec3-af08-a3300bbe2aaf/1/h6rdkfbTF97tGoJo9_2wRWPHbQE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e6/0879b4-298b-4ec3-af08-a3300bbe2aaf/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 22:31:38 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 210481

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:6b:29:e9:52:fb:55:68:5b:a5:f3:18:83:ab:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87aadd91f6d317deed1a8268f7fdb04563c76d01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:57:6b:da:6a:17:ef:71:a8:bf:2a:58:6c:10:
                    49:f3:2b:38:ba:2b:9c:c1:92:8f:d5:65:36:37:46:
                    4f:a7:76:ff:4e:30:af:59:86:90:1d:c0:30:83:e7:
                    05:f7:1b:92:b2:c4:b2:33:c2:9c:5c:fd:c3:2d:bb:
                    b9:a2:56:ab:51:3c:cb:b1:82:ae:a4:f6:c1:11:f4:
                    25:9e:8b:e9:90:07:48:9b:74:00:b5:47:19:85:cb:
                    a3:32:4d:32:0c:a1:7b:19:32:c8:13:9c:e5:0f:4c:
                    ee:4d:3e:a7:d9:8b:12:e8:68:98:b1:e8:44:5a:54:
                    2d:51:cc:b6:84:76:8d:62:47:18:37:78:91:97:d7:
                    8b:7c:e5:db:7e:d6:d7:d8:1c:50:83:f8:f2:bc:93:
                    d9:98:6c:91:e6:c9:8b:3b:83:1c:f9:1c:19:20:b1:
                    e7:e9:b2:fb:45:33:cd:4f:35:7d:f9:e9:e8:ac:e2:
                    47:38:e1:fa:bd:c2:30:14:d1:98:2c:0e:d2:87:09:
                    e6:82:73:6f:53:40:2c:3b:2c:86:e0:23:b7:2d:7d:
                    10:05:bb:3e:b6:39:af:57:d0:f5:04:9f:b9:ee:ec:
                    d9:e9:ca:83:ae:ec:b6:3a:dc:73:5e:da:70:db:7a:
                    89:8c:f8:ae:30:19:35:58:4d:40:0f:24:48:66:2c:
                    12:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:AA:DD:91:F6:D3:17:DE:ED:1A:82:68:F7:FD:B0:45:63:C7:6D:01
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/0879b4-298b-4ec3-af08-a3300bbe2aaf/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/0879b4-298b-4ec3-af08-a3300bbe2aaf/1/h6rdkfbTF97tGoJo9_2wRWPHbQE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210481

    Signature Algorithm: sha256WithRSAEncryption
         ac:e4:b1:c4:4b:f6:47:fa:5d:a4:2c:7e:fc:5f:ee:46:a3:f9:
         fd:9d:2d:12:f0:c5:70:1c:18:20:97:62:11:4a:10:8e:0c:cf:
         1e:c7:76:46:5c:a7:36:53:fd:c4:df:27:75:d6:61:52:a3:29:
         70:1f:96:5f:71:32:d3:f2:a8:5d:a7:cb:bf:71:8a:52:7c:8b:
         04:32:e1:a4:12:10:a5:cf:d4:b7:ea:43:79:4b:ab:7b:c8:17:
         94:77:eb:a1:df:9e:56:90:75:2e:c3:99:ad:02:7b:3d:7d:6a:
         26:f8:28:75:89:bf:6b:8f:02:1b:e2:2b:52:4b:0b:13:c7:f1:
         b3:20:25:57:aa:8a:4e:50:ac:01:b6:32:60:4d:7e:1a:83:d8:
         17:22:12:86:1d:db:35:cf:35:0d:e0:cc:67:a5:35:64:5a:6a:
         01:18:89:c8:36:0b:71:a6:f8:8a:a3:cf:ba:73:5e:e4:c7:64:
         2d:ca:93:9b:d2:d3:ca:57:bd:d9:b0:d7:ef:34:c4:41:fd:87:
         43:4f:1e:97:ec:f6:47:f5:54:6a:13:35:0c:52:53:77:d9:e5:
         10:94:dd:1d:1c:3d:91:7c:a0:ee:3c:e2:5d:33:17:94:8e:e9:
         dc:92:1a:c2:a9:78:b5:4b:59:3a:95:05:0e:db:f2:d1:dc:2b:
         22:e2:a5:6e
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzHJ2sp6VL7VWhbpfMYg6v7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjIzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2FhZGQ5MWY2ZDMxN2RlZWQxYTgyNjhmN2ZkYjA0NTYzYzc2ZDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1dr2moX73GovypYbBBJ8ys4uiuc
wZKP1WU2N0ZPp3b/TjCvWYaQHcAwg+cF9xuSssSyM8KcXP3DLbu5olarUTzLsYKu
pPbBEfQlnovpkAdIm3QAtUcZhcujMk0yDKF7GTLIE5zlD0zuTT6n2YsS6GiYsehE
WlQtUcy2hHaNYkcYN3iRl9eLfOXbftbX2BxQg/jyvJPZmGyR5smLO4Mc+RwZILHn
6bL7RTPNTzV9+enorOJHOOH6vcIwFNGYLA7ShwnmgnNvU0AsOyyG4CO3LX0QBbs+
tjmvV9D1BJ+57uzZ6cqDruy2OtxzXtpw23qJjPiuMBk1WE1ADyRIZiwSOQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFIeq3ZH20xfe7RqCaPf9sEVjx20BMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U2LzA4Nzli
NC0yOThiLTRlYzMtYWYwOC1hMzMwMGJiZTJhYWYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTYvMDg3OWI0
LTI5OGItNGVjMy1hZjA4LWEzMzAwYmJlMmFhZi8xL2g2cmRrZmJURjk3dEdvSm85
XzJ3UldQSGJRRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM2MTANBgkqhkiG9w0BAQsFAAOCAQEArOSxxEv2R/pd
pCx+/F/uRqP5/Z0tEvDFcBwYIJdiEUoQjgzPHsd2RlynNlP9xN8nddZhUqMpcB+W
X3Ey0/KoXafLv3GKUnyLBDLhpBIQpc/Ut+pDeUure8gXlHfrod+eVpB1LsOZrQJ7
PX1qJvgodYm/a48CG+IrUksLE8fxsyAlV6qKTlCsAbYyYE1+GoPYFyIShh3bNc81
DeDMZ6U1ZFpqARiJyDYLcab4iqPPunNe5MdkLcqTm9LTyle92bDX7zTEQf2HQ08e
l+z2R/VUahM1DFJTd9nlEJTdHRw9kXyg7jziXTMXlI7p3JIawql4tUtZOpUFDtvy
0dwrIuKlbg==
-----END CERTIFICATE-----