Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/hNYNLcatgqJXDgAA_dmTlIvEVNg.cer
File:                     hNYNLcatgqJXDgAA_dmTlIvEVNg.cer (raw, json)
Hash identifier:          OCWHqzPukoCb8Vxf9AKts/R0YrpTidlYSYCCrvAaUqA=
Subject key identifier:   84:D6:0D:2D:C6:AD:82:A2:57:0E:00:00:FD:D9:93:94:8B:C4:54:D8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942067D7AF76E2AB4D8C4BEB27C8E6363A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/hNYNLcatgqJXDgAA_dmTlIvEVNg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 05:47:43 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.98.159.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 20:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:d7:af:76:e2:ab:4d:8c:4b:eb:27:c8:e6:36:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84d60d2dc6ad82a2570e0000fdd993948bc454d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b6:9a:06:f7:d9:3f:4b:97:4d:b4:19:21:45:
                    d6:10:7c:f9:18:f1:e4:0f:67:20:30:a9:9d:a4:02:
                    f4:df:e3:dc:e8:fb:14:37:e8:f1:9d:6d:9a:65:0c:
                    ba:56:01:70:af:57:c0:ae:a5:b6:d9:e9:84:5f:e1:
                    01:2f:7e:ab:6e:19:8c:7f:39:15:4c:cf:6c:35:49:
                    47:17:28:a6:f0:5a:80:02:a8:3f:f9:58:9b:40:ed:
                    9d:a3:ce:cd:f7:25:dd:d0:52:0f:47:3c:35:b1:32:
                    49:31:ba:95:d9:4f:3a:2c:52:31:5a:b1:c0:62:fa:
                    e2:4a:65:4a:c9:8c:96:88:4a:a8:8d:29:76:12:21:
                    6b:45:ae:1b:b9:8e:66:ff:52:17:a1:90:2f:13:ff:
                    87:98:e5:bd:04:23:ad:cd:5a:6e:84:9c:86:16:8d:
                    b0:97:b6:f9:f3:07:c3:7b:15:31:be:da:58:63:30:
                    19:24:8d:72:9e:6a:13:ca:20:a1:44:22:3b:77:67:
                    34:07:b4:78:fb:94:be:f5:a0:40:0b:74:23:c9:a3:
                    4b:21:e8:d6:0d:a1:4f:85:06:2c:48:69:16:93:b4:
                    49:31:aa:76:67:3f:eb:5f:7f:31:b2:43:62:c6:a8:
                    52:4f:45:ae:58:fb:25:69:32:7d:70:ac:60:35:59:
                    92:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:D6:0D:2D:C6:AD:82:A2:57:0E:00:00:FD:D9:93:94:8B:C4:54:D8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/hNYNLcatgqJXDgAA_dmTlIvEVNg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:3a:28:6c:36:65:a8:12:6e:7e:5f:77:00:9e:ec:49:44:99:
         d7:fd:91:f3:01:61:ca:63:cc:51:b2:90:ed:19:7d:b5:b4:2d:
         ff:12:62:b0:76:ca:d9:67:54:d8:02:f6:e7:7a:e7:7c:e4:ba:
         28:b1:c3:07:0e:9a:ea:3d:ca:fc:f2:a2:c4:93:b9:cc:73:6b:
         33:d3:b5:dd:2e:ca:4a:d2:66:50:87:08:c4:78:b6:70:8b:bb:
         88:02:7e:8c:c2:d2:46:14:ef:b1:f7:c4:79:b9:b6:41:ca:cb:
         f1:1a:40:ef:61:e7:be:9e:c4:b1:a3:3b:cc:ce:a7:9e:54:9b:
         70:c5:09:82:91:32:c4:85:30:b4:fe:38:8d:c6:9c:77:94:c0:
         50:d1:8a:72:d4:e1:35:24:bf:20:ad:21:1f:be:15:9d:ab:18:
         ff:e0:9e:5c:18:3b:9a:6e:13:fd:94:e7:78:ac:6e:92:dd:8f:
         dd:97:1d:10:22:f6:80:6a:6e:dc:e2:fa:e1:a4:70:b8:48:05:
         34:1f:5c:a4:3b:cc:f7:a0:7f:4e:b0:c8:e5:c4:5e:da:da:e6:
         b2:14:1a:64:dd:b6:1a:71:c8:ef:f3:e6:dc:07:81:b5:a2:4e:
         db:e7:8b:f0:d2:f5:26:24:2b:b6:fd:61:34:0a:a5:d9:5b:39:
         63:7b:c2:9b
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQgZ9evduKrTYxL6yfI5jY6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDU0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGQ2MGQyZGM2YWQ4MmEyNTcwZTAwMDBmZGQ5OTM5NDhiYzQ1NGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLaaBvfZP0uXTbQZIUXWEHz5GPHk
D2cgMKmdpAL03+Pc6PsUN+jxnW2aZQy6VgFwr1fArqW22emEX+EBL36rbhmMfzkV
TM9sNUlHFyim8FqAAqg/+VibQO2do87N9yXd0FIPRzw1sTJJMbqV2U86LFIxWrHA
YvriSmVKyYyWiEqojSl2EiFrRa4buY5m/1IXoZAvE/+HmOW9BCOtzVpuhJyGFo2w
l7b58wfDexUxvtpYYzAZJI1ynmoTyiChRCI7d2c0B7R4+5S+9aBAC3QjyaNLIejW
DaFPhQYsSGkWk7RJMap2Zz/rX38xskNixqhST0WuWPslaTJ9cKxgNVmSLQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFITWDS3GrYKiVw4AAP3Zk5SLxFTYMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc2LzUwZDlj
Ni1mMjRhLTQ0YWYtOGFlMC01NGY2YmM4NWFhYzAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzYvNTBkOWM2
LWYyNGEtNDRhZi04YWUwLTU0ZjZiYzg1YWFjMC8xL2hOWU5MY2F0Z3FKWERnQUFf
ZG1UbEl2RVZOZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAuWKfMA0GCSqGSIb3DQEBCwUAA4IBAQB8Oihs
NmWoEm5+X3cAnuxJRJnX/ZHzAWHKY8xRspDtGX21tC3/EmKwdsrZZ1TYAvbneud8
5LooscMHDprqPcr88qLEk7nMc2sz07XdLspK0mZQhwjEeLZwi7uIAn6MwtJGFO+x
98R5ubZBysvxGkDvYee+nsSxozvMzqeeVJtwxQmCkTLEhTC0/jiNxpx3lMBQ0Ypy
1OE1JL8grSEfvhWdqxj/4J5cGDuabhP9lOd4rG6S3Y/dlx0QIvaAam7c4vrhpHC4
SAU0H1ykO8z3oH9OsMjlxF7a2uayFBpk3bYaccjv8+bcB4G1ok7b54vw0vUmJCu2
/WE0CqXZWzlje8Kb
-----END CERTIFICATE-----