Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/hmdXn-dB-sMpnUGRvAONcQxDg3g.cer
File:                     hmdXn-dB-sMpnUGRvAONcQxDg3g.cer (raw, json)
Hash identifier:          M9XVlTHZX9fWMWUahMMA3AtN1lyI2pXJ1qPua7gBWoY=
Subject key identifier:   86:67:57:9F:E7:41:FA:C3:29:9D:41:91:BC:03:8D:71:0C:43:83:78
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8705E9ED08013FA25FFAD06EDB19C6A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/13/3bf430-00b1-4853-a239-2f165418eb68/1/hmdXn-dB-sMpnUGRvAONcQxDg3g.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/13/3bf430-00b1-4853-a239-2f165418eb68/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 04:30:56 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 198015

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:5e:9e:d0:80:13:fa:25:ff:ad:06:ed:b1:9c:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8667579fe741fac3299d4191bc038d710c438378
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:6e:e2:40:b6:e3:4a:0e:6f:d1:49:b0:1d:ce:
                    39:d3:f9:3c:a9:e5:d1:42:76:81:a9:e7:c3:77:c3:
                    59:c3:5a:81:d0:00:d7:9f:e3:3f:a1:2d:bc:eb:c3:
                    05:be:bd:55:ac:a8:b8:ab:18:03:4d:8b:19:7c:2a:
                    01:d5:a0:62:5f:cb:e2:89:be:31:03:94:6f:03:46:
                    d3:a3:3c:00:04:1d:27:1b:c0:bd:9c:15:32:47:fd:
                    f8:f7:c7:34:c3:ee:34:e3:bf:b4:ec:77:aa:33:96:
                    26:2c:c9:c8:97:62:fa:00:74:58:87:a4:ca:9b:70:
                    4a:ea:c0:ee:5e:15:bf:77:90:44:70:99:f3:4d:aa:
                    d2:10:b0:d3:17:11:a0:66:73:0e:d2:72:2a:8b:9f:
                    e7:ee:b8:5b:55:ac:26:d3:f7:69:c4:e7:40:55:57:
                    60:90:a0:b3:51:35:1f:b1:e7:f1:bc:77:c9:31:b4:
                    36:ab:b1:1a:94:f3:f5:f8:c2:09:ac:d4:bc:a6:f0:
                    46:9a:f9:55:da:92:23:70:fa:c6:34:ec:5f:d3:64:
                    ec:40:71:a6:fb:e4:2e:14:cb:d0:4b:6d:ee:7d:fc:
                    38:52:d9:49:c1:75:b0:49:37:d0:60:2d:c9:9b:87:
                    8c:b3:7c:81:62:24:86:40:f6:44:b7:58:87:80:35:
                    3f:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:67:57:9F:E7:41:FA:C3:29:9D:41:91:BC:03:8D:71:0C:43:83:78
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/3bf430-00b1-4853-a239-2f165418eb68/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/3bf430-00b1-4853-a239-2f165418eb68/1/hmdXn-dB-sMpnUGRvAONcQxDg3g.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198015

    Signature Algorithm: sha256WithRSAEncryption
         0a:72:dc:ed:74:4f:24:dc:b0:84:58:06:d5:4e:83:06:12:7d:
         4d:b6:03:3a:bb:5f:9c:8f:bf:c6:da:9d:a1:5f:f0:f6:fc:80:
         94:37:d0:07:21:02:36:64:80:34:f5:29:32:99:51:d2:90:b0:
         fe:20:ad:e4:f7:8d:59:06:97:1f:41:16:5b:ef:e3:f9:bc:b5:
         d1:e3:86:ed:fb:6b:97:44:e7:21:b5:4a:b0:92:ac:f6:ae:13:
         b5:9a:c1:2a:30:f6:6e:5d:b3:a0:c5:ad:17:1f:99:f9:9d:fe:
         77:65:a0:d2:42:6b:9d:5f:34:14:6a:be:91:06:6b:0e:9b:ee:
         47:0b:da:03:e9:e5:77:93:4e:da:95:80:73:8f:c0:5d:20:ea:
         fa:12:30:4c:92:6c:c0:e5:4e:7b:78:5a:ae:ee:bf:0d:99:88:
         6c:29:d2:e7:a9:df:84:e3:04:72:57:95:74:3e:16:b2:d6:31:
         e8:2f:d2:e7:d9:b2:06:2f:13:bf:7a:06:2a:55:8d:34:16:5d:
         98:a2:2b:af:fd:08:d8:c7:fc:52:e2:c4:a2:fe:c9:a4:53:74:
         eb:af:96:a0:37:b7:3a:86:6e:1e:73:c5:48:10:dd:eb:8c:20:
         c4:e3:e2:bc:ba:c8:e0:2e:25:5f:b9:ca:ca:02:3c:f0:17:06:
         9a:67:19:01
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzIcF6e0IAT+iX/rQbtsZxqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDQzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjY3NTc5ZmU3NDFmYWMzMjk5ZDQxOTFiYzAzOGQ3MTBjNDM4Mzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz27iQLbjSg5v0UmwHc450/k8qeXR
QnaBqefDd8NZw1qB0ADXn+M/oS2868MFvr1VrKi4qxgDTYsZfCoB1aBiX8viib4x
A5RvA0bTozwABB0nG8C9nBUyR/3498c0w+4047+07HeqM5YmLMnIl2L6AHRYh6TK
m3BK6sDuXhW/d5BEcJnzTarSELDTFxGgZnMO0nIqi5/n7rhbVawm0/dpxOdAVVdg
kKCzUTUfsefxvHfJMbQ2q7EalPP1+MIJrNS8pvBGmvlV2pIjcPrGNOxf02TsQHGm
++QuFMvQS23uffw4UtlJwXWwSTfQYC3Jm4eMs3yBYiSGQPZEt1iHgDU/ZwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFIZnV5/nQfrDKZ1BkbwDjXEMQ4N4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEzLzNiZjQz
MC0wMGIxLTQ4NTMtYTIzOS0yZjE2NTQxOGViNjgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTMvM2JmNDMw
LTAwYjEtNDg1My1hMjM5LTJmMTY1NDE4ZWI2OC8xL2htZFhuLWRCLXNNcG5VR1J2
QU9OY1F4RGczZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMFfzANBgkqhkiG9w0BAQsFAAOCAQEACnLc7XRPJNyw
hFgG1U6DBhJ9TbYDOrtfnI+/xtqdoV/w9vyAlDfQByECNmSANPUpMplR0pCw/iCt
5PeNWQaXH0EWW+/j+by10eOG7ftrl0TnIbVKsJKs9q4TtZrBKjD2bl2zoMWtFx+Z
+Z3+d2Wg0kJrnV80FGq+kQZrDpvuRwvaA+nld5NO2pWAc4/AXSDq+hIwTJJswOVO
e3haru6/DZmIbCnS56nfhOMEcleVdD4WstYx6C/S59myBi8Tv3oGKlWNNBZdmKIr
r/0I2Mf8UuLEov7JpFN066+WoDe3OoZuHnPFSBDd64wgxOPivLrI4C4lX7nKygI8
8BcGmmcZAQ==
-----END CERTIFICATE-----