Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ij8nyT77e7wLCv6OzCT3A50nUQg.cer
File:                     ij8nyT77e7wLCv6OzCT3A50nUQg.cer (raw, json)
Hash identifier:          W/epqqQTzCRapSot6RWhWl3AwWpEW9L0w6+Rx/+iGrc=
Subject key identifier:   8A:3F:27:C9:3E:FB:7B:BC:0B:0A:FE:8E:CC:24:F7:03:9D:27:51:08
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0190A5D866F7BAA962C5561DB9BF08206179
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/44/2c9a24-8560-4307-acc7-ebf834fe9a15/1/ij8nyT77e7wLCv6OzCT3A50nUQg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/44/2c9a24-8560-4307-acc7-ebf834fe9a15/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 12 Jul 2024 07:29:01 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 2001:67c:f00::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a5:d8:66:f7:ba:a9:62:c5:56:1d:b9:bf:08:20:61:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jul 12 07:29:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a3f27c93efb7bbc0b0afe8ecc24f7039d275108
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:05:cd:67:a3:0f:87:f1:25:72:f8:00:86:ed:
                    9f:dc:7d:21:7b:a2:65:6b:8b:0e:56:35:a9:d5:ca:
                    7c:2c:7f:cf:cf:4b:8c:c3:d5:18:95:d6:bc:6f:f3:
                    6a:b8:5f:e5:f5:88:57:1c:ae:50:c8:b4:19:19:98:
                    fc:e0:80:99:e7:1c:16:02:1f:6b:47:20:9d:dc:f0:
                    07:d0:7f:21:30:f4:92:40:d0:2f:f1:f1:a1:2a:66:
                    15:86:be:64:f8:c4:16:98:ad:44:9f:45:45:96:1f:
                    8d:8d:e9:7b:af:ea:dd:da:5a:6b:16:45:ba:0a:e7:
                    e2:f9:00:d1:f0:e3:08:7f:ae:f7:ae:0b:40:45:37:
                    18:ad:67:95:ba:fd:7f:a5:20:51:e9:b6:a0:4f:13:
                    f9:74:e9:cd:9a:94:28:98:59:c0:a4:a2:2b:0e:ea:
                    94:06:49:c0:38:f9:1b:21:a7:88:cd:c4:f9:59:f1:
                    f4:b4:59:94:46:4a:7e:b7:be:9d:d8:ff:a1:9c:7b:
                    24:a5:06:74:7d:15:5a:a4:70:1f:ee:9e:9b:77:f1:
                    ee:bc:0f:2e:6c:9c:0a:c0:d5:c3:64:a7:4f:dc:62:
                    4f:53:b9:9b:c4:9f:cf:69:5c:57:03:75:11:c9:0a:
                    a5:3e:db:91:81:76:bc:84:20:33:48:0b:10:97:22:
                    25:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:3F:27:C9:3E:FB:7B:BC:0B:0A:FE:8E:CC:24:F7:03:9D:27:51:08
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/2c9a24-8560-4307-acc7-ebf834fe9a15/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/2c9a24-8560-4307-acc7-ebf834fe9a15/1/ij8nyT77e7wLCv6OzCT3A50nUQg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:f00::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:99:e5:d3:f1:b9:15:55:84:56:56:4d:4e:76:2c:9e:b2:7d:
         1d:d9:36:1b:01:31:91:64:d8:49:6a:29:d9:bb:44:81:2f:f6:
         49:f9:de:3f:35:44:94:4a:7d:34:28:40:fd:e3:c4:0b:46:cc:
         94:3f:bb:8c:24:10:a1:3c:e9:2a:b6:f0:8f:76:f6:5b:3b:4a:
         ae:96:1b:64:05:7b:9f:38:ab:bf:59:73:22:93:b2:ee:a8:7f:
         66:01:0f:9c:21:6c:70:9a:2f:05:26:e3:e0:58:b8:b6:51:48:
         85:2f:a9:62:ee:00:1c:ca:73:46:45:10:76:fd:b9:71:6a:ec:
         7c:15:45:8e:fd:95:ea:df:6b:f9:10:f1:b2:ab:a2:71:14:05:
         6a:5b:f5:a3:39:85:8c:34:c3:0d:31:c1:82:1f:b4:40:23:83:
         62:d8:a5:23:14:4a:69:93:c1:cc:73:2d:69:aa:22:bc:2f:82:
         89:db:08:ed:4a:ae:0d:65:de:09:f8:9b:93:fd:8e:f8:88:2a:
         0e:0d:22:b1:e0:00:3e:cd:77:da:bd:47:0c:96:2a:39:e5:90:
         f0:d0:9b:d3:bb:13:8b:86:e4:f6:56:2c:22:92:3c:41:38:2a:
         ee:57:e3:29:0e:f7:fc:06:e6:73:9c:cd:37:8b:23:4a:8a:07:
         06:22:d6:71
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgISAZCl2Gb3uqlixVYdub8IIGF5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNzEyMDcyOTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTNmMjdjOTNlZmI3YmJjMGIwYWZlOGVjYzI0ZjcwMzlkMjc1MTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgXNZ6MPh/ElcvgAhu2f3H0he6Jl
a4sOVjWp1cp8LH/Pz0uMw9UYlda8b/NquF/l9YhXHK5QyLQZGZj84ICZ5xwWAh9r
RyCd3PAH0H8hMPSSQNAv8fGhKmYVhr5k+MQWmK1En0VFlh+Njel7r+rd2lprFkW6
Cufi+QDR8OMIf673rgtARTcYrWeVuv1/pSBR6bagTxP5dOnNmpQomFnApKIrDuqU
BknAOPkbIaeIzcT5WfH0tFmURkp+t76d2P+hnHskpQZ0fRVapHAf7p6bd/HuvA8u
bJwKwNXDZKdP3GJPU7mbxJ/PaVxXA3URyQqlPtuRgXa8hCAzSAsQlyIldwIDAQAB
o4IChzCCAoMwHQYDVR0OBBYEFIo/J8k++3u8Cwr+jswk9wOdJ1EIMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ0LzJjOWEy
NC04NTYwLTQzMDctYWNjNy1lYmY4MzRmZTlhMTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDQvMmM5YTI0
LTg1NjAtNDMwNy1hY2M3LWViZjgzNGZlOWExNS8xL2lqOG55VDc3ZTd3TEN2Nk96
Q1QzQTUwblVRZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA8AMA0GCSqGSIb3DQEBCwUAA4IBAQAO
meXT8bkVVYRWVk1Odiyesn0d2TYbATGRZNhJainZu0SBL/ZJ+d4/NUSUSn00KED9
48QLRsyUP7uMJBChPOkqtvCPdvZbO0qulhtkBXufOKu/WXMik7LuqH9mAQ+cIWxw
mi8FJuPgWLi2UUiFL6li7gAcynNGRRB2/blxaux8FUWO/ZXq32v5EPGyq6JxFAVq
W/WjOYWMNMMNMcGCH7RAI4Ni2KUjFEppk8HMcy1pqiK8L4KJ2wjtSq4NZd4J+JuT
/Y74iCoODSKx4AA+zXfavUcMlio55ZDw0JvTuxOLhuT2ViwikjxBOCruV+MpDvf8
BuZznM03iyNKigcGItZx
-----END CERTIFICATE-----