Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/izGWcRDKvuxKZreAN-Uqh7K8j10.cer
File:                     izGWcRDKvuxKZreAN-Uqh7K8j10.cer (raw, json)
Hash identifier:          lpbjPIx/5sRQ3qIiuIb1YZK//F8qk3kaQGR3xN4uaqQ=
Subject key identifier:   8B:31:96:71:10:CA:BE:EC:4A:66:B7:80:37:E5:2A:87:B2:BC:8F:5D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942067F69778643A9923A989891E425788
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/0f/31df07-dcb5-4a50-a704-a017c368466d/1/izGWcRDKvuxKZreAN-Uqh7K8j10.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/0f/31df07-dcb5-4a50-a704-a017c368466d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 05:47:51 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 34122
                          IP: 91.216.117.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:f6:97:78:64:3a:99:23:a9:89:89:1e:42:57:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b31967110cabeec4a66b78037e52a87b2bc8f5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:2a:80:6f:24:99:f8:ef:19:42:66:81:dc:8a:
                    bf:6a:cc:3e:02:4c:42:2a:14:2e:0d:39:2c:cb:1f:
                    54:8e:ef:95:ea:2a:c7:df:f7:6d:8e:14:4d:7f:41:
                    fc:8c:e4:74:78:79:0f:39:b7:c3:cf:7a:4e:42:3e:
                    0b:e2:74:49:7e:65:8f:1b:38:b0:db:74:68:30:87:
                    7b:43:d5:72:05:eb:63:a1:17:b3:66:92:61:e0:e1:
                    c5:d1:51:ad:ae:10:9a:9d:24:6c:e9:c7:82:b3:63:
                    83:ea:46:68:de:ff:ac:17:f0:2e:b0:96:f5:52:e8:
                    0b:fa:e9:1e:73:6d:49:15:91:1c:61:23:ed:1e:c9:
                    11:fa:16:db:19:36:e2:fc:f5:b9:d8:ec:72:da:28:
                    92:38:58:5b:aa:00:c0:73:39:cb:44:b9:5b:34:0e:
                    95:24:37:1d:fb:a7:ff:49:7b:15:d5:6b:cc:ae:45:
                    77:cf:43:52:b3:9f:ca:96:47:4d:0d:2b:af:32:75:
                    2e:cc:bc:ff:37:a3:a1:0f:f3:cf:d6:11:c3:27:75:
                    c1:95:d5:26:65:46:1e:51:57:f1:96:92:88:44:19:
                    53:66:0d:94:81:ca:66:07:aa:2f:27:ae:de:db:3d:
                    0a:41:d2:3f:3e:d7:50:84:85:fd:07:f8:8d:dc:9d:
                    5e:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:31:96:71:10:CA:BE:EC:4A:66:B7:80:37:E5:2A:87:B2:BC:8F:5D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/31df07-dcb5-4a50-a704-a017c368466d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/31df07-dcb5-4a50-a704-a017c368466d/1/izGWcRDKvuxKZreAN-Uqh7K8j10.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.117.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  34122

    Signature Algorithm: sha256WithRSAEncryption
         86:fd:0f:6e:05:4a:77:64:0f:5b:df:56:40:8a:59:07:90:ed:
         dd:7c:5b:4b:3c:cc:b7:32:c3:61:9d:10:0b:64:a7:9c:f3:ae:
         8f:de:24:22:5e:8d:8c:e3:33:b0:ac:07:d6:1a:e5:18:68:dd:
         a1:cd:9b:5c:f8:48:01:86:7f:18:18:78:55:9f:44:66:ee:d3:
         eb:64:87:fc:45:8f:e5:1e:88:cf:03:87:ab:39:cf:7f:fb:fe:
         2b:67:25:b1:f7:89:c5:49:d2:f3:bd:38:f6:0a:fb:49:f0:8b:
         27:f1:39:03:6f:f4:01:30:43:af:61:d5:3e:c4:2a:dc:28:0c:
         40:06:1f:27:31:23:74:64:25:31:db:09:84:f0:8c:b2:2b:2f:
         4f:b7:ea:6d:0a:56:74:23:3f:9b:6a:0b:df:04:e4:00:2d:67:
         1e:b1:bf:b0:57:a3:2e:f3:15:b7:76:95:cc:c8:cb:02:81:6b:
         e6:2b:54:d6:d7:09:8a:2b:91:0c:96:6a:84:12:50:33:a9:13:
         46:28:c1:e1:b3:f4:d5:9a:15:47:b7:49:e5:77:8a:ea:3d:5f:
         02:6c:8c:30:af:cd:5d:a9:19:5f:e4:59:c3:c9:63:b2:1d:c3:
         cb:af:b0:08:d9:3d:41:08:30:0a:87:49:96:d6:30:f3:57:91:
         24:c6:10:ea
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQgZ/aXeGQ6mSOpiYkeQleIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDU0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjMxOTY3MTEwY2FiZWVjNGE2NmI3ODAzN2U1MmE4N2IyYmM4ZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtyqAbySZ+O8ZQmaB3Iq/asw+AkxC
KhQuDTksyx9Uju+V6irH3/dtjhRNf0H8jOR0eHkPObfDz3pOQj4L4nRJfmWPGziw
23RoMId7Q9VyBetjoRezZpJh4OHF0VGtrhCanSRs6ceCs2OD6kZo3v+sF/AusJb1
UugL+ukec21JFZEcYSPtHskR+hbbGTbi/PW52Oxy2iiSOFhbqgDAcznLRLlbNA6V
JDcd+6f/SXsV1WvMrkV3z0NSs5/KlkdNDSuvMnUuzLz/N6OhD/PP1hHDJ3XBldUm
ZUYeUVfxlpKIRBlTZg2UgcpmB6ovJ67e2z0KQdI/PtdQhIX9B/iN3J1eswIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFIsxlnEQyr7sSma3gDflKoeyvI9dMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBmLzMxZGYw
Ny1kY2I1LTRhNTAtYTcwNC1hMDE3YzM2ODQ2NmQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGYvMzFkZjA3
LWRjYjUtNGE1MC1hNzA0LWEwMTdjMzY4NDY2ZC8xL2l6R1djUkRLdnV4S1pyZUFO
LVVxaDdLOGoxMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9h1MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCFSjANBgkqhkiG9w0BAQsFAAOCAQEAhv0PbgVKd2QPW99WQIpZB5Dt3XxbSzzM
tzLDYZ0QC2SnnPOuj94kIl6NjOMzsKwH1hrlGGjdoc2bXPhIAYZ/GBh4VZ9EZu7T
62SH/EWP5R6IzwOHqznPf/v+K2clsfeJxUnS87049gr7SfCLJ/E5A2/0ATBDr2HV
PsQq3CgMQAYfJzEjdGQlMdsJhPCMsisvT7fqbQpWdCM/m2oL3wTkAC1nHrG/sFej
LvMVt3aVzMjLAoFr5itU1tcJiiuRDJZqhBJQM6kTRijB4bP01ZoVR7dJ5XeK6j1f
AmyMMK/NXakZX+RZw8ljsh3Dy6+wCNk9QQgwCodJltYw81eRJMYQ6g==
-----END CERTIFICATE-----