Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/jg9oOGfvdpoKIq3hcRjtBvpXuB8.cer
File:                     jg9oOGfvdpoKIq3hcRjtBvpXuB8.cer (raw, json)
Hash identifier:          zIYDiRoF20wOW5+3+f80QlqSFq+/vrll16V2pL876JA=
Subject key identifier:   8E:0F:68:38:67:EF:76:9A:0A:22:AD:E1:71:18:ED:06:FA:57:B8:1F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019426D96BDA32501FD883DF6C9697711223
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/50/86c002-758b-495a-b9cd-7b0dc00a8c20/1/jg9oOGfvdpoKIq3hcRjtBvpXuB8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/50/86c002-758b-495a-b9cd-7b0dc00a8c20/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 11:49:30 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 215387
                          IP: 2001:67c:e24::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:6b:da:32:50:1f:d8:83:df:6c:96:97:71:12:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 11:49:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e0f683867ef769a0a22ade17118ed06fa57b81f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ef:46:9d:6f:57:95:64:20:61:1f:9c:ca:58:
                    5d:04:26:6d:99:13:5f:fd:a5:b1:d6:96:7e:7f:ab:
                    d8:4b:8d:68:c9:4f:db:a9:77:15:6e:c7:a4:8a:eb:
                    e2:e2:f4:76:85:c8:b3:76:db:69:a8:e5:23:8d:f3:
                    fd:00:5c:0a:0d:70:43:f0:cc:e2:d0:46:60:e2:93:
                    08:60:86:02:3d:de:d1:00:96:bf:f0:94:95:fd:04:
                    d8:c7:e3:a3:9b:0c:76:83:27:35:0a:59:b0:10:f4:
                    64:48:d5:a6:8c:41:87:db:34:55:d3:38:3f:43:75:
                    2e:9f:32:5d:92:28:9b:f9:e2:7b:3f:98:3f:24:50:
                    55:b5:1e:a8:92:2a:71:b2:ff:e7:4d:4f:4a:5f:b9:
                    49:32:1c:ae:a3:ac:4c:73:48:c3:8e:c1:f2:bd:02:
                    aa:5d:5d:68:3e:1a:51:ad:ae:c3:9b:3b:a7:ef:f1:
                    77:94:be:3c:a8:94:e8:be:f9:aa:7c:2b:6c:cf:b7:
                    df:a1:a5:d2:cf:32:aa:f1:19:52:da:b6:c1:89:a2:
                    53:4f:43:bc:d2:83:61:37:d9:de:4b:3c:dc:86:7e:
                    ec:12:6f:2f:6c:4c:97:9d:6b:bc:c6:79:4a:69:a7:
                    30:d3:5a:d7:1c:47:ce:e4:db:2f:27:5a:b7:af:38:
                    fe:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:0F:68:38:67:EF:76:9A:0A:22:AD:E1:71:18:ED:06:FA:57:B8:1F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/86c002-758b-495a-b9cd-7b0dc00a8c20/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/86c002-758b-495a-b9cd-7b0dc00a8c20/1/jg9oOGfvdpoKIq3hcRjtBvpXuB8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:e24::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215387

    Signature Algorithm: sha256WithRSAEncryption
         5d:42:bc:12:1f:6b:e2:92:30:86:29:87:09:b8:c8:df:e3:3e:
         f5:a1:26:c5:ff:76:eb:b9:fa:e7:10:bb:06:58:02:7c:42:37:
         67:93:24:f4:31:b2:2e:f7:b7:df:a2:c2:e8:08:9c:4f:07:af:
         69:99:05:d0:7f:a5:55:71:fb:ed:20:6f:f5:07:77:d2:77:75:
         2d:e4:5a:4c:77:da:a9:a6:8b:4d:ff:eb:24:33:01:1c:03:0b:
         be:79:fa:b3:b1:44:bc:5b:dd:e7:62:6a:ba:03:33:f9:31:97:
         0e:f0:48:db:cb:f8:f6:2d:47:7e:51:20:ab:a0:e2:f0:99:16:
         00:93:ba:f2:0e:fd:3d:17:b6:51:ef:c2:a3:04:8f:d0:1f:9d:
         27:67:75:a1:56:84:45:ff:1e:6f:79:97:26:85:37:ab:74:02:
         88:24:c5:58:f8:8a:af:8c:75:88:18:32:49:5f:5a:cf:96:a0:
         8a:e4:32:fc:31:f0:1c:67:64:db:17:97:cf:ef:4b:26:80:0f:
         87:3a:38:20:3d:a7:d7:70:ef:91:32:be:b2:2e:af:06:a9:e6:
         6b:a7:74:5c:f1:66:0e:5f:4c:d3:4f:a2:9a:a2:e7:58:77:32:
         30:38:b7:4c:de:d9:ef:3b:da:dd:f6:ca:cb:b6:ac:a8:1c:8b:
         82:7d:e2:13
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZQm2WvaMlAf2IPfbJaXcRIjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTE0OTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTBmNjgzODY3ZWY3NjlhMGEyMmFkZTE3MTE4ZWQwNmZhNTdiODFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxu9GnW9XlWQgYR+cylhdBCZtmRNf
/aWx1pZ+f6vYS41oyU/bqXcVbsekiuvi4vR2hcizdttpqOUjjfP9AFwKDXBD8Mzi
0EZg4pMIYIYCPd7RAJa/8JSV/QTYx+Ojmwx2gyc1ClmwEPRkSNWmjEGH2zRV0zg/
Q3UunzJdkiib+eJ7P5g/JFBVtR6okipxsv/nTU9KX7lJMhyuo6xMc0jDjsHyvQKq
XV1oPhpRra7Dmzun7/F3lL48qJTovvmqfCtsz7ffoaXSzzKq8RlS2rbBiaJTT0O8
0oNhN9neSzzchn7sEm8vbEyXnWu8xnlKaacw01rXHEfO5NsvJ1q3rzj+KQIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFI4PaDhn73aaCiKt4XEY7Qb6V7gfMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzUwLzg2YzAw
Mi03NThiLTQ5NWEtYjljZC03YjBkYzAwYThjMjAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTAvODZjMDAy
LTc1OGItNDk1YS1iOWNkLTdiMGRjMDBhOGMyMC8xL2pnOW9PR2Z2ZHBvS0lxM2hj
Ump0QnZwWHVCOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA4kMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwNJWzANBgkqhkiG9w0BAQsFAAOCAQEAXUK8Eh9r4pIwhimHCbjI3+M+9aEm
xf9267n65xC7BlgCfEI3Z5Mk9DGyLve336LC6AicTwevaZkF0H+lVXH77SBv9Qd3
0nd1LeRaTHfaqaaLTf/rJDMBHAMLvnn6s7FEvFvd52JqugMz+TGXDvBI28v49i1H
flEgq6Di8JkWAJO68g79PRe2Ue/CowSP0B+dJ2d1oVaERf8eb3mXJoU3q3QCiCTF
WPiKr4x1iBgySV9az5agiuQy/DHwHGdk2xeXz+9LJoAPhzo4ID2n13DvkTK+si6v
Bqnma6d0XPFmDl9M00+imqLnWHcyMDi3TN7Z7zva3fbKy7asqByLgn3iEw==
-----END CERTIFICATE-----