Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/kFHan04DQdDI3l6sVMY6EenvW18.cer
File:                     kFHan04DQdDI3l6sVMY6EenvW18.cer (raw, json)
Hash identifier:          4XBYC4qia8jWvsxLnYSe6WFTpmdm0RYa9Mn3nP2d8W8=
Subject key identifier:   90:51:DA:9F:4E:03:41:D0:C8:DE:5E:AC:54:C6:3A:11:E9:EF:5B:5F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3495EF46FC80829B4292EBED3C100C1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/26/3bc1c4-2b7b-40ee-9181-9b34428ed424/1/kFHan04DQdDI3l6sVMY6EenvW18.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/26/3bc1c4-2b7b-40ee-9181-9b34428ed424/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:30:14 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.41.71.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:5e:f4:6f:c8:08:29:b4:29:2e:be:d3:c1:00:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9051da9f4e0341d0c8de5eac54c63a11e9ef5b5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:4f:17:5b:47:e7:bf:06:a1:a6:d8:da:ae:56:
                    eb:1e:ed:3d:b2:9b:49:28:cd:20:70:19:9c:da:4e:
                    8b:c5:1e:50:9f:ba:8b:41:52:ed:09:6f:17:d0:8a:
                    92:0d:21:71:c1:61:bc:2e:d9:16:40:89:60:3c:3d:
                    43:94:25:b3:48:d6:a9:a2:21:f0:ae:57:fe:5c:63:
                    a3:15:52:7d:b2:ac:3f:90:24:8d:e7:1e:8a:64:25:
                    b6:e6:5a:70:b6:94:69:f0:8f:30:5f:a6:b3:a7:6e:
                    9c:30:f2:92:1b:15:4c:91:a0:3f:aa:fb:9e:6f:c4:
                    25:62:a9:76:4a:c7:c1:ec:51:a9:44:b9:70:ac:bd:
                    29:1a:55:02:99:45:5e:ba:26:e4:2a:7e:40:29:7d:
                    4c:96:1e:ee:d8:e6:e2:3d:e6:eb:6d:01:e6:f3:37:
                    7f:16:9f:f7:08:c5:39:1a:88:ea:cf:2a:8b:cf:cc:
                    6e:a8:89:56:20:45:7a:b5:ed:62:08:54:c4:cb:11:
                    2f:67:82:fc:be:55:ce:b8:a5:ca:58:b5:c8:0d:cf:
                    64:e1:42:c1:25:6e:9e:76:7c:0e:93:e9:6c:22:57:
                    c4:08:8c:94:70:0d:90:b4:e5:fa:8c:e1:5f:91:c6:
                    4f:ef:2a:f1:e5:ec:25:7a:9a:37:05:ab:9b:46:a0:
                    7a:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:51:DA:9F:4E:03:41:D0:C8:DE:5E:AC:54:C6:3A:11:E9:EF:5B:5F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bc1c4-2b7b-40ee-9181-9b34428ed424/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bc1c4-2b7b-40ee-9181-9b34428ed424/1/kFHan04DQdDI3l6sVMY6EenvW18.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:7c:69:4c:2e:7d:55:6e:e1:76:3a:e6:bc:e4:e6:1e:a4:76:
         05:f9:e5:8d:9c:e9:78:40:71:2d:23:b4:96:db:b1:30:6d:b1:
         51:27:0e:54:02:1a:24:fd:f7:56:9d:0c:84:fe:40:b2:1f:f9:
         d6:00:8d:92:27:e8:d9:14:6a:58:46:df:9f:a1:5b:3d:3e:e8:
         08:9a:59:1e:62:be:03:c5:7c:0f:07:6c:d1:47:7f:a0:61:7a:
         28:a2:e7:25:76:0a:9f:25:be:c8:dd:58:1c:2f:4a:05:9b:f4:
         6e:30:14:a9:21:cc:62:3f:01:69:00:f3:ad:b3:74:e4:bf:dd:
         e5:9a:f4:8e:6a:dc:09:34:1b:25:e6:e2:41:f1:9c:5c:6f:9f:
         63:3f:af:a2:b3:c0:fa:71:bf:6c:73:35:a4:7f:d9:f3:38:52:
         08:3c:7a:bb:00:c3:a0:f1:6b:62:6d:17:8a:2b:23:1f:0a:44:
         e9:dd:7c:16:d7:39:01:19:b6:7c:8b:d5:ca:f5:cf:3f:96:df:
         84:ef:99:55:0a:d3:cb:ca:99:2b:d2:5b:24:9b:54:ce:4e:e7:
         62:4c:a2:11:1b:4c:f9:96:88:60:88:e1:d0:38:23:ee:61:a5:
         31:9d:2f:51:b1:01:e5:78:6a:60:6c:75:83:1c:75:77:c9:71:
         e4:a0:1c:1c
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzDSV70b8gIKbQpLr7TwQDBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDUxZGE5ZjRlMDM0MWQwYzhkZTVlYWM1NGM2M2ExMWU5ZWY1YjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu08XW0fnvwahptjarlbrHu09sptJ
KM0gcBmc2k6LxR5Qn7qLQVLtCW8X0IqSDSFxwWG8LtkWQIlgPD1DlCWzSNapoiHw
rlf+XGOjFVJ9sqw/kCSN5x6KZCW25lpwtpRp8I8wX6azp26cMPKSGxVMkaA/qvue
b8QlYql2SsfB7FGpRLlwrL0pGlUCmUVeuibkKn5AKX1Mlh7u2ObiPebrbQHm8zd/
Fp/3CMU5GojqzyqLz8xuqIlWIEV6te1iCFTEyxEvZ4L8vlXOuKXKWLXIDc9k4ULB
JW6ednwOk+lsIlfECIyUcA2QtOX6jOFfkcZP7yrx5ewlepo3BaubRqB6fwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFJBR2p9OA0HQyN5erFTGOhHp71tfMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzI2LzNiYzFj
NC0yYjdiLTQwZWUtOTE4MS05YjM0NDI4ZWQ0MjQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjYvM2JjMWM0
LTJiN2ItNDBlZS05MTgxLTliMzQ0MjhlZDQyNC8xL2tGSGFuMDREUWRESTNsNnNW
TVk2RWVudlcxOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwSlHMA0GCSqGSIb3DQEBCwUAA4IBAQAEfGlM
Ln1VbuF2Oua85OYepHYF+eWNnOl4QHEtI7SW27EwbbFRJw5UAhok/fdWnQyE/kCy
H/nWAI2SJ+jZFGpYRt+foVs9PugImlkeYr4DxXwPB2zRR3+gYXoooucldgqfJb7I
3VgcL0oFm/RuMBSpIcxiPwFpAPOts3Tkv93lmvSOatwJNBsl5uJB8Zxcb59jP6+i
s8D6cb9sczWkf9nzOFIIPHq7AMOg8WtibReKKyMfCkTp3XwW1zkBGbZ8i9XK9c8/
lt+E75lVCtPLypkr0lskm1TOTudiTKIRG0z5lohgiOHQOCPuYaUxnS9RsQHleGpg
bHWDHHV3yXHkoBwc
-----END CERTIFICATE-----