Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/kJf5cjfvNm3lq211ju5UPgjVf1w.cer
File:                     kJf5cjfvNm3lq211ju5UPgjVf1w.cer (raw, json)
Hash identifier:          z/4oMB2TPYszy70VwX9J/FJTsa7u1d2UqcKMntLdlAY=
Subject key identifier:   90:97:F9:72:37:EF:36:6D:E5:AB:6D:75:8E:EE:54:3E:08:D5:7F:5C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC94CE92A2AC7752BBEF065E2E4D32668
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f9/ac13e2-2a29-4e70-859b-6c30b8ef63b4/1/kJf5cjfvNm3lq211ju5UPgjVf1w.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f9/ac13e2-2a29-4e70-859b-6c30b8ef63b4/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 08:31:50 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.228.96.0/22
                          IP: 2a03:bc80::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:e9:2a:2a:c7:75:2b:be:f0:65:e2:e4:d3:26:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:31:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9097f97237ef366de5ab6d758eee543e08d57f5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d9:eb:0c:0b:56:51:6d:67:dc:69:65:0c:2a:
                    ec:27:9c:fe:ff:e8:08:07:96:4e:9a:ee:55:f8:05:
                    14:1a:b6:19:73:21:02:d5:a9:86:e6:12:b2:22:4a:
                    d8:a2:16:30:04:18:d6:2f:60:08:de:75:04:92:d3:
                    67:40:ac:c4:0f:7c:35:c4:b6:b4:94:f1:63:67:76:
                    99:05:07:52:ef:2b:61:98:95:e9:98:2e:05:f6:34:
                    7e:4f:5d:4e:cb:38:5c:e7:bb:a4:79:5c:05:fa:07:
                    7d:b2:b2:99:bd:91:6c:18:eb:96:b4:1f:a3:8f:f4:
                    8e:37:5d:89:39:54:9d:33:c2:1b:4a:b0:ac:66:65:
                    f4:08:89:9c:a3:73:df:65:fa:8c:41:3d:07:0b:3c:
                    88:ac:0e:3f:04:3d:bd:75:4c:8a:48:4e:92:b9:3e:
                    3a:4b:86:08:f0:1f:79:dd:aa:0d:50:39:10:11:8f:
                    e1:ba:55:fb:88:99:02:6d:29:d3:79:a3:ab:c0:76:
                    96:2d:f2:c4:04:7b:f3:88:bc:20:4e:29:49:87:58:
                    cc:87:96:e9:2e:61:ab:d3:a9:54:48:5a:ae:9c:5f:
                    2a:59:b4:ac:df:45:6d:79:0b:8c:5e:00:c2:db:40:
                    09:85:6d:a1:8e:96:f6:85:6d:aa:2d:9e:d3:d5:2c:
                    a2:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:97:F9:72:37:EF:36:6D:E5:AB:6D:75:8E:EE:54:3E:08:D5:7F:5C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/ac13e2-2a29-4e70-859b-6c30b8ef63b4/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/ac13e2-2a29-4e70-859b-6c30b8ef63b4/1/kJf5cjfvNm3lq211ju5UPgjVf1w.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.96.0/22
                IPv6:
                  2a03:bc80::/29

    Signature Algorithm: sha256WithRSAEncryption
         88:46:6e:11:66:56:96:e1:30:2f:1d:ef:9a:4f:f6:aa:17:e4:
         b1:17:03:42:db:02:d7:e0:fe:ca:a9:65:91:45:f1:0f:b6:ba:
         b5:66:20:fe:a1:b4:66:8a:aa:06:62:49:3b:a7:ba:9d:d1:96:
         e8:e2:72:3c:7a:36:30:e2:b3:5b:62:02:f6:af:49:6c:e2:32:
         a7:d2:07:4a:1e:51:81:f3:ec:e1:7d:2e:38:24:1d:7c:a3:a7:
         66:57:1f:67:79:05:c5:b3:73:ff:e5:cc:56:28:e9:44:ec:01:
         df:d9:dd:1f:63:ef:67:77:23:bc:4b:f9:9c:74:50:68:b7:b3:
         02:a7:83:0f:82:a3:61:ce:fa:3f:3e:2c:41:46:c8:cb:de:26:
         13:fb:57:99:5a:8b:95:64:ae:46:d0:68:a3:2b:f6:6f:69:5a:
         ae:f1:ba:d3:3b:76:76:47:b8:3f:ac:d9:16:da:8a:d0:da:17:
         da:7f:87:e5:d2:30:bc:10:14:7d:7a:33:30:ad:c9:66:6b:db:
         7d:36:85:45:97:01:46:73:64:c8:bc:a8:44:63:85:32:dc:e2:
         0e:02:ac:ba:bb:d3:10:72:f6:16:33:09:81:41:93:bd:22:77:
         cd:67:f4:6f:ad:45:af:36:52:ce:7f:3a:74:7e:36:be:d8:93:
         cb:66:09:d7
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzJTOkqKsd1K77wZeLk0yZoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDgzMTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDk3Zjk3MjM3ZWYzNjZkZTVhYjZkNzU4ZWVlNTQzZTA4ZDU3ZjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNnrDAtWUW1n3GllDCrsJ5z+/+gI
B5ZOmu5V+AUUGrYZcyEC1amG5hKyIkrYohYwBBjWL2AI3nUEktNnQKzED3w1xLa0
lPFjZ3aZBQdS7ythmJXpmC4F9jR+T11Oyzhc57ukeVwF+gd9srKZvZFsGOuWtB+j
j/SON12JOVSdM8IbSrCsZmX0CImco3PfZfqMQT0HCzyIrA4/BD29dUyKSE6SuT46
S4YI8B953aoNUDkQEY/hulX7iJkCbSnTeaOrwHaWLfLEBHvziLwgTilJh1jMh5bp
LmGr06lUSFqunF8qWbSs30VteQuMXgDC20AJhW2hjpb2hW2qLZ7T1SyiEwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFJCX+XI37zZt5attdY7uVD4I1X9cMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y5L2FjMTNl
Mi0yYTI5LTRlNzAtODU5Yi02YzMwYjhlZjYzYjQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjkvYWMxM2Uy
LTJhMjktNGU3MC04NTliLTZjMzBiOGVmNjNiNC8xL2tKZjVjamZ2Tm0zbHEyMTFq
dTVVUGdqVmYxdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCueRgMA0EAgACMAcDBQMqA7yAMA0GCSqGSIb3
DQEBCwUAA4IBAQCIRm4RZlaW4TAvHe+aT/aqF+SxFwNC2wLX4P7KqWWRRfEPtrq1
ZiD+obRmiqoGYkk7p7qd0Zbo4nI8ejYw4rNbYgL2r0ls4jKn0gdKHlGB8+zhfS44
JB18o6dmVx9neQXFs3P/5cxWKOlE7AHf2d0fY+9ndyO8S/mcdFBot7MCp4MPgqNh
zvo/PixBRsjL3iYT+1eZWouVZK5G0GijK/ZvaVqu8brTO3Z2R7g/rNkW2orQ2hfa
f4fl0jC8EBR9ejMwrclma9t9NoVFlwFGc2TIvKhEY4Uy3OIOAqy6u9MQcvYWMwmB
QZO9InfNZ/RvrUWvNlLOfzp0fja+2JPLZgnX
-----END CERTIFICATE-----