Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/kkqX2RLXH4D9Nrc-_A_Hlpdi8zc.cer
File:                     kkqX2RLXH4D9Nrc-_A_Hlpdi8zc.cer (raw, json)
Hash identifier:          jCe9uWMs0kUrePlndZZGEYQPQAAXM5bAjyaTB29mszA=
Subject key identifier:   92:4A:97:D9:12:D7:1F:80:FD:36:B7:3E:FC:0F:C7:96:97:62:F3:37
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019422FBEDF3D5DC40B64D90DABB5A0D6784
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/90/ad3586-a028-4746-b3da-814856e1b1f4/1/kkqX2RLXH4D9Nrc-_A_Hlpdi8zc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/90/ad3586-a028-4746-b3da-814856e1b1f4/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 17:48:43 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 33955
                          IP: 217.194.16.0/20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:ed:f3:d5:dc:40:b6:4d:90:da:bb:5a:0d:67:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 17:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=924a97d912d71f80fd36b73efc0fc7969762f337
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d7:39:45:82:7d:81:4e:cc:96:b8:50:86:38:
                    f6:e5:48:9c:8f:da:8e:e0:34:78:39:c2:46:cb:61:
                    bd:4d:7c:4b:67:9e:1d:a4:97:4c:d7:b1:2f:6c:7c:
                    56:a4:64:c0:c5:b4:a4:41:7c:f1:43:a5:07:20:e1:
                    b9:38:35:00:ea:d3:2b:8b:95:ce:4d:45:cd:5b:2f:
                    60:36:7c:bb:e1:8d:ca:44:48:a6:60:4f:1d:3e:6d:
                    f1:0e:97:f9:a5:4c:a9:64:e3:86:11:88:8a:59:ed:
                    74:3a:13:7a:0e:d8:cd:0b:e6:3c:dc:8d:6e:73:33:
                    af:86:d0:c5:fa:83:5e:c1:c9:14:49:2a:55:2f:20:
                    2f:d5:be:69:51:3e:ad:76:7f:fc:e4:a6:b6:14:05:
                    d7:33:9a:97:48:f2:10:63:bc:fe:8a:11:dd:f9:30:
                    99:04:ac:13:ff:4a:d3:af:ee:c9:cb:23:6e:c2:dd:
                    df:d8:b3:f4:ea:8c:10:40:ef:d3:51:72:0f:11:c2:
                    6e:b9:79:15:cd:66:6b:0a:8d:cb:7a:34:d9:e0:cc:
                    72:cd:3c:15:d9:ec:fb:59:ea:ad:37:d8:f3:2a:86:
                    e2:1c:14:ad:9a:b7:94:22:20:62:b1:8f:fd:03:64:
                    05:77:45:00:9f:42:bd:ec:d7:88:52:25:1d:60:da:
                    b6:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:4A:97:D9:12:D7:1F:80:FD:36:B7:3E:FC:0F:C7:96:97:62:F3:37
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/ad3586-a028-4746-b3da-814856e1b1f4/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/ad3586-a028-4746-b3da-814856e1b1f4/1/kkqX2RLXH4D9Nrc-_A_Hlpdi8zc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.194.16.0/20

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  33955

    Signature Algorithm: sha256WithRSAEncryption
         aa:0a:32:1b:73:c4:ce:1f:69:66:3d:5f:1a:56:63:9b:b8:db:
         b7:c7:b7:2c:f3:0c:50:4b:e4:a6:54:db:69:82:6e:46:77:e4:
         48:63:9e:6a:b2:69:8c:fd:ed:cd:10:13:a8:73:2c:e9:c4:30:
         0e:04:3c:3c:12:10:c4:f1:1d:89:57:af:e4:f0:6b:33:72:c5:
         58:ea:70:9a:cc:31:d9:f9:7c:13:81:32:17:8c:40:f1:4f:1d:
         c9:52:c5:41:a1:ae:cf:59:68:0a:f5:c8:07:93:9f:38:2b:9e:
         a3:42:32:3a:c9:0d:41:60:2c:85:71:7a:0a:0c:22:cf:52:fc:
         7d:eb:f7:75:64:30:e1:df:bd:f0:45:77:94:be:8c:6f:1e:ea:
         64:67:cf:8c:ca:00:9d:6c:7c:85:36:58:b3:d5:06:aa:75:6b:
         13:d6:db:6f:d2:69:f6:c6:e5:02:fd:39:24:7d:52:de:5e:e3:
         8b:17:70:1c:f2:67:0e:28:54:b3:41:79:93:84:20:f4:69:88:
         3d:8f:95:69:d4:b5:6c:18:3d:1f:59:1c:33:c2:d2:41:ab:4f:
         96:af:38:2b:c4:6b:9a:3c:2d:e3:45:34:fa:04:fb:7d:48:28:
         1b:60:3b:33:fa:46:aa:34:7f:f3:cb:79:6a:49:91:92:ee:2a:
         e3:4a:c2:df
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQi++3z1dxAtk2Q2rtaDWeEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTc0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjRhOTdkOTEyZDcxZjgwZmQzNmI3M2VmYzBmYzc5Njk3NjJmMzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdc5RYJ9gU7MlrhQhjj25Uicj9qO
4DR4OcJGy2G9TXxLZ54dpJdM17EvbHxWpGTAxbSkQXzxQ6UHIOG5ODUA6tMri5XO
TUXNWy9gNny74Y3KREimYE8dPm3xDpf5pUypZOOGEYiKWe10OhN6DtjNC+Y83I1u
czOvhtDF+oNewckUSSpVLyAv1b5pUT6tdn/85Ka2FAXXM5qXSPIQY7z+ihHd+TCZ
BKwT/0rTr+7JyyNuwt3f2LP06owQQO/TUXIPEcJuuXkVzWZrCo3LejTZ4MxyzTwV
2ez7WeqtN9jzKobiHBStmreUIiBisY/9A2QFd0UAn0K97NeIUiUdYNq20wIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFJJKl9kS1x+A/Ta3PvwPx5aXYvM3MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkwL2FkMzU4
Ni1hMDI4LTQ3NDYtYjNkYS04MTQ4NTZlMWIxZjQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTAvYWQzNTg2
LWEwMjgtNDc0Ni1iM2RhLTgxNDg1NmUxYjFmNC8xL2trcVgyUkxYSDREOU5yYy1f
QV9IbHBkaTh6Yy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQE2cIQMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCEozANBgkqhkiG9w0BAQsFAAOCAQEAqgoyG3PEzh9pZj1fGlZjm7jbt8e3LPMM
UEvkplTbaYJuRnfkSGOearJpjP3tzRATqHMs6cQwDgQ8PBIQxPEdiVev5PBrM3LF
WOpwmswx2fl8E4EyF4xA8U8dyVLFQaGuz1loCvXIB5OfOCueo0IyOskNQWAshXF6
Cgwiz1L8fev3dWQw4d+98EV3lL6Mbx7qZGfPjMoAnWx8hTZYs9UGqnVrE9bbb9Jp
9sblAv05JH1S3l7jixdwHPJnDihUs0F5k4Qg9GmIPY+VadS1bBg9H1kcM8LSQatP
lq84K8Rrmjwt40U0+gT7fUgoG2A7M/pGqjR/88t5akmRku4q40rC3w==
-----END CERTIFICATE-----