Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/lCKVhDGvU0e_2A41UD3bSOcc9NY.cer
File:                     lCKVhDGvU0e_2A41UD3bSOcc9NY.cer (raw, json)
Hash identifier:          6di4mUUfa0sek4Sj8flTIvW/NB5ttFxKK8ApFnnz1Yo=
Subject key identifier:   94:22:95:84:31:AF:53:47:BF:D8:0E:35:50:3D:DB:48:E7:1C:F4:D6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019425FC4F872B78CDE87F47FAD67B8B267F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f2/755468-2acc-4e9b-a5ea-e8a083f56ace/1/lCKVhDGvU0e_2A41UD3bSOcc9NY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f2/755468-2acc-4e9b-a5ea-e8a083f56ace/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 07:48:00 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 61206
                          IP: 193.169.213.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:4f:87:2b:78:cd:e8:7f:47:fa:d6:7b:8b:26:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 07:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9422958431af5347bfd80e35503ddb48e71cf4d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:71:96:af:ec:48:8d:c3:fb:bc:fa:ea:96:77:
                    e6:04:e3:d7:84:af:42:f6:dd:b8:00:95:c4:73:c3:
                    1f:ef:37:9a:4b:f4:d2:dc:54:44:5d:89:ef:ea:06:
                    78:7f:2f:5a:a1:81:80:13:bb:3e:d6:33:74:37:75:
                    09:ed:77:29:11:15:a8:65:64:cd:7e:38:4d:e4:9d:
                    f5:40:91:29:a4:71:1a:86:76:18:ed:9a:e2:7b:dc:
                    b4:69:18:b5:6f:c2:18:1b:dd:2e:17:41:5e:b3:d4:
                    b8:4f:72:92:7b:4a:69:53:ec:a5:1a:dd:cd:10:16:
                    ad:8c:83:79:d3:5e:63:5e:92:c7:70:15:be:bc:2e:
                    36:d0:09:40:75:d5:23:8b:0c:9f:06:20:a4:b2:4b:
                    c0:17:30:bf:38:09:bb:bf:3f:8a:64:6e:dd:3d:d8:
                    59:bd:56:ad:ce:aa:f0:d0:79:e0:b9:a3:2b:2c:a5:
                    7d:86:fa:d4:54:ed:0b:11:a2:55:98:23:a4:74:2e:
                    17:67:c1:76:fa:61:a2:de:f6:d9:21:09:65:48:37:
                    12:e2:e5:7d:ba:4f:88:3c:28:a0:a7:f0:9e:a8:d1:
                    0b:66:96:21:c5:0a:23:a3:e3:fe:a2:b3:e1:d6:e3:
                    02:81:68:b0:20:13:27:c7:d9:e9:ee:e9:5e:b6:cd:
                    36:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:22:95:84:31:AF:53:47:BF:D8:0E:35:50:3D:DB:48:E7:1C:F4:D6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/755468-2acc-4e9b-a5ea-e8a083f56ace/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/755468-2acc-4e9b-a5ea-e8a083f56ace/1/lCKVhDGvU0e_2A41UD3bSOcc9NY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.169.213.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  61206

    Signature Algorithm: sha256WithRSAEncryption
         a0:08:bd:4c:34:6c:dc:20:0b:b1:76:fe:04:85:4a:bb:63:b5:
         70:e1:5b:bc:77:1b:14:2c:6c:50:58:46:2e:85:03:8c:96:07:
         b4:eb:dd:78:97:7e:d4:6e:3e:61:9b:78:13:7e:57:ea:84:6c:
         e3:db:1e:a8:7d:7f:7c:85:ab:bb:eb:5f:c6:e2:ac:ed:8a:da:
         3f:ca:0e:13:33:7a:5b:47:a9:44:b5:e2:d5:00:f1:5c:61:47:
         6b:f9:37:cd:45:34:c6:3d:15:d1:42:5f:42:f2:84:80:68:c9:
         51:38:4d:a2:cd:c5:d9:9b:21:d2:c3:60:b9:a2:89:a1:25:dc:
         83:4f:1f:ad:45:ae:84:f7:09:32:31:4f:da:12:7f:b5:f1:85:
         51:69:b5:4d:aa:47:e4:25:35:af:01:36:58:c8:91:ae:f3:44:
         17:de:e1:20:a3:18:4e:74:ab:8f:e3:ff:0e:f9:14:1d:17:a7:
         1d:47:14:8f:f5:9f:7c:7d:40:f1:b0:8a:0d:2e:46:5d:b2:ab:
         e5:d5:aa:1c:2d:40:63:b4:c2:95:8f:ec:2c:6c:62:a7:c7:13:
         d0:72:97:05:ce:84:d8:38:ef:ed:5e:29:0e:4b:12:ca:ca:30:
         4d:d1:79:88:5e:2f:bb:9c:48:68:6e:cc:32:be:cb:00:78:bb:
         fa:9c:71:f4
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQl/E+HK3jN6H9H+tZ7iyZ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDc0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDIyOTU4NDMxYWY1MzQ3YmZkODBlMzU1MDNkZGI0OGU3MWNmNGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXGWr+xIjcP7vPrqlnfmBOPXhK9C
9t24AJXEc8Mf7zeaS/TS3FREXYnv6gZ4fy9aoYGAE7s+1jN0N3UJ7XcpERWoZWTN
fjhN5J31QJEppHEahnYY7Zrie9y0aRi1b8IYG90uF0Fes9S4T3KSe0ppU+ylGt3N
EBatjIN5015jXpLHcBW+vC420AlAddUjiwyfBiCkskvAFzC/OAm7vz+KZG7dPdhZ
vVatzqrw0HnguaMrLKV9hvrUVO0LEaJVmCOkdC4XZ8F2+mGi3vbZIQllSDcS4uV9
uk+IPCigp/CeqNELZpYhxQojo+P+orPh1uMCgWiwIBMnx9np7ulets02OwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFJQilYQxr1NHv9gONVA920jnHPTWMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YyLzc1NTQ2
OC0yYWNjLTRlOWItYTVlYS1lOGEwODNmNTZhY2UvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjIvNzU1NDY4
LTJhY2MtNGU5Yi1hNWVhLWU4YTA4M2Y1NmFjZS8xL2xDS1ZoREd2VTBlXzJBNDFV
RDNiU09jYzlOWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwanVMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDvFjANBgkqhkiG9w0BAQsFAAOCAQEAoAi9TDRs3CALsXb+BIVKu2O1cOFbvHcb
FCxsUFhGLoUDjJYHtOvdeJd+1G4+YZt4E35X6oRs49seqH1/fIWru+tfxuKs7Yra
P8oOEzN6W0epRLXi1QDxXGFHa/k3zUU0xj0V0UJfQvKEgGjJUThNos3F2Zsh0sNg
uaKJoSXcg08frUWuhPcJMjFP2hJ/tfGFUWm1TapH5CU1rwE2WMiRrvNEF97hIKMY
TnSrj+P/DvkUHRenHUcUj/WffH1A8bCKDS5GXbKr5dWqHC1AY7TClY/sLGxip8cT
0HKXBc6E2Djv7V4pDksSysowTdF5iF4vu5xIaG7MMr7LAHi7+pxx9A==
-----END CERTIFICATE-----