Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/lD6Cf2bVs5Vf5tc7oPFfuqyLUVA.cer
File:                     lD6Cf2bVs5Vf5tc7oPFfuqyLUVA.cer (raw, json)
Hash identifier:          ifUtgYUWvPVgbfN8ThVLgEH1TdbKXWUq7dxXy5H93g8=
Subject key identifier:   94:3E:82:7F:66:D5:B3:95:5F:E6:D7:3B:A0:F1:5F:BA:AC:8B:51:50
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B677074B2EE48E24EC2D461B9D7093
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d7/08b59b-4fd3-4569-9b56-1e0cc5e158fa/1/lD6Cf2bVs5Vf5tc7oPFfuqyLUVA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d7/08b59b-4fd3-4569-9b56-1e0cc5e158fa/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:29:24 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.153.136.0/22
                          IP: 2a07:8640::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:77:07:4b:2e:e4:8e:24:ec:2d:46:1b:9d:70:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=943e827f66d5b3955fe6d73ba0f15fbaac8b5150
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e8:0a:28:c2:b9:16:0e:44:2c:04:c5:e2:f7:
                    94:a2:45:77:6b:c9:b5:db:e2:46:50:d7:87:d4:ba:
                    8d:e3:43:2f:f4:bc:39:f3:60:02:16:1d:8a:3c:ca:
                    47:05:c6:9b:75:03:3a:9e:9a:a0:2a:52:9a:9a:71:
                    ec:05:4e:9a:47:57:07:8d:73:57:e3:16:a1:25:cd:
                    25:c8:2b:8b:55:68:3a:55:70:5c:d4:94:9c:36:56:
                    83:d5:97:15:3d:38:2f:5e:77:45:43:f6:22:97:b3:
                    42:97:06:5d:72:ea:07:54:b5:c3:2a:05:65:07:38:
                    0d:9b:87:85:21:17:55:7b:21:0c:2b:2a:f8:ec:b3:
                    65:a0:d8:20:7b:2d:e3:2f:6e:3f:3b:52:0a:ac:ac:
                    82:e1:4a:db:7f:b3:9e:59:cd:11:ee:a6:17:32:06:
                    47:13:e1:20:1f:2a:84:6e:91:3f:32:5d:17:fb:71:
                    00:c3:c4:f0:86:77:ed:c0:5c:ac:93:56:08:01:c5:
                    ad:b2:88:5c:65:75:cc:80:a6:7e:12:fe:09:b9:e2:
                    f1:68:f5:8f:d7:cd:d3:4c:22:7e:f2:74:24:07:3d:
                    12:f8:10:16:ce:bb:2b:a9:d3:56:65:94:cc:67:17:
                    db:b2:78:76:9e:3b:5c:41:cf:28:b5:c0:80:df:69:
                    74:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:3E:82:7F:66:D5:B3:95:5F:E6:D7:3B:A0:F1:5F:BA:AC:8B:51:50
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/08b59b-4fd3-4569-9b56-1e0cc5e158fa/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/08b59b-4fd3-4569-9b56-1e0cc5e158fa/1/lD6Cf2bVs5Vf5tc7oPFfuqyLUVA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.153.136.0/22
                IPv6:
                  2a07:8640::/29

    Signature Algorithm: sha256WithRSAEncryption
         88:76:1f:2d:3e:f7:48:d0:ed:49:69:8a:29:6e:80:ed:40:c8:
         db:03:32:a3:aa:91:ac:3b:16:42:ca:bf:ad:36:37:0c:d0:d6:
         b5:b5:d0:6d:9a:f5:12:21:6b:3b:a7:18:38:3c:d8:9a:4d:8d:
         b8:fc:34:3b:9e:20:16:34:a4:6a:e7:3c:f4:8f:62:74:7b:67:
         c3:f4:32:91:7a:6c:83:be:15:5b:0d:fe:af:ba:ea:52:75:76:
         9b:f2:26:50:35:44:cf:17:7d:76:af:5f:91:86:f3:39:fd:bf:
         15:85:78:ce:50:dc:fc:31:64:fd:c1:de:ed:9c:42:54:76:21:
         ad:9e:96:1d:28:63:a8:51:ec:c8:77:5a:5f:7b:ef:98:ca:f0:
         c3:8d:5e:27:c7:db:68:19:0e:ec:5a:4a:76:38:43:4f:d3:33:
         a3:1c:66:57:41:e8:1a:f7:91:a9:a4:6c:b2:00:d1:24:c6:85:
         42:c7:c4:1d:d0:ff:1a:b6:9d:f9:aa:37:dc:d5:62:82:3d:24:
         93:22:f9:37:a0:aa:e8:e9:b7:36:11:32:6c:60:47:63:a8:cc:
         83:ed:e0:b6:a3:c7:26:2c:3f:d4:b1:13:f6:e1:ef:20:5c:32:
         b6:e9:89:e3:49:1a:b9:d4:19:a0:c7:e3:c9:42:29:5c:6d:7a:
         b7:80:c7:0f
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzDtncHSy7kjiTsLUYbnXCTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDNlODI3ZjY2ZDViMzk1NWZlNmQ3M2JhMGYxNWZiYWFjOGI1MTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApugKKMK5Fg5ELATF4veUokV3a8m1
2+JGUNeH1LqN40Mv9Lw582ACFh2KPMpHBcabdQM6npqgKlKamnHsBU6aR1cHjXNX
4xahJc0lyCuLVWg6VXBc1JScNlaD1ZcVPTgvXndFQ/Yil7NClwZdcuoHVLXDKgVl
BzgNm4eFIRdVeyEMKyr47LNloNggey3jL24/O1IKrKyC4Urbf7OeWc0R7qYXMgZH
E+EgHyqEbpE/Ml0X+3EAw8TwhnftwFysk1YIAcWtsohcZXXMgKZ+Ev4JueLxaPWP
183TTCJ+8nQkBz0S+BAWzrsrqdNWZZTMZxfbsnh2njtcQc8otcCA32l0NQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFJQ+gn9m1bOVX+bXO6DxX7qsi1FQMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q3LzA4YjU5
Yi00ZmQzLTQ1NjktOWI1Ni0xZTBjYzVlMTU4ZmEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDcvMDhiNTli
LTRmZDMtNDU2OS05YjU2LTFlMGNjNWUxNThmYS8xL2xENkNmMmJWczVWZjV0Yzdv
UEZmdXF5TFVWQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuZmIMA0EAgACMAcDBQMqB4ZAMA0GCSqGSIb3
DQEBCwUAA4IBAQCIdh8tPvdI0O1JaYopboDtQMjbAzKjqpGsOxZCyr+tNjcM0Na1
tdBtmvUSIWs7pxg4PNiaTY24/DQ7niAWNKRq5zz0j2J0e2fD9DKRemyDvhVbDf6v
uupSdXab8iZQNUTPF312r1+RhvM5/b8VhXjOUNz8MWT9wd7tnEJUdiGtnpYdKGOo
UezId1pfe++YyvDDjV4nx9toGQ7sWkp2OENP0zOjHGZXQega95GppGyyANEkxoVC
x8Qd0P8atp35qjfc1WKCPSSTIvk3oKro6bc2ETJsYEdjqMyD7eC2o8cmLD/UsRP2
4e8gXDK26YnjSRq51Bmgx+PJQilcbXq3gMcP
-----END CERTIFICATE-----