Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/mRXw1qlhquvGsLUInaApObMQpRw.cer
File:                     mRXw1qlhquvGsLUInaApObMQpRw.cer (raw, json)
Hash identifier:          j4ZYRys1ieQAXJiSj1L+LFVuHjeHKiuK42fy81RdQTs=
Subject key identifier:   99:15:F0:D6:A9:61:AA:EB:C6:B0:B5:08:9D:A0:29:39:B3:10:A5:1C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC9BC04331E66CFD1824A44163533F2F0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8b/fa110d-e6e5-4bf9-84fe-bf26a7faa603/1/mRXw1qlhquvGsLUInaApObMQpRw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8b/fa110d-e6e5-4bf9-84fe-bf26a7faa603/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 10:33:11 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 192.156.213.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:04:33:1e:66:cf:d1:82:4a:44:16:35:33:f2:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 10:33:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9915f0d6a961aaebc6b0b5089da02939b310a51c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:f8:2f:61:7b:f4:b3:3e:7f:fc:c1:a9:0e:86:
                    66:71:5d:1a:ca:61:6b:74:13:33:4a:a9:bd:5f:04:
                    e5:e7:b3:46:25:f0:ca:65:31:d1:4e:3d:36:df:87:
                    80:b3:de:99:2e:22:fb:83:32:f5:69:ca:37:c0:8b:
                    74:37:f6:35:1f:7c:94:89:05:ac:db:98:4b:67:89:
                    80:f3:5d:4b:89:3e:74:3b:ae:97:76:f2:37:0c:b7:
                    91:97:b8:9a:79:5f:fc:f1:89:74:3f:a2:1b:a1:75:
                    1b:f6:07:3e:70:e8:86:0a:e8:5a:12:a9:f8:09:30:
                    44:3b:90:e3:b4:cc:29:eb:e0:2a:26:88:c3:1f:c9:
                    59:c4:dc:65:04:c4:ba:64:f1:ac:45:bb:ae:26:1c:
                    ef:04:0b:3e:57:e9:5a:11:d3:13:3e:ee:db:bf:52:
                    4b:57:96:57:ab:8a:cb:86:f1:dc:60:fe:e6:bc:96:
                    55:ae:dc:2f:be:01:2d:0b:88:40:23:3a:52:49:f9:
                    3d:d1:8a:70:d7:94:b4:cf:b6:0b:04:b0:83:78:2c:
                    fa:bf:af:c3:10:4b:78:31:ed:e9:82:3e:ee:13:dd:
                    72:14:3f:4d:5a:f0:78:5e:3d:0f:b7:96:93:e3:90:
                    53:09:46:ef:36:47:e7:c1:3b:c8:c0:b1:f4:0d:4d:
                    8e:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:15:F0:D6:A9:61:AA:EB:C6:B0:B5:08:9D:A0:29:39:B3:10:A5:1C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/fa110d-e6e5-4bf9-84fe-bf26a7faa603/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/fa110d-e6e5-4bf9-84fe-bf26a7faa603/1/mRXw1qlhquvGsLUInaApObMQpRw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.156.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:b7:a7:a9:e6:e1:36:3d:0c:e8:7b:8b:0f:64:0a:2e:67:99:
         19:2e:94:97:8b:b7:6b:69:16:4d:95:16:2b:da:94:bf:f5:8b:
         8a:4e:6f:a8:ad:ec:b4:69:21:6a:fb:56:1b:1d:64:49:1d:04:
         b3:d2:19:3c:ac:1e:8e:b9:59:8b:0c:87:0e:0a:40:22:d2:71:
         7b:25:10:ce:08:df:9c:69:ca:42:4d:92:ed:e3:79:c1:8f:fd:
         6f:8c:bf:3d:9d:4f:c7:e9:15:10:5a:85:9c:f1:ca:04:a7:f7:
         2b:05:36:45:06:63:32:67:23:1e:1c:5c:e9:23:8b:b4:5e:2b:
         8c:20:b3:22:24:2e:e0:c1:34:b9:17:8b:ed:d4:86:cd:44:1a:
         14:54:d2:de:0d:6e:cb:f0:ff:8c:ad:41:38:38:21:3a:0b:08:
         ee:95:b2:ba:84:35:03:0d:32:5a:46:be:ae:b6:3a:d6:c1:74:
         99:f6:e7:eb:7f:20:72:bd:37:98:93:e3:97:58:91:9f:66:0c:
         86:c4:11:f4:ad:f6:a5:b2:64:e6:e5:35:07:df:ac:ec:91:4c:
         3a:b4:61:99:ad:71:a1:6d:5b:16:20:e1:2b:b8:56:c4:59:e5:
         2a:52:42:93:52:9d:64:4a:a9:cf:d7:d2:4e:65:be:32:c4:2e:
         7a:85:31:b6
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzJvAQzHmbP0YJKRBY1M/LwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTAzMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTE1ZjBkNmE5NjFhYWViYzZiMGI1MDg5ZGEwMjkzOWIzMTBhNTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2vgvYXv0sz5//MGpDoZmcV0aymFr
dBMzSqm9XwTl57NGJfDKZTHRTj0234eAs96ZLiL7gzL1aco3wIt0N/Y1H3yUiQWs
25hLZ4mA811LiT50O66XdvI3DLeRl7iaeV/88Yl0P6IboXUb9gc+cOiGCuhaEqn4
CTBEO5DjtMwp6+AqJojDH8lZxNxlBMS6ZPGsRbuuJhzvBAs+V+laEdMTPu7bv1JL
V5ZXq4rLhvHcYP7mvJZVrtwvvgEtC4hAIzpSSfk90Ypw15S0z7YLBLCDeCz6v6/D
EEt4Me3pgj7uE91yFD9NWvB4Xj0Pt5aT45BTCUbvNkfnwTvIwLH0DU2OWwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFJkV8NapYarrxrC1CJ2gKTmzEKUcMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhiL2ZhMTEw
ZC1lNmU1LTRiZjktODRmZS1iZjI2YTdmYWE2MDMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGIvZmExMTBk
LWU2ZTUtNGJmOS04NGZlLWJmMjZhN2ZhYTYwMy8xL21SWHcxcWxocXV2R3NMVUlu
YUFwT2JNUXBSdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwJzVMA0GCSqGSIb3DQEBCwUAA4IBAQCct6ep
5uE2PQzoe4sPZAouZ5kZLpSXi7draRZNlRYr2pS/9YuKTm+orey0aSFq+1YbHWRJ
HQSz0hk8rB6OuVmLDIcOCkAi0nF7JRDOCN+cacpCTZLt43nBj/1vjL89nU/H6RUQ
WoWc8coEp/crBTZFBmMyZyMeHFzpI4u0XiuMILMiJC7gwTS5F4vt1IbNRBoUVNLe
DW7L8P+MrUE4OCE6CwjulbK6hDUDDTJaRr6utjrWwXSZ9ufrfyByvTeYk+OXWJGf
ZgyGxBH0rfalsmTm5TUH36zskUw6tGGZrXGhbVsWIOEruFbEWeUqUkKTUp1kSqnP
19JOZb4yxC56hTG2
-----END CERTIFICATE-----