Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/mfrSUn6vqVIVqP7Weif608-y038.cer
File:                     mfrSUn6vqVIVqP7Weif608-y038.cer (raw, json)
Hash identifier:          mglNCaAVwH8cCBXG43gU9B0QLEIGEvRM/22p13tszF4=
Subject key identifier:   99:FA:D2:52:7E:AF:A9:52:15:A8:FE:D6:7A:27:FA:D3:CF:B2:D3:7F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5005B027C6D3EFEA5F3882751DAC0C1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/16/456eac-65df-4dd1-bf9c-0103a899c2de/1/mfrSUn6vqVIVqP7Weif608-y038.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/16/456eac-65df-4dd1-bf9c-0103a899c2de/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:29:44 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 195.184.76.0/24
                          IP: 2a05:7480::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:5b:02:7c:6d:3e:fe:a5:f3:88:27:51:da:c0:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99fad2527eafa95215a8fed67a27fad3cfb2d37f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e3:19:d7:08:97:2e:08:4a:c4:ac:61:ca:68:
                    66:16:19:ea:94:b0:af:e2:c8:c9:10:8a:e9:75:9a:
                    86:3b:07:61:ea:51:34:ae:1a:67:5b:34:48:a2:9b:
                    25:41:40:12:41:04:15:51:50:dc:e0:d2:ce:b1:73:
                    14:30:fe:70:f7:d3:13:fc:b6:49:74:21:12:7e:18:
                    56:7c:4c:c2:64:1f:c7:c3:9a:cc:39:cb:45:31:41:
                    a0:e0:50:b9:54:f0:a2:6f:43:80:56:cd:07:16:f5:
                    62:07:d9:8f:4c:13:91:ba:ea:53:11:57:ce:fb:57:
                    6b:35:57:6a:97:d5:dd:f1:31:9a:32:30:bb:53:56:
                    32:95:ad:23:7c:20:d7:89:1b:d3:51:f5:0a:32:10:
                    14:48:bf:40:f4:b3:d4:a8:fc:4a:53:f8:21:07:9a:
                    93:c4:08:04:cf:31:0b:66:21:2b:88:4a:99:f5:86:
                    6e:a7:6b:3f:d3:17:bf:a9:c6:12:44:d5:99:ea:af:
                    bf:6c:83:d0:48:31:84:f5:c0:8f:c5:dd:7b:15:90:
                    2a:9a:06:3c:fb:d3:f1:ea:56:d6:b9:b0:5d:6d:51:
                    b3:ad:e8:8f:04:ab:c7:4c:51:52:7c:e8:9b:1c:36:
                    cd:ea:98:a5:6f:f5:d3:c4:73:6d:04:a9:bc:c1:ad:
                    3c:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:FA:D2:52:7E:AF:A9:52:15:A8:FE:D6:7A:27:FA:D3:CF:B2:D3:7F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/456eac-65df-4dd1-bf9c-0103a899c2de/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/456eac-65df-4dd1-bf9c-0103a899c2de/1/mfrSUn6vqVIVqP7Weif608-y038.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.184.76.0/24
                IPv6:
                  2a05:7480::/29

    Signature Algorithm: sha256WithRSAEncryption
         12:93:58:75:3c:c5:57:9b:10:99:09:60:00:dc:52:fc:9e:65:
         55:d7:50:b7:7d:fc:c0:ef:45:1b:ac:8c:bb:ed:21:1b:8f:ed:
         60:19:16:50:58:13:5f:f0:09:32:1a:d8:f2:f7:dc:2b:dd:13:
         8e:5a:fd:16:fc:0b:8d:84:c3:66:82:35:35:cc:66:99:09:2e:
         a9:85:9c:ae:1b:4d:00:f0:93:e9:5b:71:a9:8f:99:7d:25:59:
         eb:73:43:fc:a9:fd:18:1c:7d:be:14:10:02:3e:95:71:68:38:
         49:2a:e3:f4:4e:96:8c:4c:62:ae:27:10:bc:88:31:7b:90:56:
         c8:95:3b:88:59:36:23:01:d6:91:90:81:0e:34:32:bb:f5:43:
         13:4f:11:52:e2:aa:54:46:2e:0d:27:48:a1:9f:cd:f3:15:fc:
         61:16:09:4f:e1:c6:09:e7:a3:56:28:37:30:4e:b6:9f:39:1b:
         bb:69:81:b2:71:4e:07:3d:59:93:24:58:3b:b8:3e:a3:ba:84:
         68:aa:01:69:45:ee:32:9c:31:61:c8:7b:d6:f2:c6:50:f2:93:
         fe:e9:69:51:26:37:6a:20:f0:ee:88:1e:7e:c0:d9:da:67:cd:
         e8:cf:03:19:e6:37:58:dd:7f:78:f4:62:ee:a1:98:96:26:19:
         55:0d:97:79
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzFAFsCfG0+/qXziCdR2sDBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWZhZDI1MjdlYWZhOTUyMTVhOGZlZDY3YTI3ZmFkM2NmYjJkMzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAouMZ1wiXLghKxKxhymhmFhnqlLCv
4sjJEIrpdZqGOwdh6lE0rhpnWzRIopslQUASQQQVUVDc4NLOsXMUMP5w99MT/LZJ
dCESfhhWfEzCZB/Hw5rMOctFMUGg4FC5VPCib0OAVs0HFvViB9mPTBORuupTEVfO
+1drNVdql9Xd8TGaMjC7U1Yyla0jfCDXiRvTUfUKMhAUSL9A9LPUqPxKU/ghB5qT
xAgEzzELZiEriEqZ9YZup2s/0xe/qcYSRNWZ6q+/bIPQSDGE9cCPxd17FZAqmgY8
+9Px6lbWubBdbVGzreiPBKvHTFFSfOibHDbN6pilb/XTxHNtBKm8wa08EwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFJn60lJ+r6lSFaj+1non+tPPstN/MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE2LzQ1NmVh
Yy02NWRmLTRkZDEtYmY5Yy0wMTAzYTg5OWMyZGUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTYvNDU2ZWFj
LTY1ZGYtNGRkMS1iZjljLTAxMDNhODk5YzJkZS8xL21mclNVbjZ2cVZJVnFQN1dl
aWY2MDgteTAzOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAw7hMMA0EAgACMAcDBQMqBXSAMA0GCSqGSIb3
DQEBCwUAA4IBAQASk1h1PMVXmxCZCWAA3FL8nmVV11C3ffzA70UbrIy77SEbj+1g
GRZQWBNf8AkyGtjy99wr3ROOWv0W/AuNhMNmgjU1zGaZCS6phZyuG00A8JPpW3Gp
j5l9JVnrc0P8qf0YHH2+FBACPpVxaDhJKuP0TpaMTGKuJxC8iDF7kFbIlTuIWTYj
AdaRkIEONDK79UMTTxFS4qpURi4NJ0ihn83zFfxhFglP4cYJ56NWKDcwTrafORu7
aYGycU4HPVmTJFg7uD6juoRoqgFpRe4ynDFhyHvW8sZQ8pP+6WlRJjdqIPDuiB5+
wNnaZ83ozwMZ5jdY3X949GLuoZiWJhlVDZd5
-----END CERTIFICATE-----