Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/p_LxFYFdOiGL7BdWG1D04mHkXIY.cer
File:                     p_LxFYFdOiGL7BdWG1D04mHkXIY.cer (raw, json)
Hash identifier:          lOB0CnCqrVn3RxBrgWi4564yspuN7XX6+CXARvKUgSA=
Subject key identifier:   A7:F2:F1:15:81:5D:3A:21:8B:EC:17:56:1B:50:F4:E2:61:E4:5C:86
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC34923ADE6CAADA4AE7BFF5311F10424
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fb/6b0ac3-11bf-48c6-bfb2-73a772cfc28a/1/p_LxFYFdOiGL7BdWG1D04mHkXIY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fb/6b0ac3-11bf-48c6-bfb2-73a772cfc28a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:29:59 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 211227

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:23:ad:e6:ca:ad:a4:ae:7b:ff:53:11:f1:04:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7f2f115815d3a218bec17561b50f4e261e45c86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:f5:24:63:a5:b5:68:e1:b4:fa:20:43:db:80:
                    29:97:1f:ca:de:bd:55:09:1a:c0:e7:14:97:a3:69:
                    e4:e8:2b:67:82:fc:b3:6f:ce:da:db:1e:8f:34:55:
                    3c:43:05:1b:3e:be:77:15:1b:ec:52:df:bc:f2:ef:
                    78:7e:d5:4d:69:c3:ac:26:b8:d1:07:26:7b:9f:a2:
                    d2:bc:0c:9c:37:ce:28:42:6e:30:fc:b4:73:29:b6:
                    63:94:9a:2b:58:54:45:b2:fa:52:77:37:dc:4f:85:
                    75:82:52:b2:b2:d7:3c:89:67:cf:4c:2d:3f:e6:01:
                    f5:dd:cb:14:65:38:ff:02:00:6c:fa:a0:0c:e1:c5:
                    87:2a:5b:15:b1:82:a5:9e:c9:80:e0:01:71:62:55:
                    ca:e0:fb:91:5c:ad:6b:e7:af:32:3c:34:2f:c3:5c:
                    f3:a7:2d:28:2f:44:09:27:bd:d7:79:e8:5a:2d:f0:
                    f6:3f:ea:88:84:ef:53:ea:9c:c0:85:8c:8c:85:70:
                    d5:bb:08:f4:51:d0:f4:31:df:50:ba:77:44:7f:ee:
                    f8:65:79:dc:d8:a5:63:c3:7f:2b:90:a2:9b:2b:21:
                    35:b0:df:cc:65:59:e6:3e:ed:ff:fc:b5:ed:90:54:
                    3f:7c:d6:3f:5b:3c:7c:54:c3:d7:50:0f:db:0a:7d:
                    ae:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:F2:F1:15:81:5D:3A:21:8B:EC:17:56:1B:50:F4:E2:61:E4:5C:86
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/6b0ac3-11bf-48c6-bfb2-73a772cfc28a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/6b0ac3-11bf-48c6-bfb2-73a772cfc28a/1/p_LxFYFdOiGL7BdWG1D04mHkXIY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  211227

    Signature Algorithm: sha256WithRSAEncryption
         61:f2:36:b7:c6:0b:e2:83:2d:08:4a:20:04:90:fa:b3:a0:c4:
         5c:c2:bd:a6:68:9c:7d:25:77:26:42:01:e3:72:fb:da:4c:ce:
         4b:ba:1f:6f:6f:64:e8:41:bd:2b:33:1b:da:66:f4:33:f7:9b:
         08:4f:3d:cf:e8:42:c1:38:82:98:5f:cb:42:5b:ef:20:a4:96:
         37:d8:1e:8d:2e:31:2e:d5:96:38:65:96:ee:ca:34:1d:31:67:
         b7:fe:ac:4f:c0:fe:e6:0b:1f:e3:3a:1c:a6:91:46:6e:e5:8f:
         6f:df:02:16:34:d7:0b:ba:6b:e4:62:e6:48:95:d3:4b:2a:31:
         b3:0d:75:03:06:13:50:1d:74:fd:1d:3a:24:8b:20:38:4e:bb:
         da:17:cd:52:e4:5a:4b:e9:71:df:eb:e1:26:ee:2d:18:94:44:
         8f:13:eb:76:0f:4f:6c:c2:96:77:15:8a:e4:a4:0a:f1:e5:b8:
         91:c8:b4:bd:91:73:d2:ea:c7:35:4a:4c:bb:46:0e:06:91:ff:
         48:9f:28:e4:ef:89:4c:fb:0a:ee:f0:72:5a:73:ae:ee:df:df:
         11:7c:87:4f:34:34:1d:b7:54:a2:66:a3:02:00:03:9e:42:78:
         13:84:a8:7c:44:ca:1c:d6:74:6d:a7:e6:5e:ac:ca:22:6d:48:
         d1:f2:c1:0e
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzDSSOt5sqtpK57/1MR8QQkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2YyZjExNTgxNWQzYTIxOGJlYzE3NTYxYjUwZjRlMjYxZTQ1Yzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvUkY6W1aOG0+iBD24Aplx/K3r1V
CRrA5xSXo2nk6Ctngvyzb87a2x6PNFU8QwUbPr53FRvsUt+88u94ftVNacOsJrjR
ByZ7n6LSvAycN84oQm4w/LRzKbZjlJorWFRFsvpSdzfcT4V1glKystc8iWfPTC0/
5gH13csUZTj/AgBs+qAM4cWHKlsVsYKlnsmA4AFxYlXK4PuRXK1r568yPDQvw1zz
py0oL0QJJ73XeehaLfD2P+qIhO9T6pzAhYyMhXDVuwj0UdD0Md9QundEf+74ZXnc
2KVjw38rkKKbKyE1sN/MZVnmPu3//LXtkFQ/fNY/Wzx8VMPXUA/bCn2u+wIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFKfy8RWBXTohi+wXVhtQ9OJh5FyGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZiLzZiMGFj
My0xMWJmLTQ4YzYtYmZiMi03M2E3NzJjZmMyOGEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmIvNmIwYWMz
LTExYmYtNDhjNi1iZmIyLTczYTc3MmNmYzI4YS8xL3BfTHhGWUZkT2lHTDdCZFdH
MUQwNG1Ia1hJWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM5GzANBgkqhkiG9w0BAQsFAAOCAQEAYfI2t8YL4oMt
CEogBJD6s6DEXMK9pmicfSV3JkIB43L72kzOS7ofb29k6EG9KzMb2mb0M/ebCE89
z+hCwTiCmF/LQlvvIKSWN9gejS4xLtWWOGWW7so0HTFnt/6sT8D+5gsf4zocppFG
buWPb98CFjTXC7pr5GLmSJXTSyoxsw11AwYTUB10/R06JIsgOE672hfNUuRaS+lx
3+vhJu4tGJREjxPrdg9PbMKWdxWK5KQK8eW4kci0vZFz0urHNUpMu0YOBpH/SJ8o
5O+JTPsK7vByWnOu7t/fEXyHTzQ0HbdUomajAgADnkJ4E4SofETKHNZ0bafmXqzK
Im1I0fLBDg==
-----END CERTIFICATE-----