Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/qGLJ7ufHBk_5EVlP6DWi8SXI3VA.cer
File:                     qGLJ7ufHBk_5EVlP6DWi8SXI3VA.cer (raw, json)
Hash identifier:          OvGkt6OW1aauhVdfR5ACiFjbPJ4HjpbJ2CjVUp2N3JE=
Subject key identifier:   A8:62:C9:EE:E7:C7:06:4F:F9:11:59:4F:E8:35:A2:F1:25:C8:DD:50
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC86FA027C347C6BEC6B5FD706C091705
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7b/b17d4e-6171-46bf-b767-1b02b1fc7d0d/1/qGLJ7ufHBk_5EVlP6DWi8SXI3VA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7b/b17d4e-6171-46bf-b767-1b02b1fc7d0d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 04:30:07 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 200959

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:a0:27:c3:47:c6:be:c6:b5:fd:70:6c:09:17:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a862c9eee7c7064ff911594fe835a2f125c8dd50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:83:4b:69:e0:a1:7a:35:5f:96:11:b5:89:76:
                    2d:f0:b2:8f:d8:1c:a3:87:5f:06:ed:1b:a5:ba:e9:
                    45:86:fc:36:70:f6:1c:e4:6a:3b:b5:52:c0:9e:1a:
                    9f:df:9c:d8:64:da:d1:9d:dd:d3:a0:e2:46:df:2b:
                    3a:a5:db:c6:8b:99:d6:bb:d8:0b:fd:b0:2a:9a:a0:
                    27:11:2c:b3:d4:35:4a:dd:86:88:a0:ab:1e:9f:42:
                    b7:df:b8:80:97:f3:70:9c:05:66:10:e3:e9:70:11:
                    bb:e9:f0:0f:47:be:f7:8b:b2:81:f6:48:ce:a9:ad:
                    44:62:54:6e:a9:a1:24:24:ed:84:85:e1:6b:cd:c4:
                    03:fe:8a:77:ab:d0:a9:a4:9c:0c:3e:34:6d:0b:d4:
                    70:d3:cf:f4:e9:56:39:00:13:77:48:57:f9:17:8a:
                    a6:c6:3a:fd:14:a5:d1:f3:46:f3:7d:ec:6e:ac:54:
                    f3:e6:f3:16:31:58:8b:ac:fa:41:8a:fa:50:c9:e8:
                    93:66:ad:e1:34:55:6a:8a:f8:57:0d:27:3b:55:a0:
                    4c:9b:65:be:03:03:b5:74:8c:e1:7a:f3:e3:7c:6a:
                    f2:a1:e6:0e:44:ec:71:15:8b:d0:c6:2b:f3:1b:b7:
                    e8:0a:09:e9:21:ab:63:d1:d4:6e:e9:62:39:04:ee:
                    e2:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:62:C9:EE:E7:C7:06:4F:F9:11:59:4F:E8:35:A2:F1:25:C8:DD:50
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/b17d4e-6171-46bf-b767-1b02b1fc7d0d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/b17d4e-6171-46bf-b767-1b02b1fc7d0d/1/qGLJ7ufHBk_5EVlP6DWi8SXI3VA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  200959

    Signature Algorithm: sha256WithRSAEncryption
         40:bf:5f:8c:f5:7a:4b:fd:85:a1:b7:74:8d:f5:c6:5c:33:15:
         64:90:83:38:0e:a2:20:cb:95:e8:50:52:92:cf:04:bf:7d:92:
         6a:f1:62:0c:b8:c3:9d:9d:68:eb:93:06:6b:cc:ef:6f:70:7c:
         a6:11:3f:3c:c7:10:b3:c8:18:e3:65:c7:69:7e:b4:8a:f1:4f:
         c5:eb:2e:c7:cd:98:bd:aa:57:88:69:07:79:6b:83:91:17:4e:
         1e:1d:21:36:f3:2c:18:b9:d8:de:bb:0b:b4:57:6a:b8:37:2c:
         c0:96:2f:f2:8e:ac:60:87:80:9f:2c:59:2b:21:c5:0d:4f:f5:
         a2:94:54:97:11:4d:d3:ac:f8:5d:64:7e:64:9b:bd:8a:90:95:
         74:05:48:67:70:0c:60:bb:03:2a:ba:cb:ce:4b:26:3e:4d:7b:
         e8:fb:ca:16:c3:48:e3:ed:7d:34:b3:0c:10:02:9a:8c:81:82:
         45:9f:c7:0a:2e:5c:91:07:ed:14:21:f3:17:04:c3:07:9a:0c:
         aa:01:84:42:1b:60:3d:fc:1d:f3:d9:28:b9:38:6b:a8:97:96:
         af:41:a5:b3:5c:64:f6:bd:9a:36:b6:3b:a4:c2:e4:23:01:b0:
         6b:8d:11:e9:b4:30:7f:61:cd:81:1c:1f:b8:67:50:d6:fa:d3:
         3b:2c:13:c2
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzIb6Anw0fGvsa1/XBsCRcFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDQzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODYyYzllZWU3YzcwNjRmZjkxMTU5NGZlODM1YTJmMTI1YzhkZDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhINLaeChejVflhG1iXYt8LKP2Byj
h18G7RuluulFhvw2cPYc5Go7tVLAnhqf35zYZNrRnd3ToOJG3ys6pdvGi5nWu9gL
/bAqmqAnESyz1DVK3YaIoKsen0K337iAl/NwnAVmEOPpcBG76fAPR773i7KB9kjO
qa1EYlRuqaEkJO2EheFrzcQD/op3q9CppJwMPjRtC9Rw08/06VY5ABN3SFf5F4qm
xjr9FKXR80bzfexurFTz5vMWMViLrPpBivpQyeiTZq3hNFVqivhXDSc7VaBMm2W+
AwO1dIzhevPjfGryoeYOROxxFYvQxivzG7foCgnpIatj0dRu6WI5BO7i4QIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFKhiye7nxwZP+RFZT+g1ovElyN1QMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdiL2IxN2Q0
ZS02MTcxLTQ2YmYtYjc2Ny0xYjAyYjFmYzdkMGQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2IvYjE3ZDRl
LTYxNzEtNDZiZi1iNzY3LTFiMDJiMWZjN2QwZC8xL3FHTEo3dWZIQmtfNUVWbFA2
RFdpOFNYSTNWQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMQ/zANBgkqhkiG9w0BAQsFAAOCAQEAQL9fjPV6S/2F
obd0jfXGXDMVZJCDOA6iIMuV6FBSks8Ev32SavFiDLjDnZ1o65MGa8zvb3B8phE/
PMcQs8gY42XHaX60ivFPxesux82YvapXiGkHeWuDkRdOHh0hNvMsGLnY3rsLtFdq
uDcswJYv8o6sYIeAnyxZKyHFDU/1opRUlxFN06z4XWR+ZJu9ipCVdAVIZ3AMYLsD
KrrLzksmPk176PvKFsNI4+19NLMMEAKajIGCRZ/HCi5ckQftFCHzFwTDB5oMqgGE
QhtgPfwd89kouThrqJeWr0Gls1xk9r2aNrY7pMLkIwGwa40R6bQwf2HNgRwfuGdQ
1vrTOywTwg==
-----END CERTIFICATE-----