Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/qY7r7ZdT9YC-p1s1LnBjJaGNFEc.cer
File:                     qY7r7ZdT9YC-p1s1LnBjJaGNFEc.cer (raw, json)
Hash identifier:          OXO+akd9C9nDhQYI2BMYniws1OGDQhNN+G9AKXXHMJE=
Subject key identifier:   A9:8E:EB:ED:97:53:F5:80:BE:A7:5B:35:2E:70:63:25:A1:8D:14:47
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941F8C3D388CCC5E5E4A6E2D91333B9DBF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ba/a74744-ed48-4707-a63e-52f6919139c4/1/qY7r7ZdT9YC-p1s1LnBjJaGNFEc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ba/a74744-ed48-4707-a63e-52f6919139c4/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 01:47:51 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.57.136.0/22
                          IP: 2a04:ddc0::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 07:26:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:3d:38:8c:cc:5e:5e:4a:6e:2d:91:33:3b:9d:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a98eebed9753f580bea75b352e706325a18d1447
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:62:65:1e:ad:d7:50:92:da:52:dc:ce:4e:12:
                    72:b8:f7:17:75:46:75:8a:58:08:b6:eb:cf:6c:1b:
                    e3:6b:82:7c:f1:e8:ed:a1:c2:5e:cd:4f:73:74:e4:
                    af:09:8e:bf:e0:e1:3f:da:36:c6:d7:0c:43:00:ba:
                    24:78:8b:ae:60:e2:17:b0:be:e3:da:66:3e:64:8c:
                    ad:0c:f4:91:c1:8e:3f:30:da:d3:73:69:2e:35:68:
                    b1:f8:20:43:2e:7e:b9:c7:ca:f1:e0:ba:9e:95:59:
                    ab:e9:b1:b0:d9:6e:a9:17:ae:50:c6:9d:d3:1f:08:
                    39:a5:0c:97:32:e4:27:8a:d5:b2:fa:0e:36:30:62:
                    1b:1c:c9:64:5c:6b:57:f2:87:7d:d7:f2:0e:8e:43:
                    1e:19:de:55:c5:44:3e:4b:02:7b:49:4a:de:62:6a:
                    73:30:9c:ed:92:ce:13:b2:02:ff:76:37:5d:45:45:
                    0c:b1:c4:5c:d8:a6:97:0c:3a:b4:e2:ef:d8:06:70:
                    97:02:9b:56:2b:4c:4b:1f:90:78:8b:2a:82:23:81:
                    d8:94:c1:f7:06:f4:ef:7e:0d:e6:76:c9:5c:80:cc:
                    e4:33:90:d8:da:f2:ab:ab:87:cf:8b:49:5a:d3:d5:
                    8c:25:36:6e:dd:da:fc:e8:a4:a9:7b:e2:98:ee:4b:
                    68:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:8E:EB:ED:97:53:F5:80:BE:A7:5B:35:2E:70:63:25:A1:8D:14:47
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/a74744-ed48-4707-a63e-52f6919139c4/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/a74744-ed48-4707-a63e-52f6919139c4/1/qY7r7ZdT9YC-p1s1LnBjJaGNFEc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.136.0/22
                IPv6:
                  2a04:ddc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         44:1e:ca:09:5e:37:1c:0f:aa:c3:a3:a1:98:79:87:dd:3e:d7:
         8d:c3:4a:37:9c:7b:5f:29:46:5d:3f:54:70:07:1c:7c:36:8e:
         57:92:c0:e9:c5:2d:33:f9:b9:39:cd:c2:98:c4:a3:ac:ba:fb:
         15:22:51:ab:35:72:ca:eb:cb:85:3c:61:bd:02:23:5b:45:f1:
         6a:79:33:50:ad:8f:90:20:82:e8:c9:86:91:e8:f1:08:fd:e5:
         15:83:af:1b:ae:a6:e6:c4:60:51:6b:57:a9:b7:8c:e0:d6:b1:
         99:bc:8b:77:76:03:e0:c6:fb:27:33:79:4a:f0:12:2c:7d:f6:
         ba:2a:fa:2c:be:49:87:25:28:8e:d7:de:45:f8:e0:93:16:14:
         9b:87:1b:d6:e0:a0:16:20:0d:d0:ea:8a:34:ff:5d:62:39:ce:
         2f:ca:74:cd:77:04:bb:f9:51:88:28:6e:40:48:2b:90:4e:2a:
         12:ee:28:86:8a:fa:27:a7:c8:9b:d6:29:4e:e4:77:41:12:62:
         f6:ea:21:db:e3:59:43:d9:64:a3:6a:83:2d:13:b2:f1:3d:aa:
         5f:a5:8e:46:5e:55:ac:ed:b0:6a:a6:40:3d:43:31:86:25:b2:
         68:64:9c:db:62:53:c7:a1:46:cc:50:f6:6a:0e:d2:05:14:d5:
         77:4a:50:3f
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQfjD04jMxeXkpuLZEzO52/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDE0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOThlZWJlZDk3NTNmNTgwYmVhNzViMzUyZTcwNjMyNWExOGQxNDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWJlHq3XUJLaUtzOThJyuPcXdUZ1
ilgItuvPbBvja4J88ejtocJezU9zdOSvCY6/4OE/2jbG1wxDALokeIuuYOIXsL7j
2mY+ZIytDPSRwY4/MNrTc2kuNWix+CBDLn65x8rx4LqelVmr6bGw2W6pF65Qxp3T
Hwg5pQyXMuQnitWy+g42MGIbHMlkXGtX8od91/IOjkMeGd5VxUQ+SwJ7SUreYmpz
MJztks4TsgL/djddRUUMscRc2KaXDDq04u/YBnCXAptWK0xLH5B4iyqCI4HYlMH3
BvTvfg3mdslcgMzkM5DY2vKrq4fPi0la09WMJTZu3dr86KSpe+KY7ktoxwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFKmO6+2XU/WAvqdbNS5wYyWhjRRHMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JhL2E3NDc0
NC1lZDQ4LTQ3MDctYTYzZS01MmY2OTE5MTM5YzQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmEvYTc0NzQ0
LWVkNDgtNDcwNy1hNjNlLTUyZjY5MTkxMzljNC8xL3FZN3I3WmRUOVlDLXAxczFM
bkJqSmFHTkZFYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuTmIMA0EAgACMAcDBQMqBN3AMA0GCSqGSIb3
DQEBCwUAA4IBAQBEHsoJXjccD6rDo6GYeYfdPteNw0o3nHtfKUZdP1RwBxx8No5X
ksDpxS0z+bk5zcKYxKOsuvsVIlGrNXLK68uFPGG9AiNbRfFqeTNQrY+QIILoyYaR
6PEI/eUVg68brqbmxGBRa1ept4zg1rGZvIt3dgPgxvsnM3lK8BIsffa6KvosvkmH
JSiO195F+OCTFhSbhxvW4KAWIA3Q6oo0/11iOc4vynTNdwS7+VGIKG5ASCuQTioS
7iiGivonp8ib1ilO5HdBEmL26iHb41lD2WSjaoMtE7LxPapfpY5GXlWs7bBqpkA9
QzGGJbJoZJzbYlPHoUbMUPZqDtIFFNV3SlA/
-----END CERTIFICATE-----