Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/qujptNjblGuyDM9RJ5cHXIr9g80.cer
File:                     qujptNjblGuyDM9RJ5cHXIr9g80.cer (raw, json)
Hash identifier:          +u8Oy3tRiFuCXeTaAo7/Rt2ReozuYxBrhkQcZ3Aqk3M=
Subject key identifier:   AA:E8:E9:B4:D8:DB:94:6B:B2:0C:CF:51:27:97:07:5C:8A:FD:83:CD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019422FB7F01DDB879C001ADE76778526C9C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f9/1e872f-8851-4d17-9148-f8905672e59d/1/qujptNjblGuyDM9RJ5cHXIr9g80.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f9/1e872f-8851-4d17-9148-f8905672e59d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 17:48:14 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 91.244.200.0/22
                          IP: 2a0d:3540::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:7f:01:dd:b8:79:c0:01:ad:e7:67:78:52:6c:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 17:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aae8e9b4d8db946bb20ccf512797075c8afd83cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:11:f6:15:5f:d2:67:d0:64:0c:dc:1f:70:5e:
                    33:0f:8c:cb:cb:11:9e:bc:b5:71:9c:79:34:ec:ec:
                    d3:08:cb:3f:5c:75:3d:ac:14:04:32:28:0a:6b:d7:
                    0d:e1:1a:aa:e4:d3:d4:e3:74:6a:bd:69:6c:91:d4:
                    85:ef:5c:81:9f:be:1e:44:35:cf:2b:72:19:d5:dc:
                    7d:5e:89:90:3b:ac:96:8b:55:31:3b:8d:a8:9f:b3:
                    fc:de:1e:cc:c4:02:a4:9a:1b:9e:2c:fb:7f:d1:1a:
                    aa:f3:6d:06:ed:eb:4b:ca:0f:19:92:70:8f:e5:16:
                    f9:b4:41:0a:ed:13:6d:97:7f:c9:bc:14:ea:90:1e:
                    ff:e5:cb:4c:82:e3:26:93:6b:84:d5:be:04:33:71:
                    b9:f8:8b:50:cc:9d:61:e4:da:34:e4:5a:75:b4:7e:
                    e5:5c:91:e6:af:64:7f:26:7d:ba:a1:bd:3b:7a:32:
                    99:0e:45:6c:cc:a9:c0:77:79:d8:7c:e9:e0:11:7b:
                    c1:cd:2e:99:c5:a1:64:7e:54:5a:20:23:90:47:80:
                    d8:cc:1b:97:b1:c8:0d:b6:08:de:0a:1f:c8:1b:b8:
                    4e:c6:53:dc:7f:20:c0:98:3c:ee:47:b0:3f:11:9c:
                    76:85:9f:61:95:13:ec:07:0f:c2:50:a0:0c:83:da:
                    1d:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:E8:E9:B4:D8:DB:94:6B:B2:0C:CF:51:27:97:07:5C:8A:FD:83:CD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/1e872f-8851-4d17-9148-f8905672e59d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/1e872f-8851-4d17-9148-f8905672e59d/1/qujptNjblGuyDM9RJ5cHXIr9g80.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.244.200.0/22
                IPv6:
                  2a0d:3540::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:9c:17:ad:1d:9f:e7:69:0d:33:cb:e8:55:cb:49:9b:1e:4d:
         c4:13:29:c6:11:90:2c:5e:d7:63:e8:27:12:b8:17:7c:98:58:
         0e:f3:ba:f3:43:e3:88:65:d6:64:9f:ca:ec:73:b7:c5:34:75:
         ea:c7:3e:2a:7c:ac:9c:fe:dc:af:4b:30:2a:0c:07:3b:46:2d:
         a1:45:a8:94:84:a1:fa:0d:3e:c6:40:48:33:b3:92:9d:2d:a3:
         59:2b:67:fa:73:68:d4:77:8b:a9:0c:93:9e:e7:5c:bb:34:21:
         46:35:aa:02:4a:17:cc:89:61:6b:99:35:41:83:a7:06:e6:70:
         4b:77:ca:0a:19:16:0a:c6:43:43:0d:f3:7b:ce:36:52:c1:bb:
         b1:1c:ac:c7:c7:8e:da:9e:a0:1d:9e:c0:cc:a9:14:42:58:ce:
         69:e2:66:dd:34:20:21:a7:c3:27:fb:7e:20:5e:13:a6:a2:1b:
         ff:02:cf:fa:80:fa:9c:72:21:e3:ee:46:31:1e:14:be:87:5b:
         9c:a6:f3:57:ae:45:89:ab:fb:f7:e7:e6:82:47:fd:d9:75:0c:
         ba:2e:7a:52:54:86:9c:c4:f0:04:f6:71:65:bf:5d:8a:f2:a1:
         a6:b0:7d:92:e5:2b:11:2b:4d:fa:d1:6f:ec:13:29:ca:d8:9b:
         62:5f:69:d3
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQi+38B3bh5wAGt52d4UmycMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTc0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWU4ZTliNGQ4ZGI5NDZiYjIwY2NmNTEyNzk3MDc1YzhhZmQ4M2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxH2FV/SZ9BkDNwfcF4zD4zLyxGe
vLVxnHk07OzTCMs/XHU9rBQEMigKa9cN4Rqq5NPU43RqvWlskdSF71yBn74eRDXP
K3IZ1dx9XomQO6yWi1UxO42on7P83h7MxAKkmhueLPt/0Rqq820G7etLyg8ZknCP
5Rb5tEEK7RNtl3/JvBTqkB7/5ctMguMmk2uE1b4EM3G5+ItQzJ1h5No05Fp1tH7l
XJHmr2R/Jn26ob07ejKZDkVszKnAd3nYfOngEXvBzS6ZxaFkflRaICOQR4DYzBuX
scgNtgjeCh/IG7hOxlPcfyDAmDzuR7A/EZx2hZ9hlRPsBw/CUKAMg9odTwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFKro6bTY25RrsgzPUSeXB1yK/YPNMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y5LzFlODcy
Zi04ODUxLTRkMTctOTE0OC1mODkwNTY3MmU1OWQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjkvMWU4NzJm
LTg4NTEtNGQxNy05MTQ4LWY4OTA1NjcyZTU5ZC8xL3F1anB0TmpibEd1eURNOVJK
NWNIWElyOWc4MC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCW/TIMA0EAgACMAcDBQMqDTVAMA0GCSqGSIb3
DQEBCwUAA4IBAQABnBetHZ/naQ0zy+hVy0mbHk3EEynGEZAsXtdj6CcSuBd8mFgO
87rzQ+OIZdZkn8rsc7fFNHXqxz4qfKyc/tyvSzAqDAc7Ri2hRaiUhKH6DT7GQEgz
s5KdLaNZK2f6c2jUd4upDJOe51y7NCFGNaoCShfMiWFrmTVBg6cG5nBLd8oKGRYK
xkNDDfN7zjZSwbuxHKzHx47anqAdnsDMqRRCWM5p4mbdNCAhp8Mn+34gXhOmohv/
As/6gPqcciHj7kYxHhS+h1ucpvNXrkWJq/v35+aCR/3ZdQy6LnpSVIacxPAE9nFl
v12K8qGmsH2S5SsRK0360W/sEynK2JtiX2nT
-----END CERTIFICATE-----