Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/qujptNjblGuyDM9RJ5cHXIr9g80.cer
File:                     qujptNjblGuyDM9RJ5cHXIr9g80.cer (raw, json)
Hash identifier:          ay5dqvii3UwW7mI+Rv3aqlxOmbw3D6jag0IqQvATzdw=
Subject key identifier:   AA:E8:E9:B4:D8:DB:94:6B:B2:0C:CF:51:27:97:07:5C:8A:FD:83:CD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018FE3B2B579B86EE2D3426E5F515049DAF8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f9/1e872f-8851-4d17-9148-f8905672e59d/1/qujptNjblGuyDM9RJ5cHXIr9g80.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f9/1e872f-8851-4d17-9148-f8905672e59d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 04 Jun 2024 14:41:30 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.244.200.0/22
                          IP: 2a0d:3540::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e3:b2:b5:79:b8:6e:e2:d3:42:6e:5f:51:50:49:da:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jun  4 14:41:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aae8e9b4d8db946bb20ccf512797075c8afd83cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:11:f6:15:5f:d2:67:d0:64:0c:dc:1f:70:5e:
                    33:0f:8c:cb:cb:11:9e:bc:b5:71:9c:79:34:ec:ec:
                    d3:08:cb:3f:5c:75:3d:ac:14:04:32:28:0a:6b:d7:
                    0d:e1:1a:aa:e4:d3:d4:e3:74:6a:bd:69:6c:91:d4:
                    85:ef:5c:81:9f:be:1e:44:35:cf:2b:72:19:d5:dc:
                    7d:5e:89:90:3b:ac:96:8b:55:31:3b:8d:a8:9f:b3:
                    fc:de:1e:cc:c4:02:a4:9a:1b:9e:2c:fb:7f:d1:1a:
                    aa:f3:6d:06:ed:eb:4b:ca:0f:19:92:70:8f:e5:16:
                    f9:b4:41:0a:ed:13:6d:97:7f:c9:bc:14:ea:90:1e:
                    ff:e5:cb:4c:82:e3:26:93:6b:84:d5:be:04:33:71:
                    b9:f8:8b:50:cc:9d:61:e4:da:34:e4:5a:75:b4:7e:
                    e5:5c:91:e6:af:64:7f:26:7d:ba:a1:bd:3b:7a:32:
                    99:0e:45:6c:cc:a9:c0:77:79:d8:7c:e9:e0:11:7b:
                    c1:cd:2e:99:c5:a1:64:7e:54:5a:20:23:90:47:80:
                    d8:cc:1b:97:b1:c8:0d:b6:08:de:0a:1f:c8:1b:b8:
                    4e:c6:53:dc:7f:20:c0:98:3c:ee:47:b0:3f:11:9c:
                    76:85:9f:61:95:13:ec:07:0f:c2:50:a0:0c:83:da:
                    1d:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:E8:E9:B4:D8:DB:94:6B:B2:0C:CF:51:27:97:07:5C:8A:FD:83:CD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/1e872f-8851-4d17-9148-f8905672e59d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/1e872f-8851-4d17-9148-f8905672e59d/1/qujptNjblGuyDM9RJ5cHXIr9g80.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.244.200.0/22
                IPv6:
                  2a0d:3540::/29

    Signature Algorithm: sha256WithRSAEncryption
         0c:27:1f:b6:50:37:aa:01:c9:4c:59:ec:02:b4:a2:fa:11:8e:
         1e:d8:b2:9a:03:8d:44:fe:28:4b:7f:c4:71:84:c2:1d:4f:27:
         05:6e:cd:85:21:10:d4:13:fc:cd:ba:4a:ed:d3:1b:3b:a4:74:
         97:74:2e:db:7e:0f:4f:d9:6b:99:60:b0:aa:de:da:2f:7a:af:
         89:46:a0:d5:e9:01:82:50:3e:9e:60:6b:08:ff:c5:a0:50:36:
         cf:03:76:1d:d5:6a:c9:68:ac:3b:09:c9:5f:70:ea:3b:16:ac:
         12:ce:3c:f9:94:ed:42:ee:a4:ab:c8:c0:11:59:31:b6:43:91:
         ec:df:29:29:5b:e8:d7:5c:bd:28:b2:45:20:d5:76:43:5a:08:
         a7:e0:22:f9:17:59:f3:48:f8:ac:ca:96:32:e5:b5:3b:54:05:
         0c:2c:4c:f2:04:d6:60:4d:c8:60:41:a1:a1:f5:6d:e9:cc:e9:
         6b:64:14:95:b6:25:02:e4:4c:a5:08:9c:90:ee:07:13:4e:c3:
         78:07:bb:e7:d6:77:38:6c:ec:a4:44:2d:be:4d:6b:15:a0:9f:
         a2:ff:62:90:fb:bc:14:a7:92:0c:f5:06:61:75:fc:ae:f1:b5:
         e3:bd:0d:79:92:70:29:34:77:f5:39:18:f0:d1:7c:9e:3b:6f:
         f7:bc:76:2a
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAY/jsrV5uG7i00JuX1FQSdr4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNjA0MTQ0MTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWU4ZTliNGQ4ZGI5NDZiYjIwY2NmNTEyNzk3MDc1YzhhZmQ4M2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxH2FV/SZ9BkDNwfcF4zD4zLyxGe
vLVxnHk07OzTCMs/XHU9rBQEMigKa9cN4Rqq5NPU43RqvWlskdSF71yBn74eRDXP
K3IZ1dx9XomQO6yWi1UxO42on7P83h7MxAKkmhueLPt/0Rqq820G7etLyg8ZknCP
5Rb5tEEK7RNtl3/JvBTqkB7/5ctMguMmk2uE1b4EM3G5+ItQzJ1h5No05Fp1tH7l
XJHmr2R/Jn26ob07ejKZDkVszKnAd3nYfOngEXvBzS6ZxaFkflRaICOQR4DYzBuX
scgNtgjeCh/IG7hOxlPcfyDAmDzuR7A/EZx2hZ9hlRPsBw/CUKAMg9odTwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFKro6bTY25RrsgzPUSeXB1yK/YPNMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y5LzFlODcy
Zi04ODUxLTRkMTctOTE0OC1mODkwNTY3MmU1OWQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjkvMWU4NzJm
LTg4NTEtNGQxNy05MTQ4LWY4OTA1NjcyZTU5ZC8xL3F1anB0TmpibEd1eURNOVJK
NWNIWElyOWc4MC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCW/TIMA0EAgACMAcDBQMqDTVAMA0GCSqGSIb3
DQEBCwUAA4IBAQAMJx+2UDeqAclMWewCtKL6EY4e2LKaA41E/ihLf8RxhMIdTycF
bs2FIRDUE/zNukrt0xs7pHSXdC7bfg9P2WuZYLCq3toveq+JRqDV6QGCUD6eYGsI
/8WgUDbPA3Yd1WrJaKw7CclfcOo7FqwSzjz5lO1C7qSryMARWTG2Q5Hs3ykpW+jX
XL0oskUg1XZDWgin4CL5F1nzSPisypYy5bU7VAUMLEzyBNZgTchgQaGh9W3pzOlr
ZBSVtiUC5EylCJyQ7gcTTsN4B7vn1nc4bOykRC2+TWsVoJ+i/2KQ+7wUp5IM9QZh
dfyu8bXjvQ15knApNHf1ORjw0XyeO2/3vHYq
-----END CERTIFICATE-----