Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/qvxBqvu8yqlnEYSXRe9yKlJgrH4.cer
File:                     qvxBqvu8yqlnEYSXRe9yKlJgrH4.cer (raw, json)
Hash identifier:          Hak7/rjLnfRXX5HdvNhBlI+29ZpfcDjDREGUcvxlvc8=
Subject key identifier:   AA:FC:41:AA:FB:BC:CA:A9:67:11:84:97:45:EF:72:2A:52:60:AC:7E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420D5BFF32BBEF38CB4F2F3BE2F854ECA
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/qvxBqvu8yqlnEYSXRe9yKlJgrH4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 07:47:46 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 45.67.92.0/22
                          IP: 2a09:7440::/32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:bf:f3:2b:be:f3:8c:b4:f2:f3:be:2f:85:4e:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aafc41aafbbccaa96711849745ef722a5260ac7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:14:bb:66:9d:f9:10:11:19:a1:13:7c:fe:e4:
                    69:c5:25:ec:6f:77:a7:6e:c6:e9:06:65:29:43:b0:
                    8a:8b:b5:f5:80:3f:cf:91:df:a4:8e:93:1a:de:9e:
                    dc:70:97:a5:53:51:68:3e:9c:d7:42:d5:fc:b0:6a:
                    29:da:39:10:fb:dd:61:0b:4c:9b:c1:c7:1b:37:8e:
                    6b:4b:46:0a:ca:87:f2:da:46:7e:6c:a7:68:2f:69:
                    43:e8:3e:57:f6:8e:d5:61:f9:62:72:ad:1c:bb:9e:
                    2e:fb:07:09:2e:85:34:3f:b3:b7:74:32:b5:65:f0:
                    64:18:26:b1:99:34:fa:60:51:f3:5a:b1:5f:26:00:
                    93:20:88:91:cd:bf:bc:a6:bf:ef:45:ed:c7:76:28:
                    ba:fa:fd:f7:83:9a:9d:42:31:95:d1:bf:77:13:9a:
                    d1:a8:e1:97:c7:e2:9a:73:73:82:ff:06:d3:41:3a:
                    ea:9a:ae:5b:bc:dd:cd:10:a6:4c:d8:f1:c3:0f:3b:
                    fd:f4:96:14:3f:b1:3a:31:8b:f4:5f:24:04:16:57:
                    31:48:c2:bb:8d:a4:6f:a8:43:1e:71:80:80:a2:bc:
                    7b:04:42:68:ce:57:56:12:6e:63:e7:32:92:3e:6e:
                    9e:f9:1c:55:24:8b:9a:9a:51:88:fb:71:8e:07:81:
                    5b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:FC:41:AA:FB:BC:CA:A9:67:11:84:97:45:EF:72:2A:52:60:AC:7E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/qvxBqvu8yqlnEYSXRe9yKlJgrH4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.92.0/22
                IPv6:
                  2a09:7440::/32

    Signature Algorithm: sha256WithRSAEncryption
         7a:38:b1:1a:78:b8:68:24:ba:af:29:38:ce:e0:1a:12:06:03:
         6a:ba:e7:cc:6a:e3:7d:bc:b5:5b:8f:34:3e:41:bb:6e:65:a6:
         f5:bb:21:c8:9c:7b:59:71:65:24:3b:5d:f2:a3:19:69:06:d0:
         01:31:97:37:8c:e2:14:70:27:fe:a6:ed:ee:76:19:74:52:09:
         10:ca:98:85:0f:0d:0b:7d:bb:ec:f9:c5:54:9a:eb:e7:b8:bd:
         f9:b2:a2:59:39:0f:07:86:f0:65:1d:64:48:ae:aa:8c:ad:ba:
         0d:ae:a8:da:2d:d0:0c:8e:2b:e2:4e:ae:f0:1f:a2:bf:eb:03:
         f7:9d:27:e9:36:d7:d2:d7:ba:f2:03:49:4b:da:d5:c2:14:42:
         b1:66:5d:75:7e:75:1c:a1:98:34:ee:80:96:56:20:d4:56:5d:
         42:8f:13:d0:e9:b9:28:47:67:8d:91:56:53:7a:46:fe:3a:e6:
         13:3d:9b:a5:8a:73:92:b3:e5:b3:b6:2f:00:e6:8f:2b:44:14:
         bf:15:24:d9:f2:d5:85:7b:7b:e1:55:42:2c:70:87:e0:a6:29:
         3c:27:34:e4:af:05:14:33:8a:da:82:93:28:a4:10:ff:b3:d0:
         fd:75:58:ab:f0:c5:d5:2f:07:48:5a:6a:ff:4c:8a:49:53:79:
         40:8a:b6:95
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQg1b/zK77zjLTy874vhU7KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDc0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWZjNDFhYWZiYmNjYWE5NjcxMTg0OTc0NWVmNzIyYTUyNjBhYzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBS7Zp35EBEZoRN8/uRpxSXsb3en
bsbpBmUpQ7CKi7X1gD/Pkd+kjpMa3p7ccJelU1FoPpzXQtX8sGop2jkQ+91hC0yb
wccbN45rS0YKyofy2kZ+bKdoL2lD6D5X9o7VYflicq0cu54u+wcJLoU0P7O3dDK1
ZfBkGCaxmTT6YFHzWrFfJgCTIIiRzb+8pr/vRe3Hdii6+v33g5qdQjGV0b93E5rR
qOGXx+Kac3OC/wbTQTrqmq5bvN3NEKZM2PHDDzv99JYUP7E6MYv0XyQEFlcxSMK7
jaRvqEMecYCAorx7BEJozldWEm5j5zKSPm6e+RxVJIuamlGI+3GOB4Fb8wIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFKr8Qar7vMqpZxGEl0XvcipSYKx+MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzY1LzlmZGRk
NC01MjZhLTQ4MDctYjEyNy0xYmMzMWM2MjQwMWYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjUvOWZkZGQ0
LTUyNmEtNDgwNy1iMTI3LTFiYzMxYzYyNDAxZi8xL3F2eEJxdnU4eXFsbkVZU1hS
ZTl5S2xKZ3JINC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCLUNcMA0EAgACMAcDBQAqCXRAMA0GCSqGSIb3
DQEBCwUAA4IBAQB6OLEaeLhoJLqvKTjO4BoSBgNquufMauN9vLVbjzQ+QbtuZab1
uyHInHtZcWUkO13yoxlpBtABMZc3jOIUcCf+pu3udhl0UgkQypiFDw0Lfbvs+cVU
muvnuL35sqJZOQ8HhvBlHWRIrqqMrboNrqjaLdAMjiviTq7wH6K/6wP3nSfpNtfS
17ryA0lL2tXCFEKxZl11fnUcoZg07oCWViDUVl1CjxPQ6bkoR2eNkVZTekb+OuYT
PZulinOSs+Wzti8A5o8rRBS/FSTZ8tWFe3vhVUIscIfgpik8JzTkrwUUM4ragpMo
pBD/s9D9dVir8MXVLwdIWmr/TIpJU3lAiraV
-----END CERTIFICATE-----