Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/rJy1p1bPVPaUZAwR-OC9GbJ5Pak.cer
File:                     rJy1p1bPVPaUZAwR-OC9GbJ5Pak.cer (raw, json)
Hash identifier:          doMBTPIuARitMCePVnk86T2Z47P/w3T0U2ANlFLyJqc=
Subject key identifier:   AC:9C:B5:A7:56:CF:54:F6:94:64:0C:11:F8:E0:BD:19:B2:79:3D:A9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8DF983BD8064529C8A09C77E66F9E04
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f0/f5f2a9-8fbe-4286-bbdd-825692695211/1/rJy1p1bPVPaUZAwR-OC9GbJ5Pak.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f0/f5f2a9-8fbe-4286-bbdd-825692695211/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 06:32:25 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.3.59.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:98:3b:d8:06:45:29:c8:a0:9c:77:e6:6f:9e:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:32:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac9cb5a756cf54f694640c11f8e0bd19b2793da9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:ef:aa:03:54:96:73:ce:36:10:6e:58:72:fd:
                    95:f1:a4:f7:73:46:24:34:6e:bf:00:6b:5e:e3:ae:
                    90:75:4a:06:3b:f7:64:7f:53:74:e9:dc:ba:b9:78:
                    a4:bc:55:7e:eb:a7:42:d3:28:33:ad:a2:fd:fb:d4:
                    38:d9:b2:d0:02:60:c8:7b:1c:ce:6d:b0:ef:ed:de:
                    48:a0:bd:d2:a0:57:8f:65:39:cb:b3:7e:5c:37:bb:
                    44:dd:4e:ad:e6:44:9d:8c:b4:66:8b:9f:43:87:e8:
                    fd:fb:78:50:1a:72:9d:93:35:6d:12:13:92:1f:e4:
                    63:81:f2:14:42:f3:60:ed:cc:85:76:a9:3b:a3:48:
                    be:46:94:70:71:fe:81:71:45:00:bf:ea:f9:e7:4d:
                    b5:a4:3c:0c:c4:16:b2:67:3a:0c:ed:de:f5:2e:f6:
                    a7:6b:ad:4e:9e:e6:50:1c:ad:bd:00:0b:f9:13:44:
                    7a:ab:f9:42:c2:1f:cd:6a:4d:84:f1:d2:d1:4a:c4:
                    0c:e2:a5:87:6a:22:e6:b3:4a:5e:da:ee:31:5f:4c:
                    70:87:d8:a0:e0:66:19:63:a9:ca:d4:dd:f0:9d:84:
                    57:5f:49:42:6d:78:73:e7:40:f7:c5:26:01:fe:c8:
                    62:70:eb:28:d3:69:5d:77:e1:f6:54:ff:79:a9:99:
                    98:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:9C:B5:A7:56:CF:54:F6:94:64:0C:11:F8:E0:BD:19:B2:79:3D:A9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/f5f2a9-8fbe-4286-bbdd-825692695211/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/f5f2a9-8fbe-4286-bbdd-825692695211/1/rJy1p1bPVPaUZAwR-OC9GbJ5Pak.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:27:1f:90:9d:b0:be:44:fe:2b:02:f9:ea:46:6e:82:96:da:
         c8:d0:4c:de:c9:85:3c:dd:f2:ae:e9:1a:e0:6c:2d:15:1c:9b:
         73:f6:5d:fd:af:ed:1d:dc:8c:dc:ed:1a:3e:37:fe:99:c5:c5:
         6b:28:dc:47:4d:bf:5d:bc:44:2c:88:a9:fa:43:5a:ae:50:e7:
         3d:84:25:8e:36:17:82:fc:6a:0f:e2:a6:58:17:6f:92:73:f4:
         70:5e:7c:29:1d:50:c8:3c:48:a6:c6:08:49:f1:c3:df:39:91:
         35:f6:60:0f:74:b1:5d:0d:f3:16:db:a0:4c:b4:43:0a:87:40:
         f4:45:64:a4:e2:42:fb:db:12:b1:4d:0e:de:66:eb:9c:de:00:
         e4:5d:36:2d:3c:79:84:09:33:76:3b:1e:00:57:4e:fc:ff:e6:
         ec:ee:f2:86:f2:49:2d:63:94:11:89:a7:d7:6d:98:92:7e:4f:
         c8:4e:27:7f:fc:68:7e:df:50:c9:73:77:17:52:90:06:d8:71:
         f8:14:a2:a5:bd:3c:60:ce:32:be:36:5e:9c:a8:c5:8c:bd:11:
         47:94:78:26:8d:a9:4f:42:a0:dd:88:84:2d:36:af:6d:cd:6e:
         88:86:e1:80:c5:2d:40:b4:6d:14:ee:f0:fb:60:ca:65:e6:02:
         16:3e:e5:2e
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzI35g72AZFKcignHfmb54EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDYzMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzljYjVhNzU2Y2Y1NGY2OTQ2NDBjMTFmOGUwYmQxOWIyNzkzZGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0++qA1SWc842EG5Ycv2V8aT3c0Yk
NG6/AGte466QdUoGO/dkf1N06dy6uXikvFV+66dC0ygzraL9+9Q42bLQAmDIexzO
bbDv7d5IoL3SoFePZTnLs35cN7tE3U6t5kSdjLRmi59Dh+j9+3hQGnKdkzVtEhOS
H+RjgfIUQvNg7cyFdqk7o0i+RpRwcf6BcUUAv+r55021pDwMxBayZzoM7d71Lvan
a61OnuZQHK29AAv5E0R6q/lCwh/Nak2E8dLRSsQM4qWHaiLms0pe2u4xX0xwh9ig
4GYZY6nK1N3wnYRXX0lCbXhz50D3xSYB/shicOso02ldd+H2VP95qZmYuwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFKyctadWz1T2lGQMEfjgvRmyeT2pMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YwL2Y1ZjJh
OS04ZmJlLTQyODYtYmJkZC04MjU2OTI2OTUyMTEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjAvZjVmMmE5
LThmYmUtNDI4Ni1iYmRkLTgyNTY5MjY5NTIxMS8xL3JKeTFwMWJQVlBhVVpBd1It
T0M5R2JKNVBhay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwQM7MA0GCSqGSIb3DQEBCwUAA4IBAQCnJx+Q
nbC+RP4rAvnqRm6CltrI0EzeyYU83fKu6RrgbC0VHJtz9l39r+0d3Izc7Ro+N/6Z
xcVrKNxHTb9dvEQsiKn6Q1quUOc9hCWONheC/GoP4qZYF2+Sc/RwXnwpHVDIPEim
xghJ8cPfOZE19mAPdLFdDfMW26BMtEMKh0D0RWSk4kL72xKxTQ7eZuuc3gDkXTYt
PHmECTN2Ox4AV078/+bs7vKG8kktY5QRiafXbZiSfk/ITid//Gh+31DJc3cXUpAG
2HH4FKKlvTxgzjK+Nl6cqMWMvRFHlHgmjalPQqDdiIQtNq9tzW6IhuGAxS1AtG0U
7vD7YMpl5gIWPuUu
-----END CERTIFICATE-----