Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/rot8zxC7hJ_4SOKEG7fAUoEqUB0.cer
File:                     rot8zxC7hJ_4SOKEG7fAUoEqUB0.cer (raw, json)
Hash identifier:          amKmnBnkKNnksmvsZBM4NTRyDqIiS884w/VPK2IV/D8=
Subject key identifier:   AE:8B:7C:CF:10:BB:84:9F:F8:48:E2:84:1B:B7:C0:52:81:2A:50:1D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5013125A9845781973F8367190908D8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c1/2b078e-908a-41a9-b637-3db4a1d4b42c/1/rot8zxC7hJ_4SOKEG7fAUoEqUB0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c1/2b078e-908a-41a9-b637-3db4a1d4b42c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:30:38 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 194.213.108.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:31:25:a9:84:57:81:97:3f:83:67:19:09:08:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae8b7ccf10bb849ff848e2841bb7c052812a501d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:74:a6:d0:57:f9:54:72:ad:89:b8:a3:ad:49:
                    7d:27:41:50:9f:7f:02:fa:9d:ad:7c:a7:6c:3e:31:
                    4b:96:9e:3b:7c:88:f0:a2:a1:b0:4c:2f:61:d7:77:
                    11:50:35:40:53:c8:45:9c:89:ac:e4:22:60:14:a8:
                    22:6e:98:d6:82:4a:3d:c9:d7:8a:9b:7e:20:14:7d:
                    f6:a2:bc:44:b4:a4:4c:7f:cf:83:63:6d:9b:14:8f:
                    69:03:a5:b2:ea:14:62:a5:a0:1b:c1:1f:29:44:e9:
                    58:aa:89:0e:ca:cc:e4:a1:27:95:47:e3:fd:ea:11:
                    74:0c:6d:db:bf:a6:ba:06:fb:37:7a:50:7a:52:78:
                    36:6c:bb:43:bd:f6:5f:ed:c8:e3:e1:04:57:9c:ff:
                    84:62:6b:8c:7b:a6:f4:7a:71:53:e2:82:41:9b:61:
                    47:8d:e9:07:5d:fe:b1:90:64:0c:a1:17:75:db:cc:
                    43:e8:3d:5c:3b:5c:3b:d0:4c:87:c5:5a:2f:31:48:
                    5c:58:9b:ad:ee:57:d9:d1:1c:3f:eb:19:b4:d8:55:
                    d6:46:7c:f1:e1:32:2e:04:6c:13:93:d5:61:7f:22:
                    01:5f:ef:0c:41:47:a9:f7:6b:98:7c:22:d0:28:10:
                    72:15:60:1e:db:5e:f2:ff:b2:d1:40:09:e6:7e:05:
                    09:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:8B:7C:CF:10:BB:84:9F:F8:48:E2:84:1B:B7:C0:52:81:2A:50:1D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/2b078e-908a-41a9-b637-3db4a1d4b42c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/2b078e-908a-41a9-b637-3db4a1d4b42c/1/rot8zxC7hJ_4SOKEG7fAUoEqUB0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.213.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:45:a7:10:7f:b7:d7:55:0e:17:a4:a5:54:79:f8:be:43:12:
         ff:0f:e0:5f:4d:50:f8:70:c4:04:a7:1b:05:67:fc:a3:59:38:
         8d:1a:13:be:9e:4d:4b:2e:fe:d3:a0:5b:6d:ba:3b:f1:60:ed:
         b9:b4:a3:11:9a:99:0d:f4:ab:d4:72:cf:1d:3a:0e:72:31:c1:
         a0:3c:4c:e6:38:f1:91:b6:45:00:de:dd:a6:04:97:8d:34:08:
         58:d3:35:19:a9:04:0f:e2:5b:ec:bd:33:cd:b7:e1:dd:89:ac:
         09:51:38:39:44:da:1e:6d:a6:87:5c:20:6a:7a:61:d5:97:cb:
         a1:3e:83:72:1b:b4:02:71:f8:f2:e9:09:14:c8:64:85:a7:22:
         c8:31:c9:3a:3e:5b:71:9d:0d:34:bb:b1:0f:16:d5:53:a6:fe:
         13:33:bd:85:23:e3:f5:09:fc:87:9b:f8:e8:a5:57:7d:8f:12:
         ae:39:d9:47:f8:cf:fe:7f:68:33:72:55:78:c2:02:41:33:32:
         34:e7:6b:9a:40:a8:48:3d:d5:f4:28:89:26:a1:b3:da:ca:d1:
         b6:36:a7:29:80:4f:39:44:45:0b:cd:dd:23:8d:52:79:b1:b9:
         ae:3c:27:4f:4f:a1:e5:bc:90:a6:be:b1:dc:ee:6a:5f:bd:f7:
         ef:73:d9:09
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzFATElqYRXgZc/g2cZCQjYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZThiN2NjZjEwYmI4NDlmZjg0OGUyODQxYmI3YzA1MjgxMmE1MDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxnSm0Ff5VHKtibijrUl9J0FQn38C
+p2tfKdsPjFLlp47fIjwoqGwTC9h13cRUDVAU8hFnIms5CJgFKgibpjWgko9ydeK
m34gFH32orxEtKRMf8+DY22bFI9pA6Wy6hRipaAbwR8pROlYqokOyszkoSeVR+P9
6hF0DG3bv6a6Bvs3elB6Ung2bLtDvfZf7cjj4QRXnP+EYmuMe6b0enFT4oJBm2FH
jekHXf6xkGQMoRd128xD6D1cO1w70EyHxVovMUhcWJut7lfZ0Rw/6xm02FXWRnzx
4TIuBGwTk9VhfyIBX+8MQUep92uYfCLQKBByFWAe217y/7LRQAnmfgUJvQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFK6LfM8Qu4Sf+EjihBu3wFKBKlAdMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MxLzJiMDc4
ZS05MDhhLTQxYTktYjYzNy0zZGI0YTFkNGI0MmMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzEvMmIwNzhl
LTkwOGEtNDFhOS1iNjM3LTNkYjRhMWQ0YjQyYy8xL3JvdDh6eEM3aEpfNFNPS0VH
N2ZBVW9FcVVCMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwtVsMA0GCSqGSIb3DQEBCwUAA4IBAQCxRacQ
f7fXVQ4XpKVUefi+QxL/D+BfTVD4cMQEpxsFZ/yjWTiNGhO+nk1LLv7ToFttujvx
YO25tKMRmpkN9KvUcs8dOg5yMcGgPEzmOPGRtkUA3t2mBJeNNAhY0zUZqQQP4lvs
vTPNt+HdiawJUTg5RNoebaaHXCBqemHVl8uhPoNyG7QCcfjy6QkUyGSFpyLIMck6
PltxnQ00u7EPFtVTpv4TM72FI+P1CfyHm/jopVd9jxKuOdlH+M/+f2gzclV4wgJB
MzI052uaQKhIPdX0KIkmobPaytG2NqcpgE85REULzd0jjVJ5sbmuPCdPT6HlvJCm
vrHc7mpfvffvc9kJ
-----END CERTIFICATE-----