Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/sTI2xNBokx4LRMmLKQqPqlVKA7k.cer
File:                     sTI2xNBokx4LRMmLKQqPqlVKA7k.cer (raw, json)
Hash identifier:          dJKzCUQ8PKgJc6Yf7tRJqcK5ZgS+Dx8rLh1B0m5bqC0=
Subject key identifier:   B1:32:36:C4:D0:68:93:1E:0B:44:C9:8B:29:0A:8F:AA:55:4A:03:B9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0190FE6F6AEBD67E0F9EBDA52A354BF415D1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/aa/5729fa-59dd-4346-8c00-2dd11984b35f/1/sTI2xNBokx4LRMmLKQqPqlVKA7k.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/aa/5729fa-59dd-4346-8c00-2dd11984b35f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 29 Jul 2024 12:20:33 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 214458

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:fe:6f:6a:eb:d6:7e:0f:9e:bd:a5:2a:35:4b:f4:15:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jul 29 12:20:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b13236c4d068931e0b44c98b290a8faa554a03b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:ba:20:20:a4:ec:59:e2:40:cb:6c:33:47:c4:
                    84:8f:1e:c7:d6:1b:99:d4:34:6d:f2:b9:c6:c0:ee:
                    b4:db:6c:64:4c:70:ec:7e:1c:54:59:0c:71:8b:0f:
                    40:d7:d2:82:40:3c:c7:e5:89:2a:1a:c3:1a:24:be:
                    76:9b:ab:bd:8c:05:95:44:c5:bd:7a:61:f8:2d:01:
                    14:d0:a2:bb:73:72:6e:cf:8c:3c:01:89:a3:e5:c6:
                    53:51:0e:19:53:c1:2e:88:c6:ba:b0:a7:47:b7:0a:
                    de:a5:d4:da:03:2c:fc:0e:99:81:34:b9:93:1f:89:
                    67:d2:21:b2:00:39:08:2c:cf:1b:df:8e:34:e8:a7:
                    67:50:46:f7:54:eb:ff:92:37:35:c3:f3:46:dd:82:
                    58:0b:e4:da:51:51:a9:80:4e:bd:35:36:bf:2b:f1:
                    c1:f4:35:20:5d:ea:9b:ed:84:c0:2f:da:c5:91:e1:
                    cc:ed:15:3d:7c:3e:85:41:d9:02:4a:fb:57:84:77:
                    42:5d:95:fc:f1:77:bb:37:a2:5f:29:6c:84:72:90:
                    22:d4:d0:84:87:b3:d0:29:33:8c:bc:ef:df:45:23:
                    76:7e:e9:6e:03:66:d0:66:28:4b:af:c2:9f:56:89:
                    88:4c:3e:76:40:05:21:e5:30:ef:d6:a9:1d:da:ff:
                    2e:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:32:36:C4:D0:68:93:1E:0B:44:C9:8B:29:0A:8F:AA:55:4A:03:B9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/5729fa-59dd-4346-8c00-2dd11984b35f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/5729fa-59dd-4346-8c00-2dd11984b35f/1/sTI2xNBokx4LRMmLKQqPqlVKA7k.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214458

    Signature Algorithm: sha256WithRSAEncryption
         0a:e8:f0:33:09:7a:ff:31:cd:77:68:e9:dd:c7:e0:24:13:62:
         88:e7:4b:02:74:6c:7d:1e:b7:be:e3:87:48:16:33:39:77:ec:
         45:f7:96:1b:5a:3a:b4:2a:a9:72:a7:8d:53:40:92:51:d7:15:
         5e:e3:f8:eb:07:9e:1f:4a:aa:02:14:cb:d4:70:43:50:b0:4b:
         35:3d:82:7a:42:4c:1e:0a:4c:2a:f3:86:98:0e:c6:1f:31:bf:
         44:fb:17:af:78:fd:76:7a:5d:03:d5:f7:f2:d4:76:a7:3a:37:
         4f:12:f2:4e:43:1d:53:9f:3c:6b:2e:7f:34:8b:e0:8f:34:af:
         fd:3a:a5:7a:cc:90:45:c3:42:12:b9:eb:a4:9d:00:24:9c:55:
         e8:b5:16:d6:eb:5f:5d:2e:5e:61:ef:25:15:3f:ef:76:72:d8:
         2d:b4:3b:ce:24:eb:77:f1:ce:11:89:80:bc:56:2a:5c:bf:34:
         6d:73:34:a9:62:f9:81:e7:9d:f9:00:af:ad:c7:e0:7f:d7:c8:
         38:9f:8b:a5:8f:de:c0:34:69:ac:56:68:47:cf:25:d4:69:5d:
         c7:4c:8b:ca:4c:03:74:d0:0f:21:af:1d:b5:a5:eb:fa:4c:fe:
         2c:07:8d:4b:11:1f:68:d0:72:88:ac:03:75:82:34:c6:59:28:
         b3:5e:ba:0d
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZD+b2rr1n4Pnr2lKjVL9BXRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNzI5MTIyMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTMyMzZjNGQwNjg5MzFlMGI0NGM5OGIyOTBhOGZhYTU1NGEwM2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+rogIKTsWeJAy2wzR8SEjx7H1huZ
1DRt8rnGwO6022xkTHDsfhxUWQxxiw9A19KCQDzH5YkqGsMaJL52m6u9jAWVRMW9
emH4LQEU0KK7c3Juz4w8AYmj5cZTUQ4ZU8EuiMa6sKdHtwrepdTaAyz8DpmBNLmT
H4ln0iGyADkILM8b34406KdnUEb3VOv/kjc1w/NG3YJYC+TaUVGpgE69NTa/K/HB
9DUgXeqb7YTAL9rFkeHM7RU9fD6FQdkCSvtXhHdCXZX88Xe7N6JfKWyEcpAi1NCE
h7PQKTOMvO/fRSN2fuluA2bQZihLr8KfVomITD52QAUh5TDv1qkd2v8uGwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFLEyNsTQaJMeC0TJiykKj6pVSgO5MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2FhLzU3Mjlm
YS01OWRkLTQzNDYtOGMwMC0yZGQxMTk4NGIzNWYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWEvNTcyOWZh
LTU5ZGQtNDM0Ni04YzAwLTJkZDExOTg0YjM1Zi8xL3NUSTJ4TkJva3g0TFJNbUxL
UXFQcWxWS0E3ay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNFujANBgkqhkiG9w0BAQsFAAOCAQEACujwMwl6/zHN
d2jp3cfgJBNiiOdLAnRsfR63vuOHSBYzOXfsRfeWG1o6tCqpcqeNU0CSUdcVXuP4
6weeH0qqAhTL1HBDULBLNT2CekJMHgpMKvOGmA7GHzG/RPsXr3j9dnpdA9X38tR2
pzo3TxLyTkMdU588ay5/NIvgjzSv/TqlesyQRcNCErnrpJ0AJJxV6LUW1utfXS5e
Ye8lFT/vdnLYLbQ7ziTrd/HOEYmAvFYqXL80bXM0qWL5geed+QCvrcfgf9fIOJ+L
pY/ewDRprFZoR88l1Gldx0yLykwDdNAPIa8dtaXr+kz+LAeNSxEfaNByiKwDdYI0
xlkos166DQ==
-----END CERTIFICATE-----