Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/sx0cKJHYgEaaINi38Y5M2GVDAEY.cer
File:                     sx0cKJHYgEaaINi38Y5M2GVDAEY.cer (raw, json)
Hash identifier:          vklfREBQYPOOXc9nAajMV0MFKN0ZwJoXRxA0e6Yzp4I=
Subject key identifier:   B3:1D:1C:28:91:D8:80:46:9A:20:D8:B7:F1:8E:4C:D8:65:43:00:46
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0192BCD20E730C8BFCDB7C36514281AF6ECA
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/23/775017-a45b-4637-a3a0-af1a0e00f823/1/sx0cKJHYgEaaINi38Y5M2GVDAEY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/23/775017-a45b-4637-a3a0-af1a0e00f823/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 24 Oct 2024 04:38:55 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 92.51.224.0/21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:bc:d2:0e:73:0c:8b:fc:db:7c:36:51:42:81:af:6e:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Oct 24 04:38:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b31d1c2891d880469a20d8b7f18e4cd865430046
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:01:c8:cf:c0:58:c8:90:f3:e9:88:be:88:73:
                    24:2c:d9:11:8d:a3:04:76:84:76:2b:d9:8d:d4:ac:
                    90:e6:68:50:4a:f5:55:66:8d:39:45:9c:4e:29:6b:
                    3b:e8:a3:9c:14:82:ac:a4:d2:ca:7c:ea:ed:f0:fa:
                    8b:77:01:ce:e5:5d:10:bc:ed:03:af:38:3d:0d:c9:
                    7b:82:5b:9c:de:9c:98:cb:46:26:4b:e7:eb:0b:5b:
                    20:c9:16:0d:ec:93:95:b0:fd:93:48:58:a6:49:d8:
                    c7:bb:bd:41:b7:9e:b6:47:bd:51:c5:f7:05:5b:aa:
                    44:79:34:4e:2b:db:30:1c:d3:69:b5:d3:a5:8a:37:
                    e7:e7:2b:ad:b5:8e:ca:d0:81:0c:80:7c:2b:8d:bb:
                    75:00:88:f0:50:a7:a2:21:05:23:95:f2:db:f0:6c:
                    dc:f2:8e:1f:71:92:96:ae:6e:4f:a6:fd:c5:28:00:
                    1f:a4:a5:7e:55:12:35:b7:30:15:62:4b:21:e2:57:
                    b1:78:d4:8f:10:f0:1f:c7:f7:35:fd:3d:fe:1b:a2:
                    7f:b7:a3:10:f8:a6:1a:c0:d4:ab:7d:76:97:59:ef:
                    55:47:7a:1f:ba:96:c4:cd:a5:7b:8c:32:4b:b7:9f:
                    86:ae:16:ee:f5:f1:ea:5c:7d:93:65:5c:d8:1c:e7:
                    e0:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:1D:1C:28:91:D8:80:46:9A:20:D8:B7:F1:8E:4C:D8:65:43:00:46
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/775017-a45b-4637-a3a0-af1a0e00f823/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/775017-a45b-4637-a3a0-af1a0e00f823/1/sx0cKJHYgEaaINi38Y5M2GVDAEY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.51.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         19:1e:8f:a4:7b:d9:9b:e3:79:24:14:07:3d:8e:cb:29:3a:1f:
         d2:b7:30:f6:c9:5a:72:28:9a:75:a1:dc:4d:bb:75:5e:cc:71:
         be:40:98:40:e9:db:15:96:a8:52:e4:e6:b7:fc:eb:ea:08:74:
         95:b0:18:2f:42:8f:a1:57:da:85:ee:5c:ad:e9:e2:9d:2a:88:
         82:97:c4:b9:ac:1a:1a:d4:c5:a3:80:56:6f:ce:3c:87:12:c5:
         76:e7:bd:80:83:e7:53:e9:9d:d6:91:a7:10:63:0a:ca:3d:c7:
         db:2b:dc:df:03:3b:59:ec:70:c9:c7:69:de:e1:3a:61:20:3e:
         6d:f2:7e:8a:d6:0d:a2:90:da:c6:e4:bf:f7:21:b0:e2:de:16:
         f2:c7:60:d6:0d:f1:cb:5e:ae:57:84:5a:ef:7b:28:9c:c5:bd:
         ce:a5:cc:ef:06:c7:95:f4:c1:e6:fa:43:eb:c2:ff:cf:d1:d5:
         35:da:46:a1:d0:9f:3d:74:2f:64:98:7d:69:38:f8:99:2d:1c:
         a3:0f:9b:c8:08:e7:ba:36:4c:94:cb:96:b0:3b:f2:eb:9e:f8:
         52:21:24:4d:a5:8e:d3:f6:74:96:b9:34:4b:c7:93:2f:a4:51:
         c5:6f:6a:7b:18:36:ed:16:3d:1a:74:7f:b9:ee:dc:46:91:64:
         59:02:79:86
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZK80g5zDIv823w2UUKBr27KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQxMDI0MDQzODU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzFkMWMyODkxZDg4MDQ2OWEyMGQ4YjdmMThlNGNkODY1NDMwMDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAHIz8BYyJDz6Yi+iHMkLNkRjaME
doR2K9mN1KyQ5mhQSvVVZo05RZxOKWs76KOcFIKspNLKfOrt8PqLdwHO5V0QvO0D
rzg9Dcl7gluc3pyYy0YmS+frC1sgyRYN7JOVsP2TSFimSdjHu71Bt562R71RxfcF
W6pEeTROK9swHNNptdOlijfn5yuttY7K0IEMgHwrjbt1AIjwUKeiIQUjlfLb8Gzc
8o4fcZKWrm5Ppv3FKAAfpKV+VRI1tzAVYksh4lexeNSPEPAfx/c1/T3+G6J/t6MQ
+KYawNSrfXaXWe9VR3ofupbEzaV7jDJLt5+Grhbu9fHqXH2TZVzYHOfgKQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFLMdHCiR2IBGmiDYt/GOTNhlQwBGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzIzLzc3NTAx
Ny1hNDViLTQ2MzctYTNhMC1hZjFhMGUwMGY4MjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMvNzc1MDE3
LWE0NWItNDYzNy1hM2EwLWFmMWEwZTAwZjgyMy8xL3N4MGNLSkhZZ0VhYUlOaTM4
WTVNMkdWREFFWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQDXDPgMA0GCSqGSIb3DQEBCwUAA4IBAQAZHo+k
e9mb43kkFAc9jsspOh/StzD2yVpyKJp1odxNu3VezHG+QJhA6dsVlqhS5Oa3/Ovq
CHSVsBgvQo+hV9qF7lyt6eKdKoiCl8S5rBoa1MWjgFZvzjyHEsV2572Ag+dT6Z3W
kacQYwrKPcfbK9zfAztZ7HDJx2ne4TphID5t8n6K1g2ikNrG5L/3IbDi3hbyx2DW
DfHLXq5XhFrveyicxb3OpczvBseV9MHm+kPrwv/P0dU12kah0J89dC9kmH1pOPiZ
LRyjD5vICOe6NkyUy5awO/LrnvhSISRNpY7T9nSWuTRLx5MvpFHFb2p7GDbtFj0a
dH+57txGkWRZAnmG
-----END CERTIFICATE-----