Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/sxxM5mPh7CRedHzYRvGmnduDSzs.cer
File:                     sxxM5mPh7CRedHzYRvGmnduDSzs.cer (raw, json)
Hash identifier:          1/iMoAQNfbglhZjw4W91BYpeYPD9Bi7q8rSLuzVPu4U=
Subject key identifier:   B3:1C:4C:E6:63:E1:EC:24:5E:74:7C:D8:46:F1:A6:9D:DB:83:4B:3B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0193207287075FA0FDBC0853A1015D261B7A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/sxxM5mPh7CRedHzYRvGmnduDSzs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 12 Nov 2024 12:56:36 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.216.71.0/24
                          IP: 2a14:1cc0::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:20:72:87:07:5f:a0:fd:bc:08:53:a1:01:5d:26:1b:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Nov 12 12:56:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b31c4ce663e1ec245e747cd846f1a69ddb834b3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:3f:2e:5d:61:b9:ac:03:71:c6:78:3b:d7:12:
                    20:a6:a0:2f:ed:3b:38:3f:ee:b6:aa:9a:3d:dd:aa:
                    20:dc:c2:56:d2:0b:42:c1:e8:9c:4d:75:e9:04:e8:
                    fc:60:64:7c:49:26:d0:37:41:fd:50:04:61:24:ee:
                    a7:13:9f:bd:be:36:9d:78:36:b5:ad:07:8d:50:03:
                    89:e8:33:4e:ec:14:9f:2c:7e:1a:70:72:18:d0:b6:
                    e4:7e:2f:2a:71:0c:a3:5b:14:97:9e:f7:bb:de:cf:
                    0c:84:6b:53:64:f7:51:c6:80:1d:07:5d:20:8c:f5:
                    76:5b:f1:b8:e7:64:d5:44:9f:df:49:b5:5f:f5:5e:
                    13:f2:dc:8a:c7:3e:22:09:83:d2:38:ed:a8:c6:3e:
                    75:53:ca:d5:22:f0:a9:9f:a1:dd:e9:7b:d6:2a:28:
                    15:37:2c:7d:8c:4a:2c:8a:11:1b:67:9b:28:8f:9a:
                    36:72:2c:42:3a:c1:c3:2d:45:86:02:cd:14:35:1f:
                    93:ce:22:af:ec:bf:72:f7:bb:ba:5b:65:bf:a0:70:
                    47:bd:e0:15:68:fa:f1:48:4a:c6:d4:a2:89:93:d0:
                    51:b3:fb:9e:45:5a:17:fe:f6:e5:e7:95:14:52:12:
                    bf:fb:35:bb:77:14:b0:88:92:23:3f:ac:3f:28:9a:
                    3b:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:1C:4C:E6:63:E1:EC:24:5E:74:7C:D8:46:F1:A6:9D:DB:83:4B:3B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/sxxM5mPh7CRedHzYRvGmnduDSzs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.71.0/24
                IPv6:
                  2a14:1cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         42:93:43:2b:28:e1:17:8b:8a:74:c5:7d:68:f1:92:8a:b7:1b:
         ce:ec:a5:5b:30:b1:ff:2f:c5:e0:1e:2a:b6:83:53:5a:3f:47:
         0d:a7:07:02:de:4a:64:3e:a3:6e:e4:d9:eb:a7:c6:70:c5:26:
         82:b7:39:de:ea:a7:4e:18:eb:d0:09:6c:0a:f1:b9:24:a1:81:
         15:42:24:ec:7b:ed:44:84:ee:6e:28:01:c1:7e:52:5c:36:07:
         32:24:36:d1:49:df:3b:1e:65:06:18:c0:7d:2e:be:ae:d5:4e:
         00:e9:1d:8d:9b:a9:b1:b3:92:23:ff:c1:c1:f2:71:45:f7:2b:
         bf:81:fa:97:d5:15:11:7c:f3:1a:27:97:6c:a6:69:6a:1f:9b:
         37:c2:cd:8c:25:2e:9a:76:6b:d8:05:92:ca:a5:09:ea:71:1f:
         15:c3:13:2b:27:cc:f9:c7:a6:67:e4:e4:19:17:ae:ba:6a:48:
         0e:02:7c:32:22:8e:83:b7:00:27:3a:f9:48:5d:79:b5:0b:bb:
         d9:ef:52:19:4d:96:2a:f8:7b:56:bc:8c:12:29:88:8a:03:15:
         68:7e:1d:b2:a5:be:e0:16:df:35:97:8c:01:f9:db:ba:b4:62:
         8d:f6:14:3c:e0:3f:6a:49:3f:6a:1d:ad:19:e3:b5:b1:ef:62:
         f1:ed:de:dc
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZMgcocHX6D9vAhToQFdJht6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQxMTEyMTI1NjM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzFjNGNlNjYzZTFlYzI0NWU3NDdjZDg0NmYxYTY5ZGRiODM0YjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmT8uXWG5rANxxng71xIgpqAv7Ts4
P+62qpo93aog3MJW0gtCweicTXXpBOj8YGR8SSbQN0H9UARhJO6nE5+9vjadeDa1
rQeNUAOJ6DNO7BSfLH4acHIY0Lbkfi8qcQyjWxSXnve73s8MhGtTZPdRxoAdB10g
jPV2W/G452TVRJ/fSbVf9V4T8tyKxz4iCYPSOO2oxj51U8rVIvCpn6Hd6XvWKigV
Nyx9jEosihEbZ5soj5o2cixCOsHDLUWGAs0UNR+TziKv7L9y97u6W2W/oHBHveAV
aPrxSErG1KKJk9BRs/ueRVoX/vbl55UUUhK/+zW7dxSwiJIjP6w/KJo7VQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFLMcTOZj4ewkXnR82Ebxpp3bg0s7MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdjLzg0ZDQ3
Ni0zMjMzLTQxMzEtOGZmYy00NjVhZGMyOTU5ZjIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2MvODRkNDc2
LTMyMzMtNDEzMS04ZmZjLTQ2NWFkYzI5NTlmMi8xL3N4eE01bVBoN0NSZWRIellS
dkdtbmR1RFN6cy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAW9hHMA0EAgACMAcDBQMqFBzAMA0GCSqGSIb3
DQEBCwUAA4IBAQBCk0MrKOEXi4p0xX1o8ZKKtxvO7KVbMLH/L8XgHiq2g1NaP0cN
pwcC3kpkPqNu5Nnrp8ZwxSaCtzne6qdOGOvQCWwK8bkkoYEVQiTse+1EhO5uKAHB
flJcNgcyJDbRSd87HmUGGMB9Lr6u1U4A6R2Nm6mxs5Ij/8HB8nFF9yu/gfqX1RUR
fPMaJ5dspmlqH5s3ws2MJS6admvYBZLKpQnqcR8VwxMrJ8z5x6Zn5OQZF666akgO
AnwyIo6DtwAnOvlIXXm1C7vZ71IZTZYq+HtWvIwSKYiKAxVofh2ypb7gFt81l4wB
+du6tGKN9hQ84D9qST9qHa0Z47Wx72Lx7d7c
-----END CERTIFICATE-----