Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/umwdlY_wlMrxNGzGb3FszrbcUAk.cer
File:                     umwdlY_wlMrxNGzGb3FszrbcUAk.cer (raw, json)
Hash identifier:          zPXLc9yOkfKkZfEnmGby561qkqIxNEGjsZaf3RVAlyo=
Subject key identifier:   BA:6C:1D:95:8F:F0:94:CA:F1:34:6C:C6:6F:71:6C:CE:B6:DC:50:09
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194236A4BD86846DC56EAA0DA82E5230C02
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/86/e02035-73ae-4fd2-80c1-e151d4d39b41/1/umwdlY_wlMrxNGzGb3FszrbcUAk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/86/e02035-73ae-4fd2-80c1-e151d4d39b41/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 19:49:16 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 49995
                          IP: 195.178.10.0/23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:4b:d8:68:46:dc:56:ea:a0:da:82:e5:23:0c:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 19:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba6c1d958ff094caf1346cc66f716cceb6dc5009
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:1e:7c:c8:dd:6b:f9:61:34:51:3a:73:00:54:
                    03:4b:90:62:c6:84:56:ca:6e:9b:0c:fa:11:fb:96:
                    57:f6:16:d7:04:8d:9d:74:c7:28:b7:7b:53:e8:43:
                    cd:2e:db:42:61:2e:12:11:bc:2c:8e:f3:7c:ca:d9:
                    b6:e3:a0:d1:bb:39:d3:dd:ff:16:68:09:2f:67:d9:
                    a7:20:af:6c:27:e8:40:5e:f7:b7:12:96:d4:d9:fa:
                    8f:08:80:99:bd:25:f8:14:2c:73:8f:cf:28:fc:64:
                    08:e4:ee:67:b4:1f:e2:23:f1:94:54:63:1e:f5:85:
                    a7:b0:f1:6c:72:3f:9d:bf:2e:94:cc:40:66:72:72:
                    c4:6b:e0:e1:3f:aa:22:4e:c2:2c:fe:ed:34:58:eb:
                    37:15:4a:ba:66:4f:94:91:c9:5e:ae:96:17:d4:57:
                    ac:6c:56:41:9a:41:5a:2f:5f:fa:42:5d:7d:bf:74:
                    db:40:6e:ce:f6:18:5b:fd:e8:fd:f8:d8:aa:71:81:
                    3d:e5:47:b9:2b:c5:37:53:ec:69:3d:40:d0:ef:3e:
                    60:d9:82:ef:18:4e:38:b0:1b:89:10:7f:41:03:33:
                    36:ca:c3:5a:57:7e:5c:ff:20:07:26:96:38:77:d3:
                    e7:ec:7e:86:85:b9:25:a9:61:3c:25:c9:86:1f:8d:
                    c9:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:6C:1D:95:8F:F0:94:CA:F1:34:6C:C6:6F:71:6C:CE:B6:DC:50:09
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/e02035-73ae-4fd2-80c1-e151d4d39b41/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/e02035-73ae-4fd2-80c1-e151d4d39b41/1/umwdlY_wlMrxNGzGb3FszrbcUAk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.178.10.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  49995

    Signature Algorithm: sha256WithRSAEncryption
         01:c8:47:4e:23:08:e4:d5:2c:28:4b:5c:63:bd:86:29:ab:fd:
         89:4a:25:88:80:2a:73:b1:38:e3:18:af:a1:3a:a9:3c:26:01:
         69:58:86:85:74:47:3a:84:31:0f:fa:b1:5b:d7:82:4d:37:02:
         5e:ea:0c:09:0e:07:b5:14:45:af:59:99:c2:d7:76:0c:52:5c:
         f4:26:e1:4f:a6:31:bd:72:ab:8d:3c:1c:b3:04:9d:2c:a7:be:
         63:45:40:cb:53:78:7e:22:e1:51:42:84:f1:2f:94:dd:62:7f:
         5e:69:6e:e5:07:ac:1b:39:f9:14:9b:11:70:28:de:a7:de:30:
         82:69:20:b6:3b:93:90:0b:9a:4c:c6:bd:2c:40:37:b2:50:78:
         bf:a0:ee:cc:71:3b:66:17:7f:22:1a:a3:f8:78:51:55:fa:19:
         7c:98:f8:19:57:b5:42:1f:43:8d:87:24:e1:d7:7b:72:67:0f:
         a2:e6:22:8d:5e:1a:63:39:ff:86:bf:9a:c0:72:61:f5:80:7a:
         c5:88:55:af:fe:96:54:2d:d6:08:1f:cc:16:47:c1:fd:49:fc:
         4e:57:b4:ff:e4:30:f9:b2:5f:0c:b1:2a:f7:18:89:b3:d5:d5:
         8e:cb:26:85:8c:ca:50:6c:e0:04:29:35:b4:65:ba:11:14:c8:
         e3:0b:18:33
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQjakvYaEbcVuqg2oLlIwwCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTk0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTZjMWQ5NThmZjA5NGNhZjEzNDZjYzY2ZjcxNmNjZWI2ZGM1MDA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1x58yN1r+WE0UTpzAFQDS5BixoRW
ym6bDPoR+5ZX9hbXBI2ddMcot3tT6EPNLttCYS4SEbwsjvN8ytm246DRuznT3f8W
aAkvZ9mnIK9sJ+hAXve3EpbU2fqPCICZvSX4FCxzj88o/GQI5O5ntB/iI/GUVGMe
9YWnsPFscj+dvy6UzEBmcnLEa+DhP6oiTsIs/u00WOs3FUq6Zk+UkclerpYX1Fes
bFZBmkFaL1/6Ql19v3TbQG7O9hhb/ej9+NiqcYE95Ue5K8U3U+xpPUDQ7z5g2YLv
GE44sBuJEH9BAzM2ysNaV35c/yAHJpY4d9Pn7H6GhbklqWE8JcmGH43J1QIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFLpsHZWP8JTK8TRsxm9xbM623FAJMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg2L2UwMjAz
NS03M2FlLTRmZDItODBjMS1lMTUxZDRkMzliNDEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODYvZTAyMDM1
LTczYWUtNGZkMi04MGMxLWUxNTFkNGQzOWI0MS8xL3Vtd2RsWV93bE1yeE5Hekdi
M0ZzenJiY1VBay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBw7IKMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDDSzANBgkqhkiG9w0BAQsFAAOCAQEAAchHTiMI5NUsKEtcY72GKav9iUoliIAq
c7E44xivoTqpPCYBaViGhXRHOoQxD/qxW9eCTTcCXuoMCQ4HtRRFr1mZwtd2DFJc
9CbhT6YxvXKrjTwcswSdLKe+Y0VAy1N4fiLhUUKE8S+U3WJ/Xmlu5QesGzn5FJsR
cCjep94wgmkgtjuTkAuaTMa9LEA3slB4v6DuzHE7Zhd/Ihqj+HhRVfoZfJj4GVe1
Qh9DjYck4dd7cmcPouYijV4aYzn/hr+awHJh9YB6xYhVr/6WVC3WCB/MFkfB/Un8
Tle0/+Qw+bJfDLEq9xiJs9XVjssmhYzKUGzgBCk1tGW6ERTI4wsYMw==
-----END CERTIFICATE-----