Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/vTvLhii9vq2xlKI1rEuMi3EeN9E.cer
File:                     vTvLhii9vq2xlKI1rEuMi3EeN9E.cer (raw, json)
Hash identifier:          wAycxKTAhoo/zhjuZO7Sdznekt5iESAUGI7/hrXme0c=
Subject key identifier:   BD:3B:CB:86:28:BD:BE:AD:B1:94:A2:35:AC:4B:8C:8B:71:1E:37:D1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942143DB95D61CB3EC63B23E1E83598F46
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e8/28c2b7-667e-4def-b415-7b4adeb7a4b5/1/vTvLhii9vq2xlKI1rEuMi3EeN9E.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e8/28c2b7-667e-4def-b415-7b4adeb7a4b5/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 09:48:02 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 62309
                          IP: 2001:67c:af0::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:db:95:d6:1c:b3:ec:63:b2:3e:1e:83:59:8f:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 09:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd3bcb8628bdbeadb194a235ac4b8c8b711e37d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:99:17:46:8c:ba:25:7a:93:7a:98:5f:ce:1a:
                    a5:b8:9f:97:5a:47:33:52:f2:e0:7f:b9:0e:15:d1:
                    5b:67:06:be:92:7e:49:c7:dd:a6:a8:8f:34:99:09:
                    cb:71:67:4c:3f:1a:b4:e7:32:82:cb:05:be:82:6e:
                    dc:8c:54:69:fc:43:26:80:69:99:64:01:f4:ce:d6:
                    94:47:d0:8a:67:e0:e4:4a:b6:60:79:17:bb:fd:ed:
                    1c:e1:5c:8b:4c:90:46:bd:4b:ef:d6:1c:c8:04:a6:
                    df:66:bf:ba:52:d8:0f:07:13:6b:ae:ea:c4:53:cf:
                    d0:5f:ca:5c:2a:69:82:3f:87:34:09:75:33:87:19:
                    40:6e:6e:ff:f6:86:42:1a:d2:ad:e1:1e:56:27:4a:
                    a4:19:00:96:9c:9e:79:8b:17:fc:3a:b3:d6:46:64:
                    a4:22:fb:89:e1:d2:49:3b:79:89:b4:f1:ed:fe:a2:
                    45:2a:5d:f0:52:db:e7:12:30:9f:5a:2b:b9:ab:e2:
                    a3:2a:6a:46:9d:65:c2:ab:74:05:9f:2f:2c:cc:57:
                    f7:a8:38:95:2a:42:64:19:32:3b:e6:c4:3c:fd:f6:
                    3f:ee:2c:80:36:b8:ce:01:fd:7b:95:75:10:bc:1b:
                    72:1b:26:4d:7d:70:a8:90:3b:94:37:9a:ec:22:33:
                    d5:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:3B:CB:86:28:BD:BE:AD:B1:94:A2:35:AC:4B:8C:8B:71:1E:37:D1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/28c2b7-667e-4def-b415-7b4adeb7a4b5/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/28c2b7-667e-4def-b415-7b4adeb7a4b5/1/vTvLhii9vq2xlKI1rEuMi3EeN9E.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:af0::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  62309

    Signature Algorithm: sha256WithRSAEncryption
         2f:f3:30:ad:45:b8:ff:59:7d:a7:ac:ef:71:ce:3f:76:db:ce:
         5b:5c:8b:8c:84:e1:c6:8d:8a:3c:32:20:1c:57:d8:5f:e6:7d:
         b0:17:1a:4e:0a:56:04:91:a0:d0:49:bc:88:33:87:58:3b:8d:
         89:0c:36:ca:37:4c:d5:8b:8d:c5:1e:97:38:6d:58:99:9a:66:
         e3:ee:cf:23:0e:61:7a:cc:12:fb:e2:e9:39:52:e9:11:36:69:
         42:2e:f2:94:88:77:45:fc:33:89:31:fd:3a:82:ab:6c:78:80:
         fc:cc:ea:f1:5d:60:b0:b8:eb:45:59:2b:7b:6e:45:42:8d:12:
         7c:3a:94:a8:29:37:e0:7c:8b:58:e0:77:d7:fc:1d:09:7f:2c:
         2e:e8:24:1b:ea:ff:31:ec:3f:f7:9d:fb:6b:a0:d2:bd:10:9c:
         d7:cb:5a:1a:f3:d6:d9:07:0f:8b:d5:c5:20:67:73:44:25:c4:
         e1:c9:82:06:27:5c:92:bc:f0:66:46:81:9d:a1:e0:c6:ee:6f:
         91:f9:43:9c:cc:ab:e2:9b:db:f0:09:0f:6a:48:3c:05:43:5a:
         ec:1c:67:57:d5:c6:10:76:c3:53:a3:73:98:8c:b0:99:8a:9f:
         7e:1c:4d:50:1c:4a:d2:43:48:ea:d4:22:71:aa:42:80:30:54:
         23:45:24:38
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZQhQ9uV1hyz7GOyPh6DWY9GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDk0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDNiY2I4NjI4YmRiZWFkYjE5NGEyMzVhYzRiOGM4YjcxMWUzN2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5kXRoy6JXqTephfzhqluJ+XWkcz
UvLgf7kOFdFbZwa+kn5Jx92mqI80mQnLcWdMPxq05zKCywW+gm7cjFRp/EMmgGmZ
ZAH0ztaUR9CKZ+DkSrZgeRe7/e0c4VyLTJBGvUvv1hzIBKbfZr+6UtgPBxNrrurE
U8/QX8pcKmmCP4c0CXUzhxlAbm7/9oZCGtKt4R5WJ0qkGQCWnJ55ixf8OrPWRmSk
IvuJ4dJJO3mJtPHt/qJFKl3wUtvnEjCfWiu5q+KjKmpGnWXCq3QFny8szFf3qDiV
KkJkGTI75sQ8/fY/7iyANrjOAf17lXUQvBtyGyZNfXCokDuUN5rsIjPVZQIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFL07y4Yovb6tsZSiNaxLjItxHjfRMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U4LzI4YzJi
Ny02NjdlLTRkZWYtYjQxNS03YjRhZGViN2E0YjUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTgvMjhjMmI3
LTY2N2UtNGRlZi1iNDE1LTdiNGFkZWI3YTRiNS8xL3ZUdkxoaWk5dnEyeGxLSTFy
RXVNaTNFZU45RS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfArwMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwDzZTANBgkqhkiG9w0BAQsFAAOCAQEAL/MwrUW4/1l9p6zvcc4/dtvOW1yL
jIThxo2KPDIgHFfYX+Z9sBcaTgpWBJGg0Em8iDOHWDuNiQw2yjdM1YuNxR6XOG1Y
mZpm4+7PIw5heswS++LpOVLpETZpQi7ylIh3RfwziTH9OoKrbHiA/Mzq8V1gsLjr
RVkre25FQo0SfDqUqCk34HyLWOB31/wdCX8sLugkG+r/Mew/9537a6DSvRCc18ta
GvPW2QcPi9XFIGdzRCXE4cmCBidckrzwZkaBnaHgxu5vkflDnMyr4pvb8AkPakg8
BUNa7BxnV9XGEHbDU6NzmIywmYqffhxNUBxK0kNI6tQicapCgDBUI0UkOA==
-----END CERTIFICATE-----