Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/vZdNyMZF7SNRRcqqE1W6hfUldjQ.cer
File:                     vZdNyMZF7SNRRcqqE1W6hfUldjQ.cer (raw, json)
Hash identifier:          uOCnpTIxikifcVTaDZcD6qKUN0tefxDHjZq1UZ08RcU=
Subject key identifier:   BD:97:4D:C8:C6:45:ED:23:51:45:CA:AA:13:55:BA:85:F5:25:76:34
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC726F2FE3FC5CD0DAFBC3BA0EC6A3D5F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/3f/88c5b7-b126-4ed3-9d7a-e5ba4bfa171a/1/vZdNyMZF7SNRRcqqE1W6hfUldjQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/3f/88c5b7-b126-4ed3-9d7a-e5ba4bfa171a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 22:31:07 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 48724
                          IP: 2001:67c:2e4c::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:f2:fe:3f:c5:cd:0d:af:bc:3b:a0:ec:6a:3d:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd974dc8c645ed235145caaa1355ba85f5257634
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:08:43:4e:d1:63:a5:3d:db:d2:55:01:b4:80:
                    00:e6:a8:86:e8:a4:9e:be:5b:be:09:c0:fd:16:57:
                    73:ca:12:27:f8:a9:c0:3e:cf:9c:69:a4:bf:46:e5:
                    77:d1:37:ba:a9:6f:b2:ef:67:9f:1d:b7:b4:6d:c5:
                    9f:9d:26:1a:c4:26:23:d5:97:1f:86:9d:ab:86:c2:
                    0e:1a:c7:51:d6:75:a4:b8:c6:f4:73:15:b3:fa:5b:
                    4e:12:a7:49:66:f9:ca:aa:ff:d9:89:4e:b8:f3:0b:
                    f4:33:8f:15:ee:14:d8:e4:e3:2d:97:f5:34:e3:8e:
                    c3:07:51:ac:79:13:68:6c:a5:a2:d2:37:62:41:da:
                    99:43:e0:84:ec:49:e8:08:80:51:c9:4b:fd:6c:1a:
                    e3:1f:75:1e:49:d7:0e:04:8b:69:94:fe:ec:79:99:
                    2c:b3:e0:cc:5b:fa:06:b8:54:ee:96:bd:06:ad:5d:
                    b8:81:e2:c7:86:d6:df:fe:86:2a:48:03:34:ca:64:
                    76:f0:99:77:4c:00:82:21:3a:63:e9:f7:14:e0:60:
                    fb:82:ff:c9:aa:bb:93:58:c6:77:56:b3:62:3a:50:
                    ee:65:4a:72:e5:cb:81:d6:6f:49:93:64:05:1d:bf:
                    58:aa:ee:f4:e7:c4:25:ec:97:0e:5c:12:f2:5a:00:
                    13:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:97:4D:C8:C6:45:ED:23:51:45:CA:AA:13:55:BA:85:F5:25:76:34
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/88c5b7-b126-4ed3-9d7a-e5ba4bfa171a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/88c5b7-b126-4ed3-9d7a-e5ba4bfa171a/1/vZdNyMZF7SNRRcqqE1W6hfUldjQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2e4c::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  48724

    Signature Algorithm: sha256WithRSAEncryption
         8c:bc:41:12:31:52:d3:a1:18:43:43:11:6a:34:cc:95:e0:c9:
         d0:3a:a1:17:3a:bf:39:4a:9d:93:91:f7:e9:21:3e:36:de:9f:
         8c:c3:0a:7a:c7:b4:87:46:a7:ad:e2:74:aa:0b:2b:82:8a:44:
         3f:3a:27:e8:b6:74:c5:e6:9c:6b:07:3f:97:66:95:1c:00:8d:
         c4:98:dd:49:72:4a:4d:75:0c:08:95:a9:bc:15:8d:9a:26:08:
         a2:1e:f3:d6:e6:ab:cf:84:02:a3:e5:94:ff:cc:c4:04:d0:e1:
         63:b4:fd:99:66:44:2c:08:d5:e4:1d:43:91:00:15:2c:ad:d0:
         fe:dd:36:b8:96:29:2a:3b:1b:16:00:fe:8c:c9:b6:5a:fe:2d:
         e8:aa:16:23:a0:e0:7b:9b:38:42:db:ff:df:0e:d1:1f:10:73:
         7e:65:1a:f5:8c:08:d0:da:c8:7f:fc:26:09:10:39:f9:eb:a8:
         06:96:71:45:7b:61:e7:06:04:35:fd:bb:8f:9f:3c:65:b4:6e:
         a9:e5:9d:97:dd:d1:69:05:c6:5d:67:5b:31:b4:07:a0:83:de:
         93:91:80:ad:80:4a:e4:71:a9:4d:73:2a:49:e0:53:ee:38:d3:
         b7:44:6b:f8:72:de:a1:ed:68:4d:ab:d4:b7:c2:30:27:0a:83:
         5b:51:69:89
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAYzHJvL+P8XNDa+8O6Dsaj1fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjIzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDk3NGRjOGM2NDVlZDIzNTE0NWNhYWExMzU1YmE4NWY1MjU3NjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAighDTtFjpT3b0lUBtIAA5qiG6KSe
vlu+CcD9FldzyhIn+KnAPs+caaS/RuV30Te6qW+y72efHbe0bcWfnSYaxCYj1Zcf
hp2rhsIOGsdR1nWkuMb0cxWz+ltOEqdJZvnKqv/ZiU648wv0M48V7hTY5OMtl/U0
447DB1GseRNobKWi0jdiQdqZQ+CE7EnoCIBRyUv9bBrjH3UeSdcOBItplP7seZks
s+DMW/oGuFTulr0GrV24geLHhtbf/oYqSAM0ymR28Jl3TACCITpj6fcU4GD7gv/J
qruTWMZ3VrNiOlDuZUpy5cuB1m9Jk2QFHb9Yqu7058Ql7JcOXBLyWgATMwIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFL2XTcjGRe0jUUXKqhNVuoX1JXY0MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNmLzg4YzVi
Ny1iMTI2LTRlZDMtOWQ3YS1lNWJhNGJmYTE3MWEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2YvODhjNWI3
LWIxMjYtNGVkMy05ZDdhLWU1YmE0YmZhMTcxYS8xL3ZaZE55TVpGN1NOUlJjcXFF
MVc2aGZVbGRqUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC5MMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwC+VDANBgkqhkiG9w0BAQsFAAOCAQEAjLxBEjFS06EYQ0MRajTMleDJ0Dqh
Fzq/OUqdk5H36SE+Nt6fjMMKese0h0anreJ0qgsrgopEPzon6LZ0xeacawc/l2aV
HACNxJjdSXJKTXUMCJWpvBWNmiYIoh7z1uarz4QCo+WU/8zEBNDhY7T9mWZELAjV
5B1DkQAVLK3Q/t02uJYpKjsbFgD+jMm2Wv4t6KoWI6Dge5s4Qtv/3w7RHxBzfmUa
9YwI0NrIf/wmCRA5+euoBpZxRXth5wYENf27j588ZbRuqeWdl93RaQXGXWdbMbQH
oIPek5GArYBK5HGpTXMqSeBT7jjTt0Rr+HLeoe1oTavUt8IwJwqDW1FpiQ==
-----END CERTIFICATE-----