Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/wN68iFC2kPEjJ5aRG_48TJqoZ9w.cer
File:                     wN68iFC2kPEjJ5aRG_48TJqoZ9w.cer (raw, json)
Hash identifier:          RC3lYyKUOjJ436+L8uLGuAWZaiySO1tx43GUZF1WVYI=
Subject key identifier:   C0:DE:BC:88:50:B6:90:F1:23:27:96:91:1B:FE:3C:4C:9A:A8:67:DC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01927650BC0F6BF05E544E39E846193483FF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/64/e3ca71-36f0-4c52-bc01-c6ac4dd7c8e4/1/wN68iFC2kPEjJ5aRG_48TJqoZ9w.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/64/e3ca71-36f0-4c52-bc01-c6ac4dd7c8e4/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 10 Oct 2024 12:04:15 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 2a14:6ec0::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:76:50:bc:0f:6b:f0:5e:54:4e:39:e8:46:19:34:83:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Oct 10 12:04:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0debc8850b690f1232796911bfe3c4c9aa867dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:07:15:5d:94:1c:6b:ca:f9:3d:6b:88:63:81:
                    27:a7:b4:6d:ea:09:7f:f3:6d:19:f3:f5:13:6f:3b:
                    9a:a9:fc:57:e0:5d:12:08:95:d6:a0:38:df:a9:c9:
                    f1:a6:44:69:9c:20:f9:a7:0d:80:8d:db:5f:ae:71:
                    a0:dd:19:5a:5e:09:66:15:c6:e3:71:96:7b:ba:26:
                    e6:3d:d7:81:b1:ef:9b:19:f1:5f:32:0e:c4:22:f4:
                    83:72:15:12:7b:55:cd:93:96:6a:23:bb:40:e3:33:
                    81:8b:ec:08:59:82:88:55:ef:66:0e:19:34:db:10:
                    d6:1a:ee:18:ee:28:1f:ef:96:0d:e3:66:ba:1d:10:
                    69:22:b8:93:59:cd:88:3f:47:1d:da:58:e9:87:88:
                    e1:0d:4c:4f:62:21:ec:15:ce:31:41:e0:54:2a:01:
                    34:87:5a:05:34:27:70:55:b8:bd:2b:01:64:8c:30:
                    58:f6:94:25:a2:d1:26:a3:12:83:2b:1d:da:ef:33:
                    b2:79:fa:8b:1d:05:8b:c3:a8:cc:c9:f5:f7:36:05:
                    3d:0f:05:2f:2f:2e:5a:23:32:7b:c0:22:ad:ad:8f:
                    fe:c2:f8:cf:6d:f9:a9:5d:66:07:5a:81:f4:b0:df:
                    73:27:3e:20:30:b3:32:c8:18:f1:c9:19:6a:ac:6c:
                    ea:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:DE:BC:88:50:B6:90:F1:23:27:96:91:1B:FE:3C:4C:9A:A8:67:DC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/e3ca71-36f0-4c52-bc01-c6ac4dd7c8e4/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/e3ca71-36f0-4c52-bc01-c6ac4dd7c8e4/1/wN68iFC2kPEjJ5aRG_48TJqoZ9w.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6ec0::/32

    Signature Algorithm: sha256WithRSAEncryption
         29:f9:05:c9:9e:d5:02:be:6d:3d:99:90:05:0e:d8:ba:b6:4c:
         fb:f7:cb:8e:97:d5:8f:3f:c8:0f:75:9e:6f:1f:7f:f3:28:f6:
         fb:9a:f8:dd:0a:41:07:5b:36:00:78:ac:d8:d3:bd:a5:5e:f0:
         5d:23:54:40:0a:59:7f:85:12:ea:cb:f5:75:5a:cf:0b:03:c3:
         eb:05:f3:fe:25:8c:ee:64:7b:6b:6b:92:76:b6:38:9e:8c:ea:
         2f:33:3b:e6:97:a5:75:1c:cd:d7:65:b6:34:26:91:49:0a:33:
         23:f3:3e:53:5a:c3:43:21:fa:41:8a:82:36:74:82:63:cf:2c:
         e0:14:fd:e5:e0:6d:2d:2c:94:f9:0c:35:44:c8:3c:62:67:dc:
         07:eb:e1:32:c6:b0:0d:74:fd:b2:ee:f9:c6:7e:cc:8e:cf:b8:
         fb:34:e0:88:f5:dc:3c:94:c6:3d:de:3f:67:2c:0c:1d:47:1f:
         f3:95:8a:f8:b0:9c:c1:5d:f6:7e:05:c8:71:30:86:cf:1c:86:
         ad:79:84:e9:f5:b5:50:ef:1d:bb:b5:6d:32:62:47:ea:b2:97:
         ab:b4:04:70:3c:22:a0:b1:4e:1e:3b:8c:9a:af:a3:ae:71:cb:
         be:9e:08:20:f5:30:02:68:bc:09:7f:9e:53:bd:00:32:25:21:
         52:5a:fc:be
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAZJ2ULwPa/BeVE456EYZNIP/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQxMDEwMTIwNDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGRlYmM4ODUwYjY5MGYxMjMyNzk2OTExYmZlM2M0YzlhYTg2N2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAcVXZQca8r5PWuIY4Enp7Rt6gl/
820Z8/UTbzuaqfxX4F0SCJXWoDjfqcnxpkRpnCD5pw2AjdtfrnGg3RlaXglmFcbj
cZZ7uibmPdeBse+bGfFfMg7EIvSDchUSe1XNk5ZqI7tA4zOBi+wIWYKIVe9mDhk0
2xDWGu4Y7igf75YN42a6HRBpIriTWc2IP0cd2ljph4jhDUxPYiHsFc4xQeBUKgE0
h1oFNCdwVbi9KwFkjDBY9pQlotEmoxKDKx3a7zOyefqLHQWLw6jMyfX3NgU9DwUv
Ly5aIzJ7wCKtrY/+wvjPbfmpXWYHWoH0sN9zJz4gMLMyyBjxyRlqrGzqyQIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFMDevIhQtpDxIyeWkRv+PEyaqGfcMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzY0L2UzY2E3
MS0zNmYwLTRjNTItYmMwMS1jNmFjNGRkN2M4ZTQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjQvZTNjYTcx
LTM2ZjAtNGM1Mi1iYzAxLWM2YWM0ZGQ3YzhlNC8xL3dONjhpRkMya1BFako1YVJH
XzQ4VEpxb1o5dy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUAKhRuwDANBgkqhkiG9w0BAQsFAAOCAQEAKfkF
yZ7VAr5tPZmQBQ7YurZM+/fLjpfVjz/ID3Webx9/8yj2+5r43QpBB1s2AHis2NO9
pV7wXSNUQApZf4US6sv1dVrPCwPD6wXz/iWM7mR7a2uSdrY4nozqLzM75peldRzN
12W2NCaRSQozI/M+U1rDQyH6QYqCNnSCY88s4BT95eBtLSyU+Qw1RMg8YmfcB+vh
MsawDXT9su75xn7Mjs+4+zTgiPXcPJTGPd4/ZywMHUcf85WK+LCcwV32fgXIcTCG
zxyGrXmE6fW1UO8du7VtMmJH6rKXq7QEcDwioLFOHjuMmq+jrnHLvp4IIPUwAmi8
CX+eU70AMiUhUlr8vg==
-----END CERTIFICATE-----