Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/xZR-zIaDrQ282VqPMy8MqhNXR5A.cer
File:                     xZR-zIaDrQ282VqPMy8MqhNXR5A.cer (raw, json)
Hash identifier:          gclGx+A/fhRkYYretkix1MMEEa1FA80dthOu4fdlQo8=
Subject key identifier:   C5:94:7E:CC:86:83:AD:0D:BC:D9:5A:8F:33:2F:0C:AA:13:57:47:90
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018D22FA4AFE9C904E68E6C76D7A10E589CD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.netiface.net/repo/Civilized/0/C5947ECC8683AD0DBCD95A8F332F0CAA13574790.mft
caRepository:             rsync://rpki.netiface.net/repo/Civilized/0/
Notify URL:               https://rpki.netiface.net/rrdp/notification.xml
Certificate not before:   Fri 19 Jan 2024 18:27:25 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 44423
                          AS: 216360

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:22:fa:4a:fe:9c:90:4e:68:e6:c7:6d:7a:10:e5:89:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 19 18:27:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5947ecc8683ad0dbcd95a8f332f0caa13574790
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b1:fd:88:ef:16:b4:e0:fc:7a:e0:44:e1:f9:
                    8e:6e:e0:b1:9a:ca:6b:3e:e0:75:04:b8:e8:3b:cb:
                    30:70:35:2c:05:a6:90:81:da:a3:57:c4:bd:b5:66:
                    e1:bf:56:f7:fc:a7:90:c7:ce:e0:e9:6b:9f:67:87:
                    0b:62:6b:b2:1b:fd:d2:34:a6:a3:f9:0f:4a:32:23:
                    9f:c8:ab:63:9a:10:76:9d:c4:51:f6:16:05:ad:cd:
                    3e:99:a9:9c:9a:d8:c4:ea:bb:bf:7b:b3:25:84:9f:
                    fe:e8:58:03:c5:8a:c5:bf:49:db:01:3c:2e:67:98:
                    cc:6f:df:b2:ac:0b:02:a3:42:88:77:62:9d:56:6d:
                    a7:1b:32:e0:e1:84:ec:5d:a5:56:0e:ea:c5:2d:70:
                    66:e0:73:a0:03:8d:79:13:3c:e5:98:dc:ec:ac:66:
                    16:30:a3:73:a9:be:50:7b:90:ec:4e:f7:4a:62:a1:
                    84:c8:19:d0:bc:d8:1b:35:0c:ad:03:43:43:89:a3:
                    7b:dc:72:4a:68:ac:05:42:4f:38:de:44:91:64:b1:
                    26:7f:f9:af:d3:aa:8a:04:2d:2f:f6:cf:dc:b3:06:
                    ea:98:47:82:60:50:c3:fe:0f:02:1f:54:48:8a:00:
                    83:a5:ac:72:04:c3:62:44:61:e3:ea:42:05:fc:96:
                    d1:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:94:7E:CC:86:83:AD:0D:BC:D9:5A:8F:33:2F:0C:AA:13:57:47:90
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.netiface.net/repo/Civilized/0/
                RPKI Manifest - URI:rsync://rpki.netiface.net/repo/Civilized/0/C5947ECC8683AD0DBCD95A8F332F0CAA13574790.mft
                RPKI Notify - URI:https://rpki.netiface.net/rrdp/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  44423
                  216360

    Signature Algorithm: sha256WithRSAEncryption
         9b:4e:11:32:bc:00:09:2d:37:28:ac:51:1b:c6:f5:48:b5:f8:
         c0:1b:e0:23:02:06:06:20:85:12:12:54:a2:ab:a0:b2:d1:79:
         42:8d:5a:77:3c:20:3d:b8:f7:f4:35:d4:eb:fe:2e:f5:31:95:
         bd:29:5e:66:f5:71:c9:14:33:48:6a:2e:a4:24:7f:ed:3e:82:
         04:d3:23:08:39:06:72:c3:28:d5:b7:84:eb:63:ca:29:7c:6a:
         6e:42:22:01:bd:1c:69:4d:61:69:d2:34:cd:34:f8:e4:db:a1:
         f0:f8:29:4a:0b:c1:f9:e0:ec:11:f2:a6:ca:5a:67:eb:cf:71:
         2d:f8:d8:bd:84:d8:d3:b9:e4:94:d3:e2:01:ad:38:4f:f9:b3:
         a2:e4:4d:a4:2c:6b:c9:31:90:de:f4:bd:02:7b:48:4d:a3:68:
         38:e6:50:ea:94:8b:15:af:58:6d:8f:b4:2c:6d:8b:c7:bf:d6:
         fd:be:73:12:5e:5a:65:4f:e6:a1:28:3c:6e:32:db:b7:aa:9c:
         8c:5e:7e:16:e4:52:9d:b6:87:b5:da:39:a6:a8:e3:6f:6a:2c:
         77:7a:97:27:48:cb:54:2e:8c:2b:47:55:85:12:03:bb:aa:8a:
         1e:ce:6b:94:d0:11:38:de:97:86:39:d3:99:0c:c3:a6:5b:84:
         cd:50:3c:08
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAY0i+kr+nJBOaObHbXoQ5YnNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTE5MTgyNzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTk0N2VjYzg2ODNhZDBkYmNkOTVhOGYzMzJmMGNhYTEzNTc0NzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw7H9iO8WtOD8euBE4fmObuCxmspr
PuB1BLjoO8swcDUsBaaQgdqjV8S9tWbhv1b3/KeQx87g6WufZ4cLYmuyG/3SNKaj
+Q9KMiOfyKtjmhB2ncRR9hYFrc0+mamcmtjE6ru/e7MlhJ/+6FgDxYrFv0nbATwu
Z5jMb9+yrAsCo0KId2KdVm2nGzLg4YTsXaVWDurFLXBm4HOgA415EzzlmNzsrGYW
MKNzqb5Qe5DsTvdKYqGEyBnQvNgbNQytA0NDiaN73HJKaKwFQk843kSRZLEmf/mv
06qKBC0v9s/cswbqmEeCYFDD/g8CH1RIigCDpaxyBMNiRGHj6kIF/JbRCQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFMWUfsyGg60NvNlajzMvDKoTV0eQMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwgesGCCsGAQUFBwELBIHeMIHbMDcGCCsGAQUFBzAFhityc3lu
YzovL3Jwa2kubmV0aWZhY2UubmV0L3JlcG8vQ2l2aWxpemVkLzAvMGMGCCsGAQUF
BzAKhldyc3luYzovL3Jwa2kubmV0aWZhY2UubmV0L3JlcG8vQ2l2aWxpemVkLzAv
QzU5NDdFQ0M4NjgzQUQwREJDRDk1QThGMzMyRjBDQUExMzU3NDc5MC5tZnQwOwYI
KwYBBQUHMA2GL2h0dHBzOi8vcnBraS5uZXRpZmFjZS5uZXQvcnJkcC9ub3RpZmlj
YXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5l
dC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1r
LmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEIAQH/BBAw
DqAMMAoCAwCthwIDA00oMA0GCSqGSIb3DQEBCwUAA4IBAQCbThEyvAAJLTcorFEb
xvVItfjAG+AjAgYGIIUSElSiq6Cy0XlCjVp3PCA9uPf0NdTr/i71MZW9KV5m9XHJ
FDNIai6kJH/tPoIE0yMIOQZywyjVt4TrY8opfGpuQiIBvRxpTWFp0jTNNPjk26Hw
+ClKC8H54OwR8qbKWmfrz3Et+Ni9hNjTueSU0+IBrThP+bOi5E2kLGvJMZDe9L0C
e0hNo2g45lDqlIsVr1htj7QsbYvHv9b9vnMSXlplT+ahKDxuMtu3qpyMXn4W5FKd
toe12jmmqONvaix3epcnSMtULowrR1WFEgO7qooezmuU0BE43peGOdOZDMOmW4TN
UDwI
-----END CERTIFICATE-----