Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/xiWvuc4zXu0-UxKLSp6yX8SV1uA.cer
File:                     xiWvuc4zXu0-UxKLSp6yX8SV1uA.cer (raw, json)
Hash identifier:          FlMQ3on46VCdonVpcrQq4S55tpGfmvi3PF6/21Rh+Ow=
Subject key identifier:   C6:25:AF:B9:CE:33:5E:ED:3E:53:12:8B:4A:9E:B2:5F:C4:95:D6:E0
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC7948D2A80ED72EC2E470B67798C2CA1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9c/0f9b50-4689-4cd8-ae6d-100c3e1be3a2/1/xiWvuc4zXu0-UxKLSp6yX8SV1uA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9c/0f9b50-4689-4cd8-ae6d-100c3e1be3a2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:30:50 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.138.212.0/22
                          IP: 2001:67c:18c4::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:8d:2a:80:ed:72:ec:2e:47:0b:67:79:8c:2c:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c625afb9ce335eed3e53128b4a9eb25fc495d6e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:ef:0a:f9:64:6d:21:52:8b:96:90:66:df:04:
                    10:b0:f7:2e:6f:a8:b2:fd:22:42:cf:b3:eb:57:05:
                    d0:fb:4e:fb:36:23:b7:1c:a5:15:c3:3b:a3:71:dd:
                    63:3e:04:f7:62:1c:20:4f:68:f4:e5:5a:5a:f5:c2:
                    18:61:3f:33:5a:a6:06:ed:4c:7f:e5:5a:12:d7:d4:
                    98:8f:80:c4:32:4b:4f:a2:39:01:24:95:fd:8c:59:
                    76:4d:ab:e9:e7:bb:43:f0:96:dd:5e:46:74:f8:e9:
                    61:b7:7c:21:d8:e4:6f:0b:5a:65:d1:7f:f8:30:12:
                    d8:21:d6:65:6e:da:da:e4:9e:60:91:ae:d0:10:11:
                    bb:c5:34:13:30:a3:d8:be:b6:3e:63:94:bb:04:17:
                    71:e3:2b:cc:c0:a9:fb:78:c3:c1:b6:12:df:4b:8d:
                    33:34:dd:f6:17:8a:a3:e9:16:6b:a3:c8:ba:0a:a9:
                    ba:a6:bc:1f:11:0f:10:fd:4f:a5:24:50:80:d8:b6:
                    19:55:f4:d8:b4:f7:c3:6f:04:91:13:9b:d1:83:f4:
                    b2:d9:ec:cb:16:d4:2c:21:a2:32:3d:21:9d:b3:e0:
                    40:bc:ad:87:2d:cd:01:da:39:45:c3:cd:32:77:2d:
                    0d:84:96:44:f1:a8:40:96:f6:60:8b:78:03:89:36:
                    e9:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:25:AF:B9:CE:33:5E:ED:3E:53:12:8B:4A:9E:B2:5F:C4:95:D6:E0
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/0f9b50-4689-4cd8-ae6d-100c3e1be3a2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/0f9b50-4689-4cd8-ae6d-100c3e1be3a2/1/xiWvuc4zXu0-UxKLSp6yX8SV1uA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.138.212.0/22
                IPv6:
                  2001:67c:18c4::/48

    Signature Algorithm: sha256WithRSAEncryption
         ae:2e:44:4b:33:b9:8d:87:1c:d7:8f:70:ef:09:47:32:f9:09:
         38:9e:ae:3c:fc:c7:ee:48:64:63:7a:80:f0:03:34:f8:e6:4c:
         62:14:e9:00:bf:35:72:37:9b:c9:f9:fb:16:8a:49:cf:2b:07:
         cf:65:b0:ff:18:f5:ba:98:2a:aa:3a:f9:d5:49:64:0d:dd:17:
         b0:36:de:fe:01:1b:77:97:c0:4a:b5:b2:ff:29:90:21:a9:b1:
         41:c1:8d:9a:fd:31:72:ee:95:01:0a:1d:be:53:51:74:24:ed:
         de:e3:92:80:bc:2e:6a:02:d4:f8:13:16:4b:c4:28:77:3b:86:
         1f:f8:71:67:15:ed:bf:aa:f8:90:6e:17:45:67:b2:7d:f6:05:
         1c:c2:fc:b1:6c:6e:72:e6:d9:37:b9:dc:4f:e8:a2:a7:67:d8:
         19:16:30:23:30:10:49:80:84:c5:b2:d2:74:b9:1e:06:8d:40:
         0d:fb:14:cd:47:6f:5f:fb:dc:2a:64:df:89:a5:bb:c7:39:5c:
         2b:94:26:c6:ea:9e:61:ef:25:bd:75:ad:32:5f:ff:98:74:53:
         f4:d4:16:f7:f6:37:97:54:81:91:1f:6b:52:c1:fb:ea:69:67:
         aa:26:8c:13:ec:20:db:1b:56:fa:0a:09:cf:08:59:c3:c5:7a:
         95:43:80:55
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgISAYzHlI0qgO1y7C5HC2d5jCyhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjI1YWZiOWNlMzM1ZWVkM2U1MzEyOGI0YTllYjI1ZmM0OTVkNmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6O8K+WRtIVKLlpBm3wQQsPcub6iy
/SJCz7PrVwXQ+077NiO3HKUVwzujcd1jPgT3YhwgT2j05Vpa9cIYYT8zWqYG7Ux/
5VoS19SYj4DEMktPojkBJJX9jFl2Tavp57tD8JbdXkZ0+Olht3wh2ORvC1pl0X/4
MBLYIdZlbtra5J5gka7QEBG7xTQTMKPYvrY+Y5S7BBdx4yvMwKn7eMPBthLfS40z
NN32F4qj6RZro8i6Cqm6prwfEQ8Q/U+lJFCA2LYZVfTYtPfDbwSRE5vRg/Sy2ezL
FtQsIaIyPSGds+BAvK2HLc0B2jlFw80ydy0NhJZE8ahAlvZgi3gDiTbpkQIDAQAB
o4IClTCCApEwHQYDVR0OBBYEFMYlr7nOM17tPlMSi0qesl/EldbgMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzljLzBmOWI1
MC00Njg5LTRjZDgtYWU2ZC0xMDBjM2UxYmUzYTIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWMvMGY5YjUw
LTQ2ODktNGNkOC1hZTZkLTEwMGMzZTFiZTNhMi8xL3hpV3Z1YzR6WHUwLVV4S0xT
cDZ5WDhTVjF1QS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUF
BwEHAQH/BCEwHzAMBAIAATAGAwQCwYrUMA8EAgACMAkDBwAgAQZ8GMQwDQYJKoZI
hvcNAQELBQADggEBAK4uREszuY2HHNePcO8JRzL5CTierjz8x+5IZGN6gPADNPjm
TGIU6QC/NXI3m8n5+xaKSc8rB89lsP8Y9bqYKqo6+dVJZA3dF7A23v4BG3eXwEq1
sv8pkCGpsUHBjZr9MXLulQEKHb5TUXQk7d7jkoC8LmoC1PgTFkvEKHc7hh/4cWcV
7b+q+JBuF0Vnsn32BRzC/LFsbnLm2Te53E/ooqdn2BkWMCMwEEmAhMWy0nS5HgaN
QA37FM1Hb1/73Cpk34mlu8c5XCuUJsbqnmHvJb11rTJf/5h0U/TUFvf2N5dUgZEf
a1LB++ppZ6omjBPsINsbVvoKCc8IWcPFepVDgFU=
-----END CERTIFICATE-----