Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/zQwDKJL2la9ME_sKyoBD0Xsbl78.cer
File:                     zQwDKJL2la9ME_sKyoBD0Xsbl78.cer (raw, json)
Hash identifier:          STM+umoWLJKJ3s9ptrVZbXY+ERhDpz9fulnos0Bqj/4=
Subject key identifier:   CD:0C:03:28:92:F6:95:AF:4C:13:FB:0A:CA:80:43:D1:7B:1B:97:BF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B70AAD1DBF97C679259DF9A0D5C4DA
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/50/384a32-3e1c-4d86-bdb8-35276b7975ae/1/zQwDKJL2la9ME_sKyoBD0Xsbl78.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/50/384a32-3e1c-4d86-bdb8-35276b7975ae/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:30:02 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 200010
                          IP: 185.137.98.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:0a:ad:1d:bf:97:c6:79:25:9d:f9:a0:d5:c4:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd0c032892f695af4c13fb0aca8043d17b1b97bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:d3:c0:a3:47:2c:02:f4:fc:a3:fa:aa:7b:5f:
                    78:cd:2f:c1:8b:b7:00:c7:da:1d:96:7a:98:14:d6:
                    3f:1c:ac:bc:6c:f1:a3:bd:55:86:d3:d4:3f:e7:70:
                    d1:56:16:4d:28:6c:9f:5b:cf:9e:49:ca:d8:74:ba:
                    bb:87:12:94:45:e1:26:10:c9:cc:9b:88:45:a0:22:
                    d4:59:90:69:48:b0:b1:f6:d9:51:d8:ac:79:6a:d3:
                    71:09:e2:e9:29:c2:18:34:c7:24:cf:ef:4c:b3:c8:
                    50:f2:6e:73:54:5c:9f:42:7b:73:fc:cd:9e:1b:f3:
                    93:e9:be:e9:94:61:58:f3:f5:83:f4:54:70:7e:38:
                    f2:85:5e:cd:70:3e:1c:be:88:6d:61:7d:d7:39:2d:
                    86:b8:dd:9d:a5:fe:05:c9:62:2e:fd:d7:c2:71:65:
                    c4:e1:07:cd:72:42:48:dc:23:39:c7:0b:f0:f2:39:
                    35:59:3f:1f:9e:da:7e:d2:c9:42:9f:5c:9e:51:80:
                    19:24:ce:49:ab:bb:04:0c:34:57:8f:56:62:1b:d4:
                    20:37:d5:9f:92:fd:19:3a:d1:bc:27:5c:be:ef:5b:
                    77:aa:87:84:01:04:7a:8b:e6:a3:45:47:64:5a:79:
                    88:78:09:82:21:7a:05:94:69:c1:a0:4d:bd:06:99:
                    56:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:0C:03:28:92:F6:95:AF:4C:13:FB:0A:CA:80:43:D1:7B:1B:97:BF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/384a32-3e1c-4d86-bdb8-35276b7975ae/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/384a32-3e1c-4d86-bdb8-35276b7975ae/1/zQwDKJL2la9ME_sKyoBD0Xsbl78.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.98.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  200010

    Signature Algorithm: sha256WithRSAEncryption
         5d:33:ce:42:27:ca:1c:87:13:1f:9d:d3:04:2d:9c:71:ab:29:
         89:54:0a:8c:d2:9d:2f:a5:5d:7a:4d:21:25:bb:be:64:78:a0:
         9a:cd:f3:6a:9b:42:02:3f:3a:44:bf:3e:cd:24:b0:7d:13:d3:
         48:ee:3f:37:2b:7e:50:55:fe:23:75:41:59:cf:9a:77:76:83:
         29:e7:3f:ab:2c:26:52:58:8a:ba:fc:0e:6c:17:5e:69:d6:4b:
         6f:5f:d0:4a:78:71:27:32:91:ee:c1:c6:1c:5a:f4:e4:77:5a:
         4a:b2:c8:aa:35:27:ad:8a:45:d6:4f:2c:00:b4:21:62:ee:18:
         48:43:0e:d1:dc:ca:7e:85:c3:f1:c5:0b:3f:f8:b3:67:92:42:
         fd:5f:9d:72:87:69:d8:6c:c0:97:dd:b3:64:22:5b:32:e5:5e:
         2b:69:d4:39:bf:92:61:43:12:ea:25:6b:67:4d:85:8f:a7:1c:
         bf:7b:1c:93:86:ed:63:d1:50:2d:1a:d4:94:89:4d:be:14:64:
         6b:9d:fd:cb:3c:89:1b:b6:1a:8b:bb:b0:0c:42:c4:3f:67:fc:
         ea:aa:3a:0a:70:9f:0f:dc:1a:50:b8:0e:c0:07:8f:3c:d8:85:
         40:25:13:3d:0a:d9:9f:30:75:de:31:fd:f8:d5:5d:5c:ec:75:
         6f:b6:ff:c1
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzDtwqtHb+Xxnklnfmg1cTaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDBjMDMyODkyZjY5NWFmNGMxM2ZiMGFjYTgwNDNkMTdiMWI5N2JmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA69PAo0csAvT8o/qqe194zS/Bi7cA
x9odlnqYFNY/HKy8bPGjvVWG09Q/53DRVhZNKGyfW8+eScrYdLq7hxKUReEmEMnM
m4hFoCLUWZBpSLCx9tlR2Kx5atNxCeLpKcIYNMckz+9Ms8hQ8m5zVFyfQntz/M2e
G/OT6b7plGFY8/WD9FRwfjjyhV7NcD4cvohtYX3XOS2GuN2dpf4FyWIu/dfCcWXE
4QfNckJI3CM5xwvw8jk1WT8fntp+0slCn1yeUYAZJM5Jq7sEDDRXj1ZiG9QgN9Wf
kv0ZOtG8J1y+71t3qoeEAQR6i+ajRUdkWnmIeAmCIXoFlGnBoE29BplWLQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFM0MAyiS9pWvTBP7CsqAQ9F7G5e/MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzUwLzM4NGEz
Mi0zZTFjLTRkODYtYmRiOC0zNTI3NmI3OTc1YWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTAvMzg0YTMy
LTNlMWMtNGQ4Ni1iZGI4LTM1Mjc2Yjc5NzVhZS8xL3pRd0RLSkwybGE5TUVfc0t5
b0JEMFhzYmw3OC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAuYliMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMNSjANBgkqhkiG9w0BAQsFAAOCAQEAXTPOQifKHIcTH53TBC2ccaspiVQKjNKd
L6Vdek0hJbu+ZHigms3zaptCAj86RL8+zSSwfRPTSO4/Nyt+UFX+I3VBWc+ad3aD
Kec/qywmUliKuvwObBdeadZLb1/QSnhxJzKR7sHGHFr05HdaSrLIqjUnrYpF1k8s
ALQhYu4YSEMO0dzKfoXD8cULP/izZ5JC/V+dcodp2GzAl92zZCJbMuVeK2nUOb+S
YUMS6iVrZ02Fj6ccv3sck4btY9FQLRrUlIlNvhRka539yzyJG7Yai7uwDELEP2f8
6qo6CnCfD9waULgOwAePPNiFQCUTPQrZnzB13jH9+NVdXOx1b7b/wQ==
-----END CERTIFICATE-----