Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/zUDV6ln4DaYbRIa9mZvhEqGjU4c.cer
File:                     zUDV6ln4DaYbRIa9mZvhEqGjU4c.cer (raw, json)
Hash identifier:          XDWTDTsOd3CStunFsCmeiqZiHoOEDL176Kkx324XxCo=
Subject key identifier:   CD:40:D5:EA:59:F8:0D:A6:1B:44:86:BD:99:9B:E1:12:A1:A3:53:87
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019426D9DECABA0AEE289EAC35F81D0C7840
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/45/b329eb-fa5b-4fa8-b49b-f623304ed79a/1/zUDV6ln4DaYbRIa9mZvhEqGjU4c.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/45/b329eb-fa5b-4fa8-b49b-f623304ed79a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 11:50:00 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 38942
                          IP: 87.239.40.0/21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:de:ca:ba:0a:ee:28:9e:ac:35:f8:1d:0c:78:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 11:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd40d5ea59f80da61b4486bd999be112a1a35387
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c1:cb:f2:59:ea:39:f3:b7:86:ab:c0:e5:73:
                    4e:08:96:c5:56:e4:f0:a6:00:0a:fe:6e:5d:72:48:
                    57:0a:dd:63:b0:19:82:8e:24:60:d5:8a:f1:c9:9f:
                    d6:21:8a:bd:95:ca:fb:a8:76:57:56:3b:9c:41:62:
                    b0:b0:e5:4a:8e:38:fa:13:00:ee:be:0d:0e:33:fe:
                    fa:d1:57:ed:20:ec:fa:56:a7:86:75:f0:04:0d:20:
                    da:8d:b4:b9:63:cc:66:53:39:10:9c:c8:f3:bc:de:
                    03:ae:33:57:da:88:65:3d:77:2e:d1:3d:f9:40:19:
                    78:cb:99:11:c9:e6:7b:1d:55:2d:7c:4b:e4:c1:3a:
                    da:ce:27:72:e4:c9:11:8c:c7:20:cc:83:df:2b:3b:
                    83:c4:31:f9:75:46:64:b2:b3:64:23:0f:24:2f:40:
                    38:35:38:0f:49:dd:0e:35:33:42:0c:41:32:1d:6f:
                    38:04:58:69:83:25:1a:3e:05:f1:1b:0a:89:bd:e9:
                    d0:03:88:ce:85:95:d9:6d:12:23:df:fe:d1:4a:c0:
                    08:d1:d0:16:85:8f:76:00:01:3f:ce:b3:16:47:e8:
                    17:be:c6:5c:20:82:9e:a9:02:de:fa:df:06:86:c9:
                    58:e3:02:d0:fd:31:b0:39:d2:cf:f8:71:59:d7:c7:
                    da:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:40:D5:EA:59:F8:0D:A6:1B:44:86:BD:99:9B:E1:12:A1:A3:53:87
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/b329eb-fa5b-4fa8-b49b-f623304ed79a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/b329eb-fa5b-4fa8-b49b-f623304ed79a/1/zUDV6ln4DaYbRIa9mZvhEqGjU4c.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.239.40.0/21

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  38942

    Signature Algorithm: sha256WithRSAEncryption
         61:19:c4:8f:9f:7f:4b:00:a3:99:5a:63:4b:99:5e:7a:03:dd:
         1c:7e:8e:a4:ae:6f:64:58:02:d1:9e:9e:2b:41:42:5c:f6:3b:
         8e:69:fd:48:5f:d7:aa:50:74:26:5a:8e:7e:97:f8:ba:d8:72:
         37:01:e3:58:b0:53:b1:16:e8:04:29:cd:f0:61:02:51:31:56:
         de:d9:bc:c4:8d:6e:25:8e:47:bd:56:f1:b1:9e:9b:30:48:d1:
         05:9f:7d:91:c6:90:ff:d5:4d:a7:15:b4:35:0c:68:3e:16:39:
         b0:cf:65:c6:2c:5b:9b:b0:5f:d8:bb:a8:24:4d:dd:4a:f9:78:
         06:b9:de:d3:67:26:d1:7e:7b:48:21:62:fe:40:60:77:75:11:
         4c:0e:ad:18:11:e8:34:3c:89:b3:18:30:68:59:ec:c4:df:25:
         4c:da:d5:c0:bf:7a:4f:cf:83:a1:9c:1d:2a:0d:50:09:a4:08:
         15:4c:f3:f8:b1:fd:a7:61:a0:b5:b2:6f:8a:62:1b:8d:1f:cd:
         04:88:9c:99:b5:62:74:be:cf:53:ca:84:ab:28:3d:5d:46:df:
         47:df:97:46:9c:2f:8f:11:f0:89:ec:9a:0a:8d:1d:d8:96:77:
         a2:d7:e8:b2:b7:c0:80:ab:16:76:e3:b6:6b:9f:61:97:a7:15:
         14:67:07:00
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQm2d7KugruKJ6sNfgdDHhAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTE1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDQwZDVlYTU5ZjgwZGE2MWI0NDg2YmQ5OTliZTExMmExYTM1Mzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusHL8lnqOfO3hqvA5XNOCJbFVuTw
pgAK/m5dckhXCt1jsBmCjiRg1YrxyZ/WIYq9lcr7qHZXVjucQWKwsOVKjjj6EwDu
vg0OM/760VftIOz6VqeGdfAEDSDajbS5Y8xmUzkQnMjzvN4DrjNX2ohlPXcu0T35
QBl4y5kRyeZ7HVUtfEvkwTrazidy5MkRjMcgzIPfKzuDxDH5dUZksrNkIw8kL0A4
NTgPSd0ONTNCDEEyHW84BFhpgyUaPgXxGwqJvenQA4jOhZXZbRIj3/7RSsAI0dAW
hY92AAE/zrMWR+gXvsZcIIKeqQLe+t8GhslY4wLQ/TGwOdLP+HFZ18faywIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFM1A1epZ+A2mG0SGvZmb4RKho1OHMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ1L2IzMjll
Yi1mYTViLTRmYTgtYjQ5Yi1mNjIzMzA0ZWQ3OWEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDUvYjMyOWVi
LWZhNWItNGZhOC1iNDliLWY2MjMzMDRlZDc5YS8xL3pVRFY2bG40RGFZYlJJYTlt
WnZoRXFHalU0Yy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQDV+8oMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCYHjANBgkqhkiG9w0BAQsFAAOCAQEAYRnEj59/SwCjmVpjS5leegPdHH6OpK5v
ZFgC0Z6eK0FCXPY7jmn9SF/XqlB0JlqOfpf4uthyNwHjWLBTsRboBCnN8GECUTFW
3tm8xI1uJY5HvVbxsZ6bMEjRBZ99kcaQ/9VNpxW0NQxoPhY5sM9lxixbm7Bf2Luo
JE3dSvl4Brne02cm0X57SCFi/kBgd3URTA6tGBHoNDyJsxgwaFnsxN8lTNrVwL96
T8+DoZwdKg1QCaQIFUzz+LH9p2GgtbJvimIbjR/NBIicmbVidL7PU8qEqyg9XUbf
R9+XRpwvjxHwieyaCo0d2JZ3otfosrfAgKsWduO2a59hl6cVFGcHAA==
-----END CERTIFICATE-----