Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/zfy95jLRBvqtmMLBiVqHfKYBUho.cer
File:                     zfy95jLRBvqtmMLBiVqHfKYBUho.cer (raw, json)
Hash identifier:          fH29F+LmNzuURBxhnP0DdNlQDtO+UrLslZsC23ZYcOc=
Subject key identifier:   CD:FC:BD:E6:32:D1:06:FA:AD:98:C2:C1:89:5A:87:7C:A6:01:52:1A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194252191A1ACFF7BBD26AAA8F9E7776D4C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/75/fe45cf-4ad2-41d9-bbca-203cfa238696/1/zfy95jLRBvqtmMLBiVqHfKYBUho.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/75/fe45cf-4ad2-41d9-bbca-203cfa238696/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 03:49:04 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 137.120.0.0/16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:05:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:91:a1:ac:ff:7b:bd:26:aa:a8:f9:e7:77:6d:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 03:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cdfcbde632d106faad98c2c1895a877ca601521a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e9:1e:76:bd:83:23:ca:65:b5:62:10:e9:40:
                    6b:7b:ef:1a:6d:56:f3:f0:e1:4d:fb:f7:f2:14:ac:
                    d9:20:43:bf:15:75:9f:1f:d2:c1:fc:c8:51:f3:85:
                    b8:4a:46:43:77:ad:4e:95:00:36:d5:e1:18:11:ca:
                    e5:53:7f:9e:df:f7:c8:70:bd:ce:b0:c9:21:19:17:
                    1e:7d:fb:66:61:99:ea:27:76:90:ed:21:54:66:fe:
                    fc:f2:dc:55:f4:5c:82:bb:9d:68:45:a3:a5:df:6b:
                    73:c1:e5:6c:39:8a:86:3f:3f:cb:47:c6:e5:a1:d6:
                    bf:49:96:f0:0e:8e:29:7a:f2:41:5d:ae:17:2d:bd:
                    85:ea:1c:0e:fa:69:2d:db:0e:71:59:a8:8a:f5:4b:
                    da:77:c6:8e:58:34:5e:75:ab:42:5d:8f:51:c4:b1:
                    df:84:e8:78:4a:6d:12:a4:50:e3:f8:41:64:08:f9:
                    fe:b5:1e:7f:eb:af:55:c2:94:12:a4:38:9f:00:a3:
                    40:c9:ca:92:de:76:23:7c:6f:3d:7f:6e:d1:84:82:
                    72:09:36:3f:66:83:bc:b3:5e:dd:53:4d:42:07:85:
                    9f:85:51:d0:a9:2a:f1:9a:78:57:7b:19:82:16:ed:
                    6c:d0:f9:b2:23:cb:dc:07:d6:e3:41:d6:94:a3:68:
                    f9:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:FC:BD:E6:32:D1:06:FA:AD:98:C2:C1:89:5A:87:7C:A6:01:52:1A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/fe45cf-4ad2-41d9-bbca-203cfa238696/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/fe45cf-4ad2-41d9-bbca-203cfa238696/1/zfy95jLRBvqtmMLBiVqHfKYBUho.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  137.120.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2d:a1:bd:9f:f2:f7:27:6c:c8:de:4f:16:90:cc:20:63:64:c9:
         1e:83:a3:5a:c7:42:e5:17:07:10:a8:a6:39:b8:33:d0:f6:e8:
         18:15:c0:29:da:34:39:9e:92:19:15:06:60:fc:88:34:81:ed:
         c2:4f:f1:29:ed:66:42:ad:3f:a1:5d:4a:4c:4d:d0:b4:42:bc:
         10:81:9f:e4:69:d2:a3:79:bc:99:9c:99:ec:0e:03:38:ac:4f:
         f7:28:6a:2c:51:c5:63:d3:75:93:3e:09:69:30:9d:1d:fe:67:
         19:4d:8a:a1:b8:8e:a8:9b:56:75:aa:cb:e4:1f:b2:a0:aa:10:
         3c:df:11:bf:b6:d4:75:5a:38:37:50:1b:fa:cc:70:3e:27:b6:
         9c:39:78:14:ba:a2:5c:3c:e0:86:5a:97:38:e3:db:ee:96:b6:
         bf:ca:41:5a:4c:4f:bb:81:ab:5d:4c:17:c4:8d:a0:06:7e:c0:
         7d:37:9a:8d:12:13:00:d8:40:ee:68:25:2d:c2:e0:b1:d0:39:
         6c:0d:6e:3e:a1:21:d9:8f:19:f9:2f:43:6a:47:27:5a:f1:76:
         c5:67:05:1d:97:f8:8e:dc:37:4a:ce:6d:88:68:61:bf:f5:cd:
         47:b3:7f:b3:00:62:fe:b2:9e:ab:02:1b:ca:6f:75:a8:8e:0b:
         72:a8:22:94
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAZQlIZGhrP97vSaqqPnnd21MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDM0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGZjYmRlNjMyZDEwNmZhYWQ5OGMyYzE4OTVhODc3Y2E2MDE1MjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArukedr2DI8pltWIQ6UBre+8abVbz
8OFN+/fyFKzZIEO/FXWfH9LB/MhR84W4SkZDd61OlQA21eEYEcrlU3+e3/fIcL3O
sMkhGRcefftmYZnqJ3aQ7SFUZv788txV9FyCu51oRaOl32tzweVsOYqGPz/LR8bl
oda/SZbwDo4pevJBXa4XLb2F6hwO+mkt2w5xWaiK9Uvad8aOWDRedatCXY9RxLHf
hOh4Sm0SpFDj+EFkCPn+tR5/669VwpQSpDifAKNAycqS3nYjfG89f27RhIJyCTY/
ZoO8s17dU01CB4WfhVHQqSrxmnhXexmCFu1s0PmyI8vcB9bjQdaUo2j5+wIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFM38veYy0Qb6rZjCwYlah3ymAVIaMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc1L2ZlNDVj
Zi00YWQyLTQxZDktYmJjYS0yMDNjZmEyMzg2OTYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzUvZmU0NWNm
LTRhZDItNDFkOS1iYmNhLTIwM2NmYTIzODY5Ni8xL3pmeTk1akxSQnZxdG1NTEJp
VnFIZktZQlVoby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUF
BwEHAQH/BA8wDTALBAIAATAFAwMAiXgwDQYJKoZIhvcNAQELBQADggEBAC2hvZ/y
9ydsyN5PFpDMIGNkyR6Do1rHQuUXBxCopjm4M9D26BgVwCnaNDmekhkVBmD8iDSB
7cJP8SntZkKtP6FdSkxN0LRCvBCBn+Rp0qN5vJmcmewOAzisT/coaixRxWPTdZM+
CWkwnR3+ZxlNiqG4jqibVnWqy+QfsqCqEDzfEb+21HVaODdQG/rMcD4ntpw5eBS6
olw84IZalzjj2+6Wtr/KQVpMT7uBq11MF8SNoAZ+wH03mo0SEwDYQO5oJS3C4LHQ
OWwNbj6hIdmPGfkvQ2pHJ1rxdsVnBR2X+I7cN0rObYhoYb/1zUezf7MAYv6ynqsC
G8pvdaiOC3KoIpQ=
-----END CERTIFICATE-----