Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/zxhBQM0aIj9ji3mW9UifSF2O5ic.cer
File:                     zxhBQM0aIj9ji3mW9UifSF2O5ic.cer (raw, json)
Hash identifier:          FX8vhkNBmco1ho/dLs3sxiv4IC2AND5KhrtnU5gl4rc=
Subject key identifier:   CF:18:41:40:CD:1A:22:3F:63:8B:79:96:F5:48:9F:48:5D:8E:E6:27
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018DCBB95964FF9189684A7D1A60D566512B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/40/07bf29-07d1-4daf-b3bb-cbfb2c7fbadd/1/zxhBQM0aIj9ji3mW9UifSF2O5ic.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/40/07bf29-07d1-4daf-b3bb-cbfb2c7fbadd/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 21 Feb 2024 12:52:18 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 215457
                          IP: 31.128.56.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:cb:b9:59:64:ff:91:89:68:4a:7d:1a:60:d5:66:51:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Feb 21 12:52:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf184140cd1a223f638b7996f5489f485d8ee627
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f1:7c:2d:39:dc:75:8b:3b:e1:25:20:2a:e8:
                    65:12:de:3a:af:62:ef:d2:76:bd:a6:88:88:17:12:
                    cd:0d:f5:cb:a7:d2:32:a4:b2:9b:1e:3e:44:6a:68:
                    17:9c:aa:ec:ca:11:7b:70:5a:43:aa:67:64:72:10:
                    e1:ae:83:d0:46:da:8c:4a:fe:c9:55:8d:26:ce:58:
                    ef:43:66:5c:b8:b2:f7:e2:db:12:f0:54:e5:e6:ed:
                    b2:26:61:fb:19:da:f5:73:64:62:03:9f:41:c0:ba:
                    08:eb:0e:3a:ce:a3:43:c5:3d:e2:26:5b:11:78:ec:
                    32:b2:ae:02:ea:da:09:0c:5d:c8:8d:17:38:76:06:
                    3e:9f:68:f8:85:4f:80:9f:96:18:1d:af:90:7c:84:
                    40:15:bc:43:05:4a:78:34:20:4e:8b:2e:77:87:a1:
                    93:eb:24:6f:1e:83:bd:54:3d:55:0c:c8:72:e2:7e:
                    44:90:79:90:ee:43:1a:00:fa:32:21:43:9f:d7:9f:
                    6f:8b:44:30:1c:39:8e:d6:be:c1:67:71:b8:a3:45:
                    5f:a1:de:26:91:c3:b6:7d:5e:91:93:22:e0:ae:88:
                    44:1c:ee:65:06:b3:75:87:98:a5:c9:9d:25:21:b6:
                    38:9b:ab:bb:76:9d:a4:16:62:27:9b:6f:ec:af:97:
                    d6:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:18:41:40:CD:1A:22:3F:63:8B:79:96:F5:48:9F:48:5D:8E:E6:27
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/07bf29-07d1-4daf-b3bb-cbfb2c7fbadd/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/07bf29-07d1-4daf-b3bb-cbfb2c7fbadd/1/zxhBQM0aIj9ji3mW9UifSF2O5ic.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.128.56.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215457

    Signature Algorithm: sha256WithRSAEncryption
         91:b1:a7:4d:0c:d8:10:49:c7:79:ad:72:2e:30:f5:0d:68:65:
         52:55:51:14:3b:22:c5:d4:00:c9:25:e0:84:8b:83:c7:f4:2a:
         8b:3e:f4:6e:90:27:59:3e:09:e9:17:b7:73:b7:0d:1f:aa:c7:
         cc:48:db:6e:d8:fe:c2:f3:c6:28:42:8f:22:d0:d0:b2:80:f2:
         1e:a3:4c:ec:8b:94:0e:62:ed:7b:51:aa:23:ba:2f:2f:07:73:
         f8:65:31:b4:1d:b8:e7:62:fe:2a:07:55:36:99:da:55:ac:c3:
         67:f5:89:1f:fb:cb:6f:8d:c6:35:30:1e:63:9c:99:ff:f5:43:
         e1:85:cf:4b:0d:2b:07:e7:0a:18:dd:f9:01:dc:db:b9:ab:83:
         fd:a7:1b:03:ac:3a:27:c4:3c:7c:dd:87:23:9f:af:98:c6:cb:
         da:45:dc:9a:49:4a:6e:18:36:9d:a4:ed:91:f1:c9:88:41:39:
         d7:16:80:73:cd:d1:dd:43:72:e9:51:9a:46:77:13:31:a0:b4:
         c4:14:7f:f2:cf:77:a6:79:9b:d7:b0:29:e7:d4:bc:91:e4:77:
         53:19:cf:d5:f2:91:ae:a4:2d:9a:2f:1e:6d:93:73:04:b3:c0:
         09:f5:1b:90:92:eb:10:a5:f6:f2:10:44:50:ab:7d:0f:7e:56:
         eb:a8:fc:0e
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAY3LuVlk/5GJaEp9GmDVZlErMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMjIxMTI1MjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjE4NDE0MGNkMWEyMjNmNjM4Yjc5OTZmNTQ4OWY0ODVkOGVlNjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvF8LTncdYs74SUgKuhlEt46r2Lv
0na9poiIFxLNDfXLp9IypLKbHj5EamgXnKrsyhF7cFpDqmdkchDhroPQRtqMSv7J
VY0mzljvQ2ZcuLL34tsS8FTl5u2yJmH7Gdr1c2RiA59BwLoI6w46zqNDxT3iJlsR
eOwysq4C6toJDF3IjRc4dgY+n2j4hU+An5YYHa+QfIRAFbxDBUp4NCBOiy53h6GT
6yRvHoO9VD1VDMhy4n5EkHmQ7kMaAPoyIUOf159vi0QwHDmO1r7BZ3G4o0Vfod4m
kcO2fV6RkyLgrohEHO5lBrN1h5ilyZ0lIbY4m6u7dp2kFmInm2/sr5fWeQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFM8YQUDNGiI/Y4t5lvVIn0hdjuYnMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQwLzA3YmYy
OS0wN2QxLTRkYWYtYjNiYi1jYmZiMmM3ZmJhZGQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDAvMDdiZjI5
LTA3ZDEtNGRhZi1iM2JiLWNiZmIyYzdmYmFkZC8xL3p4aEJRTTBhSWo5amkzbVc5
VWlmU0YyTzVpYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCH4A4MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwNJoTANBgkqhkiG9w0BAQsFAAOCAQEAkbGnTQzYEEnHea1yLjD1DWhlUlVRFDsi
xdQAySXghIuDx/Qqiz70bpAnWT4J6Re3c7cNH6rHzEjbbtj+wvPGKEKPItDQsoDy
HqNM7IuUDmLte1GqI7ovLwdz+GUxtB2452L+KgdVNpnaVazDZ/WJH/vLb43GNTAe
Y5yZ//VD4YXPSw0rB+cKGN35AdzbuauD/acbA6w6J8Q8fN2HI5+vmMbL2kXcmklK
bhg2naTtkfHJiEE51xaAc83R3UNy6VGaRncTMaC0xBR/8s93pnmb17Ap59S8keR3
UxnP1fKRrqQtmi8ebZNzBLPACfUbkJLrEKX28hBEUKt9D35W66j8Dg==
-----END CERTIFICATE-----