Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/i_iimBQfwvRcBy0noL8mJlXLb1o.cer
File:                     i_iimBQfwvRcBy0noL8mJlXLb1o.cer (raw, json)
Hash identifier:          P7nUVEnKBmausG11dXHx9+7QDdM8Dyl/qwuDYAsxxB8=
Subject key identifier:   8B:F8:A2:98:14:1F:C2:F4:5C:07:2D:27:A0:BF:26:26:55:CB:6F:5A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019652F92E35B6F4FC6ED7DB5F40F1AA26DD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/73/496442-aab7-409c-9eff-d46ed568f871/1/i_iimBQfwvRcBy0noL8mJlXLb1o.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/73/496442-aab7-409c-9eff-d46ed568f871/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 20 Apr 2025 11:33:04 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.94.180.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:52:f9:2e:35:b6:f4:fc:6e:d7:db:5f:40:f1:aa:26:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr 20 11:33:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8bf8a298141fc2f45c072d27a0bf262655cb6f5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:50:27:a5:c2:bb:86:23:b1:e2:5e:5c:5b:c7:
                    82:78:c7:f7:20:69:28:43:a3:a5:8e:37:73:67:21:
                    44:4d:69:02:30:5e:31:e2:14:07:8e:1b:0f:6a:36:
                    67:f0:4f:dc:14:7b:34:4e:28:46:14:09:76:ed:5c:
                    8e:67:b4:ae:56:36:06:0c:1c:d6:f6:36:23:87:76:
                    ab:60:27:20:f4:a9:df:c9:5d:42:ca:e2:a6:2c:33:
                    d2:1f:db:c0:a7:e8:a2:28:8b:bb:18:fd:79:22:e5:
                    ff:fd:af:40:e9:02:d2:52:34:dd:85:56:bb:4e:e5:
                    34:bd:bf:eb:1b:63:0d:a1:a2:06:69:c1:94:cf:49:
                    68:b8:c0:12:cd:c0:51:aa:a4:a5:42:c3:8e:ff:05:
                    77:16:64:b0:f0:73:47:34:44:2a:20:3d:c6:fa:0c:
                    a5:40:35:b8:21:e9:34:3d:75:59:6f:d1:b4:4e:52:
                    cf:3a:96:a2:d0:2d:2f:9c:4d:b6:39:70:4d:26:4f:
                    06:d6:e2:46:37:3c:8e:4d:ba:34:1f:e8:c8:f4:2b:
                    c4:45:54:fa:76:d8:e5:74:3c:3e:ed:3c:e5:d9:e5:
                    78:34:f2:4b:a8:26:56:a6:9f:43:9f:38:3b:01:71:
                    5d:16:61:65:2a:15:32:ba:f8:94:0d:3d:89:35:fc:
                    3b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:F8:A2:98:14:1F:C2:F4:5C:07:2D:27:A0:BF:26:26:55:CB:6F:5A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/496442-aab7-409c-9eff-d46ed568f871/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/496442-aab7-409c-9eff-d46ed568f871/1/i_iimBQfwvRcBy0noL8mJlXLb1o.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.94.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:53:7a:7c:5b:22:bf:59:f9:e2:98:87:85:ea:37:61:20:b2:
         f9:28:7f:0e:4a:d2:54:b3:00:0e:89:73:39:7d:47:32:1e:24:
         48:d6:2f:02:21:f0:4a:da:cd:73:4b:1c:bf:05:56:67:c9:f5:
         69:00:cd:e8:44:7c:4a:6e:20:34:ec:da:22:bf:fc:c0:03:c7:
         83:15:11:b0:22:ff:4c:3e:a0:b2:62:71:22:50:03:98:e5:1b:
         00:11:ea:b8:ca:f2:81:01:a0:f3:a2:0b:39:11:d7:dc:81:db:
         a4:00:ef:eb:e4:7f:f7:ff:57:f7:73:81:02:26:04:cb:b2:f8:
         21:f2:b0:6e:da:8d:59:27:5b:bb:f4:b3:e9:82:95:74:22:2b:
         1a:8d:ce:a6:c3:2d:e1:30:94:ec:ec:06:39:8c:0c:e2:40:aa:
         99:2b:a1:4f:03:39:40:50:3a:ce:33:c9:7b:0e:cb:de:30:50:
         aa:03:bf:fe:49:3f:fa:ca:3b:d2:b3:a9:1f:1e:a2:0e:4c:a8:
         cc:3e:7e:91:f1:76:bb:0c:cf:bb:ab:1a:13:06:a1:26:d3:eb:
         22:fc:50:e9:d9:89:e8:60:97:08:d2:79:91:55:11:13:31:ee:
         43:9e:06:28:81:ca:58:78:2b:b1:ec:af:e9:98:64:a7:9c:1d:
         a6:6a:e3:16
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZZS+S41tvT8btfbX0DxqibdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNDIwMTEzMzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmY4YTI5ODE0MWZjMmY0NWMwNzJkMjdhMGJmMjYyNjU1Y2I2ZjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFAnpcK7hiOx4l5cW8eCeMf3IGko
Q6OljjdzZyFETWkCMF4x4hQHjhsPajZn8E/cFHs0TihGFAl27VyOZ7SuVjYGDBzW
9jYjh3arYCcg9KnfyV1CyuKmLDPSH9vAp+iiKIu7GP15IuX//a9A6QLSUjTdhVa7
TuU0vb/rG2MNoaIGacGUz0louMASzcBRqqSlQsOO/wV3FmSw8HNHNEQqID3G+gyl
QDW4Iek0PXVZb9G0TlLPOpai0C0vnE22OXBNJk8G1uJGNzyOTbo0H+jI9CvERVT6
dtjldDw+7Tzl2eV4NPJLqCZWpp9Dnzg7AXFdFmFlKhUyuviUDT2JNfw7KwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFIv4opgUH8L0XActJ6C/JiZVy29aMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzczLzQ5NjQ0
Mi1hYWI3LTQwOWMtOWVmZi1kNDZlZDU2OGY4NzEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzMvNDk2NDQy
LWFhYjctNDA5Yy05ZWZmLWQ0NmVkNTY4Zjg3MS8xL2lfaWltQlFmd3ZSY0J5MG5v
TDhtSmxYTGIxby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAuV60MA0GCSqGSIb3DQEBCwUAA4IBAQANU3p8
WyK/WfnimIeF6jdhILL5KH8OStJUswAOiXM5fUcyHiRI1i8CIfBK2s1zSxy/BVZn
yfVpAM3oRHxKbiA07Noiv/zAA8eDFRGwIv9MPqCyYnEiUAOY5RsAEeq4yvKBAaDz
ogs5EdfcgdukAO/r5H/3/1f3c4ECJgTLsvgh8rBu2o1ZJ1u79LPpgpV0Iisajc6m
wy3hMJTs7AY5jAziQKqZK6FPAzlAUDrOM8l7DsveMFCqA7/+ST/6yjvSs6kfHqIO
TKjMPn6R8Xa7DM+7qxoTBqEm0+si/FDp2YnoYJcI0nmRVRETMe5DngYogcpYeCux
7K/pmGSnnB2mauMW
-----END CERTIFICATE-----