Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.cer
File:                     1tuqG1LzpzKJ_3aKy3uqfzh_lV8.cer (raw, json)
Hash identifier:          DXybqDMwUywOcxfEbRp8DtvYGyPVKY5B6f5YNg3A3bc=
Subject key identifier:   D6:DB:AA:1B:52:F3:A7:32:89:FF:76:8A:CB:7B:AA:7F:38:7F:95:5F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC94E3E97D88CEB761626FB70B4F112D2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 08:33:17 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.208.0.0/24
                          IP: 91.208.16.0/24
                          IP: 91.208.19.0/24
                          IP: 91.208.21.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:3e:97:d8:8c:eb:76:16:26:fb:70:b4:f1:12:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:33:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6dbaa1b52f3a73289ff768acb7baa7f387f955f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:f3:b1:b3:bd:89:64:66:1f:6b:4f:21:b9:63:
                    6c:94:d7:b3:d2:4e:2d:e3:25:0d:88:32:24:28:17:
                    64:d8:05:f1:4a:e2:d9:56:d3:f5:5f:d9:86:af:7a:
                    d2:d5:6f:85:f7:b3:46:12:33:2b:88:59:a0:59:95:
                    60:9a:a4:8b:09:86:15:50:4b:5c:74:c4:03:af:61:
                    ab:27:83:17:dc:56:a1:44:2d:c1:da:7d:8a:26:5e:
                    43:ff:7c:8b:e8:f6:e1:d9:41:95:fa:87:b4:7c:d2:
                    09:f8:f0:9a:48:1c:74:87:b6:65:e8:62:3a:f6:ae:
                    31:2f:f9:60:98:b4:f8:cb:71:bd:b2:fe:10:ce:bb:
                    f4:b6:df:4c:07:b8:2d:c1:f7:1c:f9:57:df:48:23:
                    de:1c:ef:3e:a3:4c:7d:9f:1c:64:a6:22:f7:92:10:
                    61:7e:0b:fb:5f:b9:bc:af:88:9b:c5:44:2c:6b:09:
                    b1:d7:02:01:3b:83:9d:75:44:8b:f0:5c:13:2e:70:
                    45:d7:5f:7b:da:17:eb:6e:c1:47:dc:dc:c5:e8:9c:
                    04:81:34:c8:bc:c2:be:ad:68:01:b8:9b:ad:aa:da:
                    d5:d7:65:eb:90:7b:54:6e:77:ba:77:af:ad:4f:a1:
                    49:03:ec:28:6c:51:d7:7d:12:7b:94:46:7a:88:c1:
                    c7:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:DB:AA:1B:52:F3:A7:32:89:FF:76:8A:CB:7B:AA:7F:38:7F:95:5F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.0.0/24
                  91.208.16.0/24
                  91.208.19.0/24
                  91.208.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:38:c0:4e:96:68:5d:37:74:d6:7c:27:57:7f:f0:26:eb:48:
         1e:5f:8b:2c:fd:71:a6:6f:05:90:62:fa:e4:ee:5d:65:ca:47:
         42:0f:ff:33:e5:a6:d8:da:ff:16:fc:ea:d8:84:63:98:27:9c:
         d8:ed:ab:dc:fc:c7:c3:18:a7:bc:c9:46:76:2f:23:3d:f8:be:
         d4:2c:48:c0:24:e0:f5:71:25:88:4c:4c:f8:3b:15:08:b2:c5:
         76:58:bf:1f:48:cb:e8:77:3d:58:e5:54:e9:45:fc:3f:85:15:
         21:d9:3b:e7:51:de:8b:45:89:f6:96:6b:31:9b:62:ac:53:81:
         e0:65:9c:5e:cb:66:9c:51:1f:7f:12:65:48:6c:5d:bf:fb:a2:
         c3:d5:11:4a:ce:b6:c8:8e:7f:f0:5e:07:f4:d3:41:f0:36:8b:
         15:cf:cf:db:7f:c5:29:20:db:08:a1:38:1d:89:bd:31:6a:92:
         47:e8:51:67:39:2f:1b:82:3a:3a:01:bf:6a:31:d3:82:2e:3d:
         45:ee:c5:ac:74:e7:7b:6b:dd:81:26:ee:3c:05:b9:cb:a5:da:
         e9:21:af:b2:16:31:31:b0:30:f1:c0:49:88:cb:9d:73:3a:a0:
         ba:54:ea:f5:ca:db:b6:46:74:2b:24:59:28:ba:0d:75:e2:07:
         7d:ca:46:d1
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgISAYzJTj6X2IzrdhYm+3C08RLSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDgzMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmRiYWExYjUyZjNhNzMyODlmZjc2OGFjYjdiYWE3ZjM4N2Y5NTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvOxs72JZGYfa08huWNslNez0k4t
4yUNiDIkKBdk2AXxSuLZVtP1X9mGr3rS1W+F97NGEjMriFmgWZVgmqSLCYYVUEtc
dMQDr2GrJ4MX3FahRC3B2n2KJl5D/3yL6Pbh2UGV+oe0fNIJ+PCaSBx0h7Zl6GI6
9q4xL/lgmLT4y3G9sv4Qzrv0tt9MB7gtwfcc+VffSCPeHO8+o0x9nxxkpiL3khBh
fgv7X7m8r4ibxUQsawmx1wIBO4OddUSL8FwTLnBF11972hfrbsFH3NzF6JwEgTTI
vMK+rWgBuJutqtrV12XrkHtUbne6d6+tT6FJA+wobFHXfRJ7lEZ6iMHHBQIDAQAB
o4ICljCCApIwHQYDVR0OBBYEFNbbqhtS86cyif92ist7qn84f5VfMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YwL2IwYjZl
Ny0zZTIzLTQ0MjYtOGM4NC1mYWI4M2Q0MDM1NTgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjAvYjBiNmU3
LTNlMjMtNDQyNi04Yzg0LWZhYjgzZDQwMzU1OC8xLzF0dXFHMUx6cHpLSl8zYUt5
M3VxZnpoX2xWOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDEGCCsGAQUF
BwEHAQH/BCIwIDAeBAIAATAYAwQAW9AAAwQAW9AQAwQAW9ATAwQAW9AVMA0GCSqG
SIb3DQEBCwUAA4IBAQA/OMBOlmhdN3TWfCdXf/Am60geX4ss/XGmbwWQYvrk7l1l
ykdCD/8z5abY2v8W/OrYhGOYJ5zY7avc/MfDGKe8yUZ2LyM9+L7ULEjAJOD1cSWI
TEz4OxUIssV2WL8fSMvodz1Y5VTpRfw/hRUh2TvnUd6LRYn2lmsxm2KsU4HgZZxe
y2acUR9/EmVIbF2/+6LD1RFKzrbIjn/wXgf000HwNosVz8/bf8UpINsIoTgdib0x
apJH6FFnOS8bgjo6Ab9qMdOCLj1F7sWsdOd7a92BJu48BbnLpdrpIa+yFjExsDDx
wEmIy51zOqC6VOr1ytu2RnQrJFkoug114gd9ykbR
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:07:51 2024 by rpki-client on console-ams.rpki-client.org