Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b_QQQx787sddbGKyx6WOTrSGyY.cer
File:                     6b_QQQx787sddbGKyx6WOTrSGyY.cer (raw, json)
Hash identifier:          z1EF21/zOJqLFAfYC6h1ZvtO330lYiie+YKzY4IWpNM=
Subject key identifier:   E9:BF:D0:41:0C:7B:F3:BB:1D:75:B1:8A:CB:1E:96:39:3A:D2:1B:26
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019427B6653CD82522CE5B2EED14911C3CB6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/0f/8d939f-9ef9-4076-a8f3-7a70b787d2ef/1/6b_QQQx787sddbGKyx6WOTrSGyY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/0f/8d939f-9ef9-4076-a8f3-7a70b787d2ef/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 15:50:52 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.196.4.0/22
                          IP: 2a0a:62c0::/32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:65:3c:d8:25:22:ce:5b:2e:ed:14:91:1c:3c:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 15:50:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e9bfd0410c7bf3bb1d75b18acb1e96393ad21b26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:22:b1:a5:07:7f:92:46:ff:7e:8a:7c:c9:0d:
                    f0:ee:71:b7:ca:c6:49:65:fd:62:af:bc:f0:93:a9:
                    0b:43:8e:91:ff:45:83:89:92:e3:62:b2:d4:e3:d5:
                    27:62:e5:3d:6c:24:70:c6:25:8e:f7:78:e8:f8:fd:
                    61:ce:e1:d9:13:e5:5d:b5:27:97:03:9e:61:4f:a3:
                    0a:09:8a:e7:f0:8a:44:d4:b4:39:e6:46:df:b5:93:
                    39:a0:e8:7e:9a:af:e5:cb:f1:66:16:2d:a2:a5:13:
                    58:7b:3e:55:ae:1f:cf:04:7c:3d:75:3c:1c:50:25:
                    3d:c6:93:7e:5a:00:31:63:69:25:cb:74:64:06:a6:
                    a8:c8:f6:6b:7e:56:d6:18:bf:53:7f:84:ca:c3:e1:
                    db:e5:c5:22:e0:72:17:b4:fd:96:7a:23:e0:17:b5:
                    2f:e3:8f:b6:09:9c:03:dd:69:5b:84:7f:1e:27:2d:
                    e4:d6:64:45:33:41:a4:43:7d:69:7e:04:23:18:ca:
                    23:05:ed:88:51:79:35:27:d6:71:a9:32:2c:4f:86:
                    83:54:cf:6d:3b:57:d2:30:ec:96:85:3b:e5:de:64:
                    f7:3b:f9:fb:eb:86:73:d4:8c:78:ae:0c:21:dd:4d:
                    0b:70:ef:6c:42:97:2b:d1:fc:73:70:c3:88:95:cd:
                    d6:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:BF:D0:41:0C:7B:F3:BB:1D:75:B1:8A:CB:1E:96:39:3A:D2:1B:26
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/8d939f-9ef9-4076-a8f3-7a70b787d2ef/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/8d939f-9ef9-4076-a8f3-7a70b787d2ef/1/6b_QQQx787sddbGKyx6WOTrSGyY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.4.0/22
                IPv6:
                  2a0a:62c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         95:ed:c9:aa:f4:5c:2d:97:c1:cb:91:0d:00:3f:66:7e:e2:14:
         5e:f5:9f:b2:81:c8:98:c9:fb:3f:67:58:a5:ee:5e:62:8c:c0:
         67:1d:84:1c:bc:ac:1b:2d:55:32:cf:e7:2b:d6:b3:36:d5:b1:
         e3:ec:83:4c:c1:75:ae:77:34:29:93:7b:16:20:fc:06:ac:ea:
         43:bf:bf:48:28:c6:ce:c1:8b:2a:76:3e:05:8d:81:b2:5f:df:
         8e:9e:e8:cf:07:c8:02:83:6d:4c:c7:a3:d8:89:e4:0c:72:9c:
         48:82:2c:7c:dc:a4:84:93:66:bd:bf:5c:50:63:e9:29:7a:ba:
         18:2d:65:c8:46:e7:cb:c1:46:72:c5:de:08:d1:2c:a9:ee:25:
         e4:f3:bd:bb:6a:c2:c7:35:69:c9:5e:93:39:0a:8e:b0:41:62:
         b3:5d:d5:a6:24:94:94:6d:46:01:97:01:c7:03:7f:61:ae:66:
         91:2e:32:63:82:29:b1:ff:0c:54:70:ef:8b:ee:f8:13:d6:28:
         96:18:a8:a4:f9:2f:f4:62:70:45:14:32:ee:5b:04:09:c2:7e:
         f5:54:29:26:76:ad:da:05:bf:8a:a2:d5:b6:84:8f:81:5f:fb:
         1c:17:06:e8:0f:4d:9a:05:03:c8:de:69:e7:dd:0b:99:29:d0:
         35:2a:dc:99
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQntmU82CUizlsu7RSRHDy2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTU1MDUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWJmZDA0MTBjN2JmM2JiMWQ3NWIxOGFjYjFlOTYzOTNhZDIxYjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2CKxpQd/kkb/fop8yQ3w7nG3ysZJ
Zf1ir7zwk6kLQ46R/0WDiZLjYrLU49UnYuU9bCRwxiWO93jo+P1hzuHZE+VdtSeX
A55hT6MKCYrn8IpE1LQ55kbftZM5oOh+mq/ly/FmFi2ipRNYez5Vrh/PBHw9dTwc
UCU9xpN+WgAxY2kly3RkBqaoyPZrflbWGL9Tf4TKw+Hb5cUi4HIXtP2WeiPgF7Uv
44+2CZwD3WlbhH8eJy3k1mRFM0GkQ31pfgQjGMojBe2IUXk1J9ZxqTIsT4aDVM9t
O1fSMOyWhTvl3mT3O/n764Zz1Ix4rgwh3U0LcO9sQpcr0fxzcMOIlc3WJQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFOm/0EEMe/O7HXWxisseljk60hsmMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBmLzhkOTM5
Zi05ZWY5LTQwNzYtYThmMy03YTcwYjc4N2QyZWYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGYvOGQ5Mzlm
LTllZjktNDA3Ni1hOGYzLTdhNzBiNzg3ZDJlZi8xLzZiX1FRUXg3ODdzZGRiR0t5
eDZXT1RyU0d5WS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCucQEMA0EAgACMAcDBQAqCmLAMA0GCSqGSIb3
DQEBCwUAA4IBAQCV7cmq9Fwtl8HLkQ0AP2Z+4hRe9Z+ygciYyfs/Z1il7l5ijMBn
HYQcvKwbLVUyz+cr1rM21bHj7INMwXWudzQpk3sWIPwGrOpDv79IKMbOwYsqdj4F
jYGyX9+OnujPB8gCg21Mx6PYieQMcpxIgix83KSEk2a9v1xQY+kperoYLWXIRufL
wUZyxd4I0Syp7iXk8727asLHNWnJXpM5Co6wQWKzXdWmJJSUbUYBlwHHA39hrmaR
LjJjgimx/wxUcO+L7vgT1iiWGKik+S/0YnBFFDLuWwQJwn71VCkmdq3aBb+KotW2
hI+BX/scFwboD02aBQPI3mnn3QuZKdA1KtyZ
-----END CERTIFICATE-----