Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/BKr_h_bcDTaZvCk3o03HF_lPAH4.cer
File:                     BKr_h_bcDTaZvCk3o03HF_lPAH4.cer (raw, json)
Hash identifier:          LniGIyL9pg0aIjMuJHUZ2ZOGD5WdP4ha4sqdHwS+VQ8=
Subject key identifier:   04:AA:FF:87:F6:DC:0D:36:99:BC:29:37:A3:4D:C7:17:F9:4F:00:7E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0191DB13DF78223AF853D36E97EDB92291CF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c1/5f2e31-9ad6-438e-ad7c-e3e0c2dbf067/1/BKr_h_bcDTaZvCk3o03HF_lPAH4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c1/5f2e31-9ad6-438e-ad7c-e3e0c2dbf067/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 10 Sep 2024 08:36:38 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 151.87.0.0 -- 151.88.255.255
                          IP: 151.91.0.0 -- 151.92.255.255

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:db:13:df:78:22:3a:f8:53:d3:6e:97:ed:b9:22:91:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Sep 10 08:36:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04aaff87f6dc0d3699bc2937a34dc717f94f007e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:8b:c8:5b:35:88:28:7a:a7:3f:1d:0f:e8:e7:
                    fa:28:13:22:4d:ef:ce:f0:ac:6a:1a:bd:65:96:1d:
                    d6:d9:31:05:2b:b8:b0:e6:ca:04:25:eb:ab:ff:e0:
                    73:8c:97:b3:a7:70:cf:b1:c9:d2:2f:b9:31:bb:a1:
                    20:f0:11:3e:c0:0e:30:71:4a:ff:69:da:30:4c:3b:
                    f3:1f:c5:0a:f0:9c:22:21:6b:09:b6:f9:b0:a0:f5:
                    5c:1b:ec:ce:09:50:10:d6:7b:b4:87:24:67:ad:26:
                    20:52:83:96:63:b3:b4:0c:4d:e0:35:fd:2d:70:50:
                    c1:15:07:d6:f1:a1:d4:4d:4a:a8:b3:71:3f:a0:15:
                    76:b9:1b:5c:d3:48:05:6e:b6:34:bc:6c:70:d7:c7:
                    b2:29:40:45:cb:6d:e0:bb:1e:72:9f:33:24:30:5e:
                    ae:59:b3:99:07:c6:d2:32:0f:2d:42:e8:c7:08:b9:
                    dd:15:7e:1e:7a:cc:b8:5d:9f:67:4b:5c:c3:b6:6a:
                    bc:7b:3a:e4:f1:f7:50:fa:b4:4e:b0:42:a6:d4:df:
                    5f:83:db:6f:f5:6a:64:20:20:7f:66:5f:de:ca:30:
                    52:18:00:8a:ab:69:bd:bf:0f:98:bd:41:17:14:7e:
                    50:05:d7:86:1a:76:31:49:9b:49:e1:b5:de:a7:68:
                    a0:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:AA:FF:87:F6:DC:0D:36:99:BC:29:37:A3:4D:C7:17:F9:4F:00:7E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/5f2e31-9ad6-438e-ad7c-e3e0c2dbf067/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/5f2e31-9ad6-438e-ad7c-e3e0c2dbf067/1/BKr_h_bcDTaZvCk3o03HF_lPAH4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.87.0.0-151.88.255.255
                  151.91.0.0-151.92.255.255

    Signature Algorithm: sha256WithRSAEncryption
         22:ab:94:83:6d:c1:ac:7a:98:1a:f3:03:ae:a0:d5:a7:f7:ab:
         17:3e:dd:15:7f:05:c3:71:23:fa:d1:a4:1f:7c:eb:60:c8:b6:
         03:ef:e4:6f:16:86:94:bf:b1:12:04:93:83:29:42:2f:72:70:
         b7:1b:82:e4:ee:c7:11:82:c2:40:bd:ef:ac:cf:b5:34:2a:71:
         df:7d:5a:01:28:8f:9b:6c:1d:76:a8:a7:65:d6:08:0f:4f:33:
         a2:13:f3:3f:b8:d1:39:e1:9a:04:97:ad:29:29:fd:b4:c9:bd:
         82:3d:34:2a:b6:b3:42:eb:fb:3b:8d:9f:5c:1a:df:26:14:3d:
         4e:da:b3:8f:be:87:30:f6:a9:b4:ab:ee:ea:58:9b:a0:ea:3d:
         63:16:a7:3f:1b:2c:12:74:25:b8:ff:8e:dc:79:4a:bc:84:71:
         44:f0:f2:a4:ba:d9:27:ce:12:87:9b:4e:40:56:62:a2:1e:e2:
         8b:78:c9:68:79:73:d7:01:2d:8d:3f:7b:2a:81:d7:21:1c:16:
         66:14:58:4e:76:dd:6a:dd:cd:d8:7b:56:87:fa:32:b4:64:58:
         a7:76:4a:5d:02:8a:27:9e:93:8c:1b:e9:e9:91:96:6d:70:17:
         ed:4e:e1:c3:01:98:5d:dd:29:5e:67:54:0d:f6:b7:da:0f:d9:
         29:c9:9b:7d
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgISAZHbE994Ijr4U9Nul+25IpHPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwOTEwMDgzNjM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGFhZmY4N2Y2ZGMwZDM2OTliYzI5MzdhMzRkYzcxN2Y5NGYwMDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvovIWzWIKHqnPx0P6Of6KBMiTe/O
8KxqGr1llh3W2TEFK7iw5soEJeur/+BzjJezp3DPscnSL7kxu6Eg8BE+wA4wcUr/
adowTDvzH8UK8JwiIWsJtvmwoPVcG+zOCVAQ1nu0hyRnrSYgUoOWY7O0DE3gNf0t
cFDBFQfW8aHUTUqos3E/oBV2uRtc00gFbrY0vGxw18eyKUBFy23gux5ynzMkMF6u
WbOZB8bSMg8tQujHCLndFX4eesy4XZ9nS1zDtmq8ezrk8fdQ+rROsEKm1N9fg9tv
9WpkICB/Zl/eyjBSGACKq2m9vw+YvUEXFH5QBdeGGnYxSZtJ4bXep2igPQIDAQAB
o4ICljCCApIwHQYDVR0OBBYEFASq/4f23A02mbwpN6NNxxf5TwB+MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MxLzVmMmUz
MS05YWQ2LTQzOGUtYWQ3Yy1lM2UwYzJkYmYwNjcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzEvNWYyZTMx
LTlhZDYtNDM4ZS1hZDdjLWUzZTBjMmRiZjA2Ny8xL0JLcl9oX2JjRFRhWnZDazNv
MDNIRl9sUEFINC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDEGCCsGAQUF
BwEHAQH/BCIwIDAeBAIAATAYMAoDAwCXVwMDAJdYMAoDAwCXWwMDAJdcMA0GCSqG
SIb3DQEBCwUAA4IBAQAiq5SDbcGsepga8wOuoNWn96sXPt0VfwXDcSP60aQffOtg
yLYD7+RvFoaUv7ESBJODKUIvcnC3G4Lk7scRgsJAve+sz7U0KnHffVoBKI+bbB12
qKdl1ggPTzOiE/M/uNE54ZoEl60pKf20yb2CPTQqtrNC6/s7jZ9cGt8mFD1O2rOP
vocw9qm0q+7qWJug6j1jFqc/GywSdCW4/47ceUq8hHFE8PKkutknzhKHm05AVmKi
HuKLeMloeXPXAS2NP3sqgdchHBZmFFhOdt1q3c3Ye1aH+jK0ZFindkpdAoonnpOM
G+npkZZtcBftTuHDAZhd3SleZ1QN9rfaD9kpyZt9
-----END CERTIFICATE-----