Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/B_xIFsg7wTWHjxB93N9DOB3JPPA.cer
File:                     B_xIFsg7wTWHjxB93N9DOB3JPPA.cer (raw, json)
Hash identifier:          se9Ut3dlZ7acn8ahzJ7wTP5coe0k+C53NFxhPqxzG+M=
Subject key identifier:   07:FC:48:16:C8:3B:C1:35:87:8F:10:7D:DC:DF:43:38:1D:C9:3C:F0
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC94CAE943E33F50AAFEC2A780AB57AB5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/83/cd47c6-7d23-4c55-8eb1-ea7210b6c575/1/B_xIFsg7wTWHjxB93N9DOB3JPPA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/83/cd47c6-7d23-4c55-8eb1-ea7210b6c575/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 08:31:35 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 146.211.0.0/16
                          IP: 2001:67c:19b0::/46

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 30 Mar 2024 06:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:ae:94:3e:33:f5:0a:af:ec:2a:78:0a:b5:7a:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07fc4816c83bc135878f107ddcdf43381dc93cf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:ec:63:2a:61:91:60:63:bc:e0:25:4a:5d:64:
                    dc:dd:a3:92:ec:2c:fc:ec:5d:0f:d4:71:96:7f:e7:
                    60:4d:0b:8f:7d:8e:e3:91:bc:49:71:05:1b:d6:1a:
                    f1:38:46:e6:e1:b3:3b:db:a7:95:78:6a:4a:6a:c5:
                    62:9d:c4:eb:4b:2f:5c:86:96:5a:b7:d8:5c:54:0f:
                    e5:f3:9f:af:8d:99:90:f3:6f:2e:39:7a:1e:54:d4:
                    02:c1:df:6a:30:d8:f8:f1:ba:bc:7c:20:e9:fa:5f:
                    ab:9f:52:8a:d3:e3:6f:2c:c4:ad:79:a8:65:12:2a:
                    39:e4:07:34:2b:2e:c5:e0:3f:65:26:8e:91:4a:59:
                    f0:f3:6f:37:8d:e0:84:a4:46:e3:6b:41:2d:49:ff:
                    b1:e8:50:ef:d5:83:d8:32:59:ec:d4:66:3a:02:74:
                    ca:7d:57:30:6e:bf:4a:e0:a8:44:c7:03:c0:10:d6:
                    31:55:95:93:73:8b:5a:3e:a6:59:9a:b7:fe:3e:3a:
                    a2:d4:8b:74:6a:b3:a1:db:0c:c7:61:45:3a:dc:d2:
                    a2:af:62:3c:b5:11:fc:43:c2:a5:37:a0:51:9f:33:
                    b4:ca:96:6c:92:dd:af:7c:80:a5:85:16:3f:dc:c1:
                    98:e8:39:9c:2d:57:ec:8d:66:c8:c2:38:b6:c3:54:
                    ac:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:FC:48:16:C8:3B:C1:35:87:8F:10:7D:DC:DF:43:38:1D:C9:3C:F0
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/cd47c6-7d23-4c55-8eb1-ea7210b6c575/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/cd47c6-7d23-4c55-8eb1-ea7210b6c575/1/B_xIFsg7wTWHjxB93N9DOB3JPPA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.211.0.0/16
                IPv6:
                  2001:67c:19b0::/46

    Signature Algorithm: sha256WithRSAEncryption
         9a:00:51:a7:1d:47:e1:0c:c2:5a:35:56:ab:47:35:ac:f5:74:
         e6:f2:2d:dd:70:40:45:aa:d6:f3:c8:e7:56:41:3e:23:0b:65:
         77:dc:a8:68:7a:dd:49:9f:f8:a1:d1:fe:5a:5d:b7:1a:c0:88:
         04:fa:8f:6a:61:08:23:43:0b:cb:11:d9:58:82:b4:15:0c:80:
         17:a2:9e:91:c3:5d:12:29:e5:13:aa:17:fc:cd:ec:6f:65:f1:
         15:b4:75:a9:f3:eb:8a:1d:30:7a:ce:0b:fb:d0:98:eb:91:77:
         2d:fa:0d:f0:18:18:42:2e:37:46:d5:1e:82:e4:5e:c7:5e:69:
         87:d0:64:6b:2d:15:65:9e:73:8e:e9:c7:01:96:ef:82:84:ea:
         57:c0:f0:4f:a5:c5:81:44:5c:d2:32:d6:48:4d:15:b5:80:5a:
         4f:52:00:fc:1d:7b:1d:cb:61:28:1d:55:06:47:aa:06:8e:4f:
         38:dc:4b:31:ff:2a:72:b1:d9:16:b1:5c:eb:f2:ad:a5:f9:c0:
         a8:d3:c0:65:cd:58:68:dc:cb:90:ce:bf:22:07:e9:b1:30:8e:
         87:8a:1d:21:fd:34:45:74:06:e2:b2:6a:27:d3:bd:44:8a:5a:
         f2:78:70:75:99:45:5f:46:87:d8:77:da:3c:97:c6:17:7a:77:
         4a:0b:38:1d
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgISAYzJTK6UPjP1Cq/sKngKtXq1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDgzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2ZjNDgxNmM4M2JjMTM1ODc4ZjEwN2RkY2RmNDMzODFkYzkzY2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuxjKmGRYGO84CVKXWTc3aOS7Cz8
7F0P1HGWf+dgTQuPfY7jkbxJcQUb1hrxOEbm4bM726eVeGpKasVincTrSy9chpZa
t9hcVA/l85+vjZmQ828uOXoeVNQCwd9qMNj48bq8fCDp+l+rn1KK0+NvLMSteahl
Eio55Ac0Ky7F4D9lJo6RSlnw8283jeCEpEbja0EtSf+x6FDv1YPYMlns1GY6AnTK
fVcwbr9K4KhExwPAENYxVZWTc4taPqZZmrf+Pjqi1It0arOh2wzHYUU63NKir2I8
tRH8Q8KlN6BRnzO0ypZskt2vfIClhRY/3MGY6DmcLVfsjWbIwji2w1SsMQIDAQAB
o4IClDCCApAwHQYDVR0OBBYEFAf8SBbIO8E1h48QfdzfQzgdyTzwMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzgzL2NkNDdj
Ni03ZDIzLTRjNTUtOGViMS1lYTcyMTBiNmM1NzUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODMvY2Q0N2M2
LTdkMjMtNGM1NS04ZWIxLWVhNzIxMGI2YzU3NS8xL0JfeElGc2c3d1RXSGp4Qjkz
TjlET0IzSlBQQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC8GCCsGAQUF
BwEHAQH/BCAwHjALBAIAATAFAwMAktMwDwQCAAIwCQMHAiABBnwZsDANBgkqhkiG
9w0BAQsFAAOCAQEAmgBRpx1H4QzCWjVWq0c1rPV05vIt3XBARarW88jnVkE+Iwtl
d9yoaHrdSZ/4odH+Wl23GsCIBPqPamEII0MLyxHZWIK0FQyAF6KekcNdEinlE6oX
/M3sb2XxFbR1qfPrih0wes4L+9CY65F3LfoN8BgYQi43RtUeguRex15ph9Bkay0V
ZZ5zjunHAZbvgoTqV8DwT6XFgURc0jLWSE0VtYBaT1IA/B17HcthKB1VBkeqBo5P
ONxLMf8qcrHZFrFc6/KtpfnAqNPAZc1YaNzLkM6/IgfpsTCOh4odIf00RXQG4rJq
J9O9RIpa8nhwdZlFX0aH2HfaPJfGF3p3Sgs4HQ==
-----END CERTIFICATE-----
Generated at Fri Mar 29 13:48:19 2024 by rpki-client on console-fra.rpki-client.org