Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/BfIh9fBM-dlt3qRCUbK4I_cRRmM.cer
File:                     BfIh9fBM-dlt3qRCUbK4I_cRRmM.cer (raw, json)
Hash identifier:          1lT9AfaqjUxPV46OedQ4OSZfdMYdqqWDFG/MQTsRuww=
Subject key identifier:   05:F2:21:F5:F0:4C:F9:D9:6D:DE:A4:42:51:B2:B8:23:F7:11:46:63
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0192426BE97AB8092A1E4493CCB1088BAD18
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/63/b7d1b5-7cb8-46aa-ad58-cbf2a3b6a284/1/BfIh9fBM-dlt3qRCUbK4I_cRRmM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/63/b7d1b5-7cb8-46aa-ad58-cbf2a3b6a284/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 30 Sep 2024 10:13:41 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 192.54.122.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:42:6b:e9:7a:b8:09:2a:1e:44:93:cc:b1:08:8b:ad:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Sep 30 10:13:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05f221f5f04cf9d96ddea44251b2b823f7114663
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:18:eb:0a:7a:42:54:aa:ad:58:1e:18:cf:e6:
                    cd:bf:45:79:c5:55:78:84:ea:64:28:10:22:dd:58:
                    59:b5:5c:85:ed:47:1b:e1:d4:8b:54:5f:c8:af:f6:
                    77:03:52:2f:02:07:1e:6d:95:c0:cb:7b:5c:01:54:
                    73:99:dd:28:91:29:9c:f9:94:43:d4:85:0c:d6:ac:
                    b9:09:d2:16:09:79:f6:03:96:e3:9f:10:e8:cb:d8:
                    88:76:cd:93:76:52:41:5e:11:fd:f4:47:d5:11:d0:
                    18:10:4b:9a:7e:3f:9c:7c:32:73:28:a1:5b:28:b4:
                    26:3e:9f:87:47:f7:8a:6a:de:6e:e7:5f:91:28:4f:
                    8e:e3:57:f8:4f:23:72:3e:33:94:fd:e5:33:61:0c:
                    d6:d9:d5:47:12:43:ce:9d:de:7e:ee:ef:54:24:85:
                    1b:b1:72:06:15:4e:79:69:2f:58:e3:22:ff:e9:b0:
                    c2:04:fb:50:02:0b:3d:45:24:18:1b:93:87:d7:27:
                    7c:28:36:ee:fc:ac:5d:78:2a:96:70:2c:9f:0e:2e:
                    75:a0:ef:14:e4:f7:7a:5c:7c:6e:b5:fc:e5:0d:3d:
                    85:c7:85:13:cd:e1:f7:43:64:7d:08:83:19:99:c4:
                    1d:73:79:56:53:6f:99:9b:1c:02:a3:2e:c5:4e:0d:
                    ed:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:F2:21:F5:F0:4C:F9:D9:6D:DE:A4:42:51:B2:B8:23:F7:11:46:63
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/b7d1b5-7cb8-46aa-ad58-cbf2a3b6a284/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/b7d1b5-7cb8-46aa-ad58-cbf2a3b6a284/1/BfIh9fBM-dlt3qRCUbK4I_cRRmM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.54.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:7d:a4:b3:fd:79:b6:c7:70:e0:6c:91:46:c7:86:77:c6:9d:
         3b:c1:32:60:9f:e7:9d:48:0b:10:d0:9a:73:19:a9:92:52:60:
         b3:1e:4e:02:5f:43:99:c6:f2:f4:00:31:0f:12:40:b8:f1:96:
         d2:0b:60:4a:05:2d:44:1c:6a:ff:9a:f4:5f:43:93:4d:ed:5f:
         f0:8e:d0:c7:3b:e7:c9:54:79:ca:af:43:1c:ef:99:4a:3d:de:
         49:b2:a4:01:6a:f4:3d:9e:ea:14:53:b7:50:c8:42:a3:bd:ef:
         bb:14:f4:a2:7a:01:d6:79:e1:8c:27:1b:06:f0:8b:12:94:65:
         08:5f:90:41:3a:68:f6:28:f0:3f:51:fb:61:33:2f:75:78:fc:
         ac:d1:7b:ce:60:01:48:d7:0d:f7:90:6e:57:e1:57:8d:8d:5c:
         50:aa:24:9e:e8:f0:7e:33:df:02:19:47:1c:4a:fb:e1:89:0f:
         30:54:38:3d:59:3f:e5:99:3d:de:d0:3f:b1:0f:db:6a:20:7a:
         f2:28:61:2c:2d:32:19:5d:16:28:13:79:5e:9b:5a:ad:64:e3:
         c9:73:29:0a:d8:25:c3:41:65:90:70:4d:5e:63:5d:6a:9a:1e:
         30:e9:ca:6c:b2:4a:fa:76:d7:c6:6e:8e:e8:04:7e:d7:51:44:
         6e:1c:8b:41
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZJCa+l6uAkqHkSTzLEIi60YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwOTMwMTAxMzQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWYyMjFmNWYwNGNmOWQ5NmRkZWE0NDI1MWIyYjgyM2Y3MTE0NjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hjrCnpCVKqtWB4Yz+bNv0V5xVV4
hOpkKBAi3VhZtVyF7Ucb4dSLVF/Ir/Z3A1IvAgcebZXAy3tcAVRzmd0okSmc+ZRD
1IUM1qy5CdIWCXn2A5bjnxDoy9iIds2TdlJBXhH99EfVEdAYEEuafj+cfDJzKKFb
KLQmPp+HR/eKat5u51+RKE+O41f4TyNyPjOU/eUzYQzW2dVHEkPOnd5+7u9UJIUb
sXIGFU55aS9Y4yL/6bDCBPtQAgs9RSQYG5OH1yd8KDbu/KxdeCqWcCyfDi51oO8U
5Pd6XHxutfzlDT2Fx4UTzeH3Q2R9CIMZmcQdc3lWU2+ZmxwCoy7FTg3tCwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFAXyIfXwTPnZbd6kQlGyuCP3EUZjMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzYzL2I3ZDFi
NS03Y2I4LTQ2YWEtYWQ1OC1jYmYyYTNiNmEyODQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjMvYjdkMWI1
LTdjYjgtNDZhYS1hZDU4LWNiZjJhM2I2YTI4NC8xL0JmSWg5ZkJNLWRsdDNxUkNV
Yks0SV9jUlJtTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwDZ6MA0GCSqGSIb3DQEBCwUAA4IBAQB3faSz
/Xm2x3DgbJFGx4Z3xp07wTJgn+edSAsQ0JpzGamSUmCzHk4CX0OZxvL0ADEPEkC4
8ZbSC2BKBS1EHGr/mvRfQ5NN7V/wjtDHO+fJVHnKr0Mc75lKPd5JsqQBavQ9nuoU
U7dQyEKjve+7FPSiegHWeeGMJxsG8IsSlGUIX5BBOmj2KPA/UfthMy91ePys0XvO
YAFI1w33kG5X4VeNjVxQqiSe6PB+M98CGUccSvvhiQ8wVDg9WT/lmT3e0D+xD9tq
IHryKGEsLTIZXRYoE3lem1qtZOPJcykK2CXDQWWQcE1eY11qmh4w6cpsskr6dtfG
bo7oBH7XUURuHItB
-----END CERTIFICATE-----