Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/GePRH3Ldvtg2EoW0mbkyGRIDt1Y.cer
File:                     GePRH3Ldvtg2EoW0mbkyGRIDt1Y.cer (raw, json)
Hash identifier:          LPtLFdkSg6544/urnDl5RwhDvjxcgi3iGKgpM2vVNCE=
Subject key identifier:   19:E3:D1:1F:72:DD:BE:D8:36:12:85:B4:99:B9:32:19:12:03:B7:56
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942747B1020D3174F94A6CBA08DCE77C33
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a7/c5f7b8-d2c1-46de-9db4-069bfaf2bce4/1/GePRH3Ldvtg2EoW0mbkyGRIDt1Y.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a7/c5f7b8-d2c1-46de-9db4-069bfaf2bce4/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 13:49:57 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 193.109.252.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:b1:02:0d:31:74:f9:4a:6c:ba:08:dc:e7:7c:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 13:49:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19e3d11f72ddbed8361285b499b932191203b756
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:9a:57:27:8a:69:f6:a3:44:ee:8c:f0:63:fb:
                    0e:73:48:c4:a2:d4:fc:de:a0:d0:98:59:bc:7f:6f:
                    7d:10:9b:4b:35:25:1c:f9:75:49:b9:11:ea:0a:e2:
                    07:9a:67:2b:e4:fe:3c:5b:a2:ed:d0:81:09:56:0c:
                    b8:84:84:17:e8:6f:91:c3:33:e1:c6:45:db:ef:a1:
                    22:2f:1a:5e:24:75:39:8d:9d:0e:a6:c5:01:fb:a5:
                    4c:71:2a:25:95:15:b9:34:ba:e0:23:4c:28:87:79:
                    d4:f5:f9:d4:0a:be:98:ab:72:2b:f0:25:09:b3:3e:
                    ee:25:7e:8a:4a:a3:a6:6a:8d:77:32:45:3a:d1:19:
                    0e:b3:f0:e0:c0:e4:36:52:a9:65:9c:2a:42:f9:76:
                    cf:37:32:75:f4:26:ba:f5:65:ba:68:01:53:a4:a7:
                    2f:f1:de:29:62:fa:ed:1c:81:25:a8:65:f8:4d:1a:
                    46:a4:f0:95:06:de:5c:13:c0:4c:39:c9:c2:26:44:
                    d5:02:16:c9:fd:c1:5f:8c:db:f3:b0:21:57:5b:21:
                    1c:dc:38:56:76:e5:49:53:58:40:e1:8b:7d:88:2d:
                    9f:3b:96:0c:65:e6:44:28:20:f7:fe:62:84:36:5d:
                    97:d6:c3:0b:04:bb:85:14:aa:2f:69:43:05:ce:52:
                    5c:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:E3:D1:1F:72:DD:BE:D8:36:12:85:B4:99:B9:32:19:12:03:B7:56
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/c5f7b8-d2c1-46de-9db4-069bfaf2bce4/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/c5f7b8-d2c1-46de-9db4-069bfaf2bce4/1/GePRH3Ldvtg2EoW0mbkyGRIDt1Y.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:72:c4:3a:b8:7b:fa:51:a1:3b:d9:65:f6:10:b1:e4:1c:85:
         f8:7a:15:94:93:ae:4a:0f:61:f7:31:6d:1d:25:5a:38:4c:7a:
         d9:c3:6a:2a:14:d6:f7:eb:5b:dd:7a:f9:5c:4b:85:8c:30:35:
         85:e0:bb:06:66:3b:99:0a:da:96:33:3a:c0:19:be:b9:17:f7:
         3d:31:65:7d:6b:8f:57:17:9e:5a:0b:f8:ab:b9:71:ca:0e:95:
         34:58:df:56:ad:8f:6d:21:2b:28:df:ed:3e:4b:b8:27:36:2a:
         23:9f:ee:0d:f8:86:95:c0:c0:39:71:53:c4:b6:78:a5:c3:63:
         8c:a0:aa:30:2f:78:f3:d2:67:14:02:8c:a4:84:f0:70:60:68:
         fe:e6:77:a8:31:a1:56:2e:bb:06:5b:4a:36:45:a5:fe:0e:75:
         18:6f:69:98:3a:3f:7d:a5:48:bd:49:f0:29:19:65:20:dd:c4:
         94:7c:cc:d4:c1:7e:12:e3:9c:0e:9f:f7:51:90:6f:40:f5:b6:
         58:8c:74:c8:ac:ed:18:f3:df:22:42:db:76:4d:a1:3e:38:82:
         1d:a3:b8:c5:04:60:70:2a:0e:76:67:a0:6d:9c:60:0b:ac:be:
         52:56:7f:ce:d7:f8:57:ef:23:3a:3f:fc:20:ea:1e:5a:97:46:
         68:6e:c3:09
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQnR7ECDTF0+Upsugjc53wzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTM0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWUzZDExZjcyZGRiZWQ4MzYxMjg1YjQ5OWI5MzIxOTEyMDNiNzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZpXJ4pp9qNE7ozwY/sOc0jEotT8
3qDQmFm8f299EJtLNSUc+XVJuRHqCuIHmmcr5P48W6Lt0IEJVgy4hIQX6G+RwzPh
xkXb76EiLxpeJHU5jZ0OpsUB+6VMcSollRW5NLrgI0woh3nU9fnUCr6Yq3Ir8CUJ
sz7uJX6KSqOmao13MkU60RkOs/DgwOQ2UqllnCpC+XbPNzJ19Ca69WW6aAFTpKcv
8d4pYvrtHIElqGX4TRpGpPCVBt5cE8BMOcnCJkTVAhbJ/cFfjNvzsCFXWyEc3DhW
duVJU1hA4Yt9iC2fO5YMZeZEKCD3/mKENl2X1sMLBLuFFKovaUMFzlJcCQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFBnj0R9y3b7YNhKFtJm5MhkSA7dWMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2E3L2M1Zjdi
OC1kMmMxLTQ2ZGUtOWRiNC0wNjliZmFmMmJjZTQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTcvYzVmN2I4
LWQyYzEtNDZkZS05ZGI0LTA2OWJmYWYyYmNlNC8xL0dlUFJIM0xkdnRnMkVvVzBt
Ymt5R1JJRHQxWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwW38MA0GCSqGSIb3DQEBCwUAA4IBAQCWcsQ6
uHv6UaE72WX2ELHkHIX4ehWUk65KD2H3MW0dJVo4THrZw2oqFNb361vdevlcS4WM
MDWF4LsGZjuZCtqWMzrAGb65F/c9MWV9a49XF55aC/iruXHKDpU0WN9WrY9tISso
3+0+S7gnNiojn+4N+IaVwMA5cVPEtnilw2OMoKowL3jz0mcUAoykhPBwYGj+5neo
MaFWLrsGW0o2RaX+DnUYb2mYOj99pUi9SfApGWUg3cSUfMzUwX4S45wOn/dRkG9A
9bZYjHTIrO0Y898iQtt2TaE+OIIdo7jFBGBwKg52Z6BtnGALrL5SVn/O1/hX7yM6
P/wg6h5al0ZobsMJ
-----END CERTIFICATE-----