Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ILpx5Gx1kWuOXeGTzH-BBp34b3M.cer
File:                     ILpx5Gx1kWuOXeGTzH-BBp34b3M.cer (raw, json)
Hash identifier:          w1iXDjdSdBxMhfywWFwcUaZaqRLq+7q8q4C6ghvEmfo=
Subject key identifier:   20:BA:71:E4:6C:75:91:6B:8E:5D:E1:93:CC:7F:81:06:9D:F8:6F:73
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC649D5904B429D5CE25625EA4CBE0B44
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/55/d0642c-84e6-4290-afb1-484500bcfb07/1/ILpx5Gx1kWuOXeGTzH-BBp34b3M.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/55/d0642c-84e6-4290-afb1-484500bcfb07/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:29:36 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 206616
                          IP: 185.149.92.0/22
                          IP: 212.15.88.0/21
                          IP: 2a07:7a80::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:d5:90:4b:42:9d:5c:e2:56:25:ea:4c:be:0b:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20ba71e46c75916b8e5de193cc7f81069df86f73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ff:49:88:80:1f:da:c0:a5:f8:d0:0c:c6:6f:
                    97:6e:83:29:b0:a4:9a:07:24:6a:26:c1:d3:7e:de:
                    85:b3:48:e3:23:9f:3e:51:39:fe:1b:ad:bd:14:ab:
                    e8:96:cd:09:97:be:fc:89:03:a4:1e:39:a6:d2:fe:
                    1d:a8:ff:1c:b4:14:7d:9d:37:02:fd:7b:5c:5a:60:
                    27:29:2a:62:11:e3:1c:ef:28:7d:1c:84:29:73:29:
                    86:e5:12:29:52:19:db:22:2e:56:ca:a5:60:20:bc:
                    83:db:24:01:0e:04:34:87:50:b6:c4:3f:16:3c:61:
                    2e:49:27:56:85:fc:2f:22:41:99:b2:fe:2c:2c:93:
                    d9:8d:7d:14:82:d1:19:ba:a2:49:b1:45:8b:16:9e:
                    04:89:29:9d:05:2d:ea:c7:54:ac:e6:e0:40:b6:51:
                    60:72:69:91:50:f0:5b:fa:71:78:99:3f:78:5a:11:
                    fb:da:cf:97:49:65:78:a5:a8:26:1e:2c:04:85:6f:
                    26:22:aa:76:4a:8e:5e:4f:bc:a7:ec:e2:87:72:7f:
                    fa:41:17:f6:a8:b4:a3:06:6b:e5:a0:dd:08:97:e4:
                    a5:1a:c8:47:e2:71:a1:0f:a6:76:44:31:dc:33:7f:
                    18:0b:b9:62:ee:0b:68:a1:1d:11:47:45:49:a8:24:
                    e8:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:BA:71:E4:6C:75:91:6B:8E:5D:E1:93:CC:7F:81:06:9D:F8:6F:73
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/d0642c-84e6-4290-afb1-484500bcfb07/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/d0642c-84e6-4290-afb1-484500bcfb07/1/ILpx5Gx1kWuOXeGTzH-BBp34b3M.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.92.0/22
                  212.15.88.0/21
                IPv6:
                  2a07:7a80::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  206616

    Signature Algorithm: sha256WithRSAEncryption
         20:1b:94:0a:ec:70:a4:41:de:48:e6:bf:35:c2:5e:db:fb:cc:
         aa:55:92:bf:15:de:40:4b:fe:bc:c8:a4:80:f9:eb:fc:e8:3b:
         65:45:d9:8f:e9:5b:58:da:51:99:3d:fb:f5:fa:02:28:a0:60:
         13:71:0c:45:03:40:c7:19:f6:9b:f5:30:a1:75:11:57:74:d0:
         d3:28:0c:34:5d:8b:e4:ea:15:f5:df:de:fd:70:9b:8e:35:cc:
         c0:bc:eb:41:ca:72:33:ed:8b:eb:4f:42:84:69:c4:e9:15:9c:
         71:54:10:10:c8:2c:51:9f:1e:ac:16:58:10:16:fb:cc:7d:24:
         68:9f:ac:cf:9e:03:4b:7f:54:2b:0f:9a:78:57:34:26:d5:28:
         ec:6b:3a:11:cc:10:e3:44:ae:b2:5c:26:6f:e1:1f:fd:99:9d:
         ea:ce:59:3e:da:f3:f3:0e:b6:25:22:0b:d6:15:d4:cf:ee:b4:
         0b:0c:30:f4:9b:af:1b:62:08:97:37:a7:5e:52:19:2d:9c:56:
         47:22:8e:64:53:6a:8f:2f:12:6d:19:16:50:d1:fa:92:5a:01:
         c4:34:e8:aa:c0:c4:43:b6:8e:90:f2:48:e3:93:2b:a0:ae:5e:
         f4:62:f8:e5:26:37:af:64:1a:7e:b4:17:36:59:b3:2a:31:c5:
         39:6f:7e:7f
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAYzGSdWQS0KdXOJWJepMvgtEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGJhNzFlNDZjNzU5MTZiOGU1ZGUxOTNjYzdmODEwNjlkZjg2ZjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhv9JiIAf2sCl+NAMxm+XboMpsKSa
ByRqJsHTft6Fs0jjI58+UTn+G629FKvols0Jl778iQOkHjmm0v4dqP8ctBR9nTcC
/XtcWmAnKSpiEeMc7yh9HIQpcymG5RIpUhnbIi5WyqVgILyD2yQBDgQ0h1C2xD8W
PGEuSSdWhfwvIkGZsv4sLJPZjX0UgtEZuqJJsUWLFp4EiSmdBS3qx1Ss5uBAtlFg
cmmRUPBb+nF4mT94WhH72s+XSWV4pagmHiwEhW8mIqp2So5eT7yn7OKHcn/6QRf2
qLSjBmvloN0Il+SlGshH4nGhD6Z2RDHcM38YC7li7gtooR0RR0VJqCToqQIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFCC6ceRsdZFrjl3hk8x/gQad+G9zMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU1L2QwNjQy
Yy04NGU2LTQyOTAtYWZiMS00ODQ1MDBiY2ZiMDcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTUvZDA2NDJj
LTg0ZTYtNDI5MC1hZmIxLTQ4NDUwMGJjZmIwNy8xL0lMcHg1R3gxa1d1T1hlR1R6
SC1CQnAzNGIzTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQCuZVcAwQD1A9YMA0EAgACMAcDBQMqB3qAMBoG
CCsGAQUFBwEIAQH/BAswCaAHMAUCAwMnGDANBgkqhkiG9w0BAQsFAAOCAQEAIBuU
CuxwpEHeSOa/NcJe2/vMqlWSvxXeQEv+vMikgPnr/Og7ZUXZj+lbWNpRmT379foC
KKBgE3EMRQNAxxn2m/UwoXURV3TQ0ygMNF2L5OoV9d/e/XCbjjXMwLzrQcpyM+2L
609ChGnE6RWccVQQEMgsUZ8erBZYEBb7zH0kaJ+sz54DS39UKw+aeFc0JtUo7Gs6
EcwQ40Suslwmb+Ef/Zmd6s5ZPtrz8w62JSIL1hXUz+60Cwww9JuvG2IIlzenXlIZ
LZxWRyKOZFNqjy8SbRkWUNH6kloBxDToqsDEQ7aOkPJI45MroK5e9GL45SY3r2Qa
frQXNlmzKjHFOW9+fw==
-----END CERTIFICATE-----
Generated at Fri Mar 29 00:39:59 2024 by rpki-client on console-ams.rpki-client.org