Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/JbGiI7fnP9I0YsIE5g6dSBXPdj8.cer
File:                     JbGiI7fnP9I0YsIE5g6dSBXPdj8.cer (raw, json)
Hash identifier:          kbsU0fOCj88uD2jMeJQGPac9tfW82XyCV7/UFYwtHUI=
Subject key identifier:   25:B1:A2:23:B7:E7:3F:D2:34:62:C2:04:E6:0E:9D:48:15:CF:76:3F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01949E41D510E042B77956790945A77648F3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/bb/0e90c8-2b83-4715-9933-a73f0b7418ab/1/JbGiI7fnP9I0YsIE5g6dSBXPdj8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/bb/0e90c8-2b83-4715-9933-a73f0b7418ab/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 25 Jan 2025 16:18:22 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 109.70.74.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:9e:41:d5:10:e0:42:b7:79:56:79:09:45:a7:76:48:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 25 16:18:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=25b1a223b7e73fd23462c204e60e9d4815cf763f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:2d:cd:28:c0:ed:49:55:33:21:f6:12:55:af:
                    86:d1:2f:fd:87:af:ee:8d:d9:cf:81:a0:03:22:75:
                    2b:40:c3:1a:ae:5d:be:cd:52:08:26:da:23:06:70:
                    13:d9:de:46:0a:98:86:9b:03:63:c3:9b:c4:b2:30:
                    dc:49:2d:f6:a3:ec:0d:0a:c6:51:2d:b5:32:b4:9c:
                    27:20:5e:07:cd:98:dc:62:db:8f:bd:71:90:c8:f4:
                    7a:29:69:5c:ba:ff:ed:40:b5:f3:af:a3:8c:55:e9:
                    9b:c6:da:2e:0f:bf:14:e1:9b:5c:11:7f:49:0a:62:
                    a6:c5:c9:1c:ac:32:3f:26:78:30:0c:8f:94:83:f6:
                    22:d3:a7:19:63:8a:28:f6:21:06:13:5d:d9:49:d8:
                    55:c3:55:6c:8b:01:f4:64:db:17:be:ec:71:83:f3:
                    61:c4:99:4d:be:09:06:85:a4:92:3c:dc:19:4e:a0:
                    9e:dc:67:3c:fd:55:24:a8:fc:3d:c5:7a:2b:e6:4c:
                    73:0f:23:ac:8a:6e:ff:e0:05:6a:6f:cc:fb:85:1f:
                    c0:9a:f8:7f:3e:f2:46:dd:10:3d:d3:86:b5:79:37:
                    c1:d1:12:25:b7:a5:34:c6:1e:ea:84:37:9e:e7:fa:
                    e6:4a:01:dd:0e:f8:a9:7b:1b:0e:4a:8c:2e:a3:07:
                    cb:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:B1:A2:23:B7:E7:3F:D2:34:62:C2:04:E6:0E:9D:48:15:CF:76:3F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/0e90c8-2b83-4715-9933-a73f0b7418ab/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/0e90c8-2b83-4715-9933-a73f0b7418ab/1/JbGiI7fnP9I0YsIE5g6dSBXPdj8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.70.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:39:97:eb:ab:b4:a8:cb:ba:87:8d:f9:14:fc:1b:93:a2:75:
         27:81:18:b3:a6:36:93:e2:5f:8d:d0:4c:58:10:c2:09:1d:f7:
         c9:7f:06:2b:a2:3e:91:99:5e:6f:9f:10:ea:1f:ab:ab:31:73:
         d3:63:78:b5:46:69:7b:9b:bc:f7:6e:77:56:c9:3c:19:38:cd:
         9f:a8:55:e8:1e:70:53:01:64:69:56:9a:a5:59:d2:fb:74:12:
         ec:07:c6:9a:eb:70:83:03:6a:e0:c9:52:f6:f4:09:8d:5a:79:
         01:e6:13:a7:56:4c:15:8e:b3:0d:33:12:48:7c:16:68:34:d3:
         a1:51:7e:e6:24:f1:84:82:9a:58:1b:af:fc:0b:f7:1e:c6:27:
         ed:1a:e7:1c:21:a4:db:62:87:d2:ad:a3:92:8c:2b:b1:96:50:
         e3:c9:1b:2a:d5:f4:4b:bd:12:b3:c5:22:63:62:77:9f:99:ab:
         10:3d:60:4b:0b:cf:5b:60:8d:99:ac:db:33:19:fa:d9:1f:fe:
         d6:23:2d:19:e3:9f:ac:97:a1:29:5c:58:5b:ff:e0:08:0f:2e:
         9d:d1:b5:f0:7c:01:34:99:d7:9c:14:34:52:85:06:23:e6:e1:
         f5:3a:fc:eb:7f:b7:4f:fb:51:a8:33:20:f9:1c:73:32:96:f3:
         81:b0:6a:d6
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZSeQdUQ4EK3eVZ5CUWndkjzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTI1MTYxODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWIxYTIyM2I3ZTczZmQyMzQ2MmMyMDRlNjBlOWQ0ODE1Y2Y3NjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApi3NKMDtSVUzIfYSVa+G0S/9h6/u
jdnPgaADInUrQMMarl2+zVIIJtojBnAT2d5GCpiGmwNjw5vEsjDcSS32o+wNCsZR
LbUytJwnIF4HzZjcYtuPvXGQyPR6KWlcuv/tQLXzr6OMVembxtouD78U4ZtcEX9J
CmKmxckcrDI/JngwDI+Ug/Yi06cZY4oo9iEGE13ZSdhVw1VsiwH0ZNsXvuxxg/Nh
xJlNvgkGhaSSPNwZTqCe3Gc8/VUkqPw9xXor5kxzDyOsim7/4AVqb8z7hR/Amvh/
PvJG3RA904a1eTfB0RIlt6U0xh7qhDee5/rmSgHdDvipexsOSowuowfLSQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFCWxoiO35z/SNGLCBOYOnUgVz3Y/MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JiLzBlOTBj
OC0yYjgzLTQ3MTUtOTkzMy1hNzNmMGI3NDE4YWIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmIvMGU5MGM4
LTJiODMtNDcxNS05OTMzLWE3M2YwYjc0MThhYi8xL0piR2lJN2ZuUDlJMFlzSUU1
ZzZkU0JYUGRqOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAbUZKMA0GCSqGSIb3DQEBCwUAA4IBAQB6OZfr
q7Soy7qHjfkU/BuTonUngRizpjaT4l+N0ExYEMIJHffJfwYroj6RmV5vnxDqH6ur
MXPTY3i1Rml7m7z3bndWyTwZOM2fqFXoHnBTAWRpVpqlWdL7dBLsB8aa63CDA2rg
yVL29AmNWnkB5hOnVkwVjrMNMxJIfBZoNNOhUX7mJPGEgppYG6/8C/cexiftGucc
IaTbYofSraOSjCuxllDjyRsq1fRLvRKzxSJjYnefmasQPWBLC89bYI2ZrNszGfrZ
H/7WIy0Z45+sl6EpXFhb/+AIDy6d0bXwfAE0mdecFDRShQYj5uH1Ovzrf7dP+1Go
MyD5HHMylvOBsGrW
-----END CERTIFICATE-----