Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bS9Y5jbYux3RA5bIJE3BGSFeeRQ.cer
File:                     bS9Y5jbYux3RA5bIJE3BGSFeeRQ.cer (raw, json)
Hash identifier:          5Cxt/GcuLIKeRNrAmGTYcN+GYJE5M0FlQyMmO/9xoeM=
Subject key identifier:   6D:2F:58:E6:36:D8:BB:1D:D1:03:96:C8:24:4D:C1:19:21:5E:79:14
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC6B8FB0043C270EB865044106B6F231E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a5/c978db-6569-4544-8197-ce6b7c9d559b/1/bS9Y5jbYux3RA5bIJE3BGSFeeRQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a5/c978db-6569-4544-8197-ce6b7c9d559b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 20:31:00 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.109.93.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:fb:00:43:c2:70:eb:86:50:44:10:6b:6f:23:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d2f58e636d8bb1dd10396c8244dc119215e7914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ec:4a:bc:e3:d1:a9:f3:73:45:e8:7b:a4:2d:
                    37:85:35:ae:10:8e:3f:6b:52:b9:3a:ae:88:73:8f:
                    b5:6e:ad:a8:a0:f8:d1:46:97:cd:66:c8:4b:b6:98:
                    cb:cb:c2:9c:aa:64:6a:a5:9f:0b:01:7f:d8:25:da:
                    60:eb:97:e1:fd:77:b2:fa:68:2b:7c:b3:79:c2:85:
                    4e:40:f1:03:c1:56:bd:dc:72:b0:a7:96:b9:38:19:
                    89:8c:59:75:7b:57:4a:e1:db:32:43:26:69:62:7f:
                    4a:de:44:ea:66:07:be:44:b0:65:d6:36:1b:80:47:
                    2a:59:ad:88:f3:fd:8f:07:7e:7e:b9:4a:38:94:77:
                    64:5f:8d:4e:bc:60:0d:db:f3:b1:87:87:24:5b:de:
                    ac:54:3d:cb:0d:95:2a:98:54:25:eb:6a:9c:ef:ff:
                    eb:c2:89:b7:90:01:b8:29:55:ab:a2:c6:d4:c5:f2:
                    b7:53:ab:0d:bf:e7:56:37:3a:b8:60:ae:cd:2a:bd:
                    8a:a1:69:83:53:09:1e:2f:07:e8:64:da:66:34:9e:
                    6d:5e:50:c5:44:ce:9f:cc:d1:dd:13:49:b2:6c:63:
                    2c:b4:d6:fd:a4:78:a4:64:c0:3e:1d:87:0e:5b:e0:
                    1f:50:11:60:63:3b:49:4b:b5:cc:e4:15:85:c1:23:
                    88:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:2F:58:E6:36:D8:BB:1D:D1:03:96:C8:24:4D:C1:19:21:5E:79:14
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/c978db-6569-4544-8197-ce6b7c9d559b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/c978db-6569-4544-8197-ce6b7c9d559b/1/bS9Y5jbYux3RA5bIJE3BGSFeeRQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:98:bb:05:81:c6:ae:78:5a:9b:94:1e:2e:38:87:6a:7a:14:
         f4:24:56:8d:2f:44:fd:62:92:82:35:1b:c9:2c:ee:df:a6:88:
         47:b4:53:6c:dc:f0:19:34:d1:b2:22:ab:15:33:fe:e4:fe:af:
         2e:17:44:0e:dc:91:94:d7:84:8c:6c:ee:c9:e9:91:cc:bd:a4:
         e4:26:33:9e:25:48:5e:94:c2:27:5e:8e:cd:92:1e:64:87:fe:
         c3:23:be:bd:e1:69:34:71:15:2f:c9:5c:7d:f3:d2:5f:60:d1:
         b1:63:3f:13:de:db:c5:3f:70:04:37:96:66:ba:05:33:5a:87:
         6a:2a:34:96:2b:dd:2b:d4:64:40:e8:18:17:ee:cd:03:14:59:
         8b:cf:6f:0d:9d:5e:cf:8a:4c:73:9d:af:76:b2:52:00:82:08:
         50:e1:33:c6:a5:a1:52:eb:fa:fb:de:43:f3:82:90:d8:af:f4:
         c5:e7:9e:b6:6b:9d:5c:a3:31:30:15:6e:d2:3b:b4:8b:92:ce:
         49:fe:98:7a:07:3d:75:bd:0f:e2:07:bd:64:c1:34:9e:b5:b5:
         51:b9:17:a7:ac:75:4d:50:5d:ff:8b:b7:f5:a1:a2:23:84:3d:
         dc:1f:a0:1e:9f:46:10:14:4d:09:12:61:e4:00:1e:ee:b0:11:
         ae:62:75:15
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzGuPsAQ8Jw64ZQRBBrbyMeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjAzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDJmNThlNjM2ZDhiYjFkZDEwMzk2YzgyNDRkYzExOTIxNWU3OTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkOxKvOPRqfNzReh7pC03hTWuEI4/
a1K5Oq6Ic4+1bq2ooPjRRpfNZshLtpjLy8KcqmRqpZ8LAX/YJdpg65fh/Xey+mgr
fLN5woVOQPEDwVa93HKwp5a5OBmJjFl1e1dK4dsyQyZpYn9K3kTqZge+RLBl1jYb
gEcqWa2I8/2PB35+uUo4lHdkX41OvGAN2/Oxh4ckW96sVD3LDZUqmFQl62qc7//r
wom3kAG4KVWrosbUxfK3U6sNv+dWNzq4YK7NKr2KoWmDUwkeLwfoZNpmNJ5tXlDF
RM6fzNHdE0mybGMstNb9pHikZMA+HYcOW+AfUBFgYztJS7XM5BWFwSOIIQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFG0vWOY22Lsd0QOWyCRNwRkhXnkUMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2E1L2M5Nzhk
Yi02NTY5LTQ1NDQtODE5Ny1jZTZiN2M5ZDU1OWIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTUvYzk3OGRi
LTY1NjktNDU0NC04MTk3LWNlNmI3YzlkNTU5Yi8xL2JTOVk1amJZdXgzUkE1YklK
RTNCR1NGZWVSUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwW1dMA0GCSqGSIb3DQEBCwUAA4IBAQAemLsF
gcaueFqblB4uOIdqehT0JFaNL0T9YpKCNRvJLO7fpohHtFNs3PAZNNGyIqsVM/7k
/q8uF0QO3JGU14SMbO7J6ZHMvaTkJjOeJUhelMInXo7Nkh5kh/7DI7694Wk0cRUv
yVx989JfYNGxYz8T3tvFP3AEN5ZmugUzWodqKjSWK90r1GRA6BgX7s0DFFmLz28N
nV7Pikxzna92slIAgghQ4TPGpaFS6/r73kPzgpDYr/TF5562a51cozEwFW7SO7SL
ks5J/ph6Bz11vQ/iB71kwTSetbVRuRenrHVNUF3/i7f1oaIjhD3cH6Aen0YQFE0J
EmHkAB7usBGuYnUV
-----END CERTIFICATE-----