Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bWLDbYdChp-XVVt8mDlPn2XI6CY.cer
File:                     bWLDbYdChp-XVVt8mDlPn2XI6CY.cer (raw, json)
Hash identifier:          oXPw/rPQR4yBQbzh/uCowaqfzdGLfiqFmownBRGu/XY=
Subject key identifier:   6D:62:C3:6D:87:42:86:9F:97:55:5B:7C:98:39:4F:9F:65:C8:E8:26
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019421B17C13DCFDABDB14AE032D9FDA8949
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a3/960963-f23d-4983-ba3f-3a585886ae4c/1/bWLDbYdChp-XVVt8mDlPn2XI6CY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a3/960963-f23d-4983-ba3f-3a585886ae4c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 11:47:47 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 91.206.214.0/23
                          IP: 91.208.159.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:7c:13:dc:fd:ab:db:14:ae:03:2d:9f:da:89:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 11:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d62c36d8742869f97555b7c98394f9f65c8e826
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a0:ba:93:ca:b4:4a:ad:08:54:b9:a6:dc:02:
                    3f:17:d7:29:48:b3:18:43:bf:e0:b3:c9:17:24:e7:
                    e0:11:6d:ac:98:fa:1c:af:65:28:b2:53:c1:9b:43:
                    1f:12:5c:0a:72:30:39:77:b8:d0:17:c3:41:8e:3e:
                    b6:28:60:51:5e:10:83:14:06:28:b2:a1:5e:9c:80:
                    2e:2e:27:f1:0d:e3:73:4a:84:79:92:60:05:47:8c:
                    95:85:96:ac:01:55:72:dc:2a:5c:8a:94:54:5c:81:
                    68:68:a3:fe:53:ae:6c:b8:d1:7f:c5:cb:27:8f:64:
                    9b:51:9b:23:05:d8:e2:61:df:d4:39:aa:c7:55:84:
                    40:fc:3d:2d:c3:d0:06:4c:48:ea:6e:21:d5:56:91:
                    65:13:81:b8:6a:62:86:46:11:49:ba:c9:0f:21:a3:
                    52:2c:fc:9d:2b:f3:b9:d4:a4:b3:90:b1:7c:72:33:
                    dc:f0:3f:8f:b4:e3:62:83:3f:bd:ad:84:4a:27:20:
                    7d:d3:ab:eb:25:c3:54:f7:11:9d:c9:ef:d5:9a:11:
                    59:97:b9:26:d6:65:1c:ef:7f:42:d7:ca:92:6f:cc:
                    e6:72:e8:f3:7e:03:f4:af:4e:6c:49:71:41:af:9b:
                    de:21:eb:cc:2c:8d:f6:94:1e:26:18:0e:4b:72:5b:
                    01:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:62:C3:6D:87:42:86:9F:97:55:5B:7C:98:39:4F:9F:65:C8:E8:26
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/960963-f23d-4983-ba3f-3a585886ae4c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/960963-f23d-4983-ba3f-3a585886ae4c/1/bWLDbYdChp-XVVt8mDlPn2XI6CY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.214.0/23
                  91.208.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:3e:97:8a:26:9a:5c:1d:c2:4b:63:49:72:5a:62:76:2d:af:
         43:88:18:77:8b:94:9d:c5:33:b7:7e:f9:96:01:79:5c:73:18:
         2c:8b:01:78:3a:70:90:9a:a4:7c:3e:28:0e:b1:58:37:a6:7b:
         63:10:38:7f:36:a2:7b:97:b2:a9:8b:2b:0d:5d:44:c4:d6:83:
         eb:09:b4:9d:c8:e1:53:25:a6:3f:7f:e7:6e:54:55:69:49:1e:
         d3:8e:6d:aa:c2:5e:d9:19:eb:cc:0d:37:e8:91:22:98:08:c7:
         f4:d8:98:c5:a6:a2:48:03:fd:90:b3:50:e0:1d:30:1a:c4:f0:
         dc:99:14:c5:4e:a3:42:30:4f:29:0b:f1:64:f5:37:a8:5b:0f:
         74:8c:c8:ba:0f:78:79:a0:84:20:02:4e:08:a1:59:76:6e:0a:
         5c:7d:63:97:15:f8:65:d1:b9:40:0b:52:5c:ff:b4:ac:03:12:
         d7:89:64:88:85:8f:45:64:a3:a4:4e:91:79:67:5c:f9:7c:5e:
         6f:60:1b:08:6f:af:0c:81:9d:cc:cf:8e:88:e8:f0:b0:89:f4:
         63:4a:b9:69:c8:53:b8:05:a4:8c:a6:02:7e:a0:a9:22:03:f0:
         1f:1f:60:56:e8:15:c4:f6:da:e8:dd:20:24:6e:dc:cb:97:25:
         90:c1:a2:21
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAZQhsXwT3P2r2xSuAy2f2olJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTE0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDYyYzM2ZDg3NDI4NjlmOTc1NTViN2M5ODM5NGY5ZjY1YzhlODI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6C6k8q0Sq0IVLmm3AI/F9cpSLMY
Q7/gs8kXJOfgEW2smPocr2UoslPBm0MfElwKcjA5d7jQF8NBjj62KGBRXhCDFAYo
sqFenIAuLifxDeNzSoR5kmAFR4yVhZasAVVy3CpcipRUXIFoaKP+U65suNF/xcsn
j2SbUZsjBdjiYd/UOarHVYRA/D0tw9AGTEjqbiHVVpFlE4G4amKGRhFJuskPIaNS
LPydK/O51KSzkLF8cjPc8D+PtONigz+9rYRKJyB906vrJcNU9xGdye/VmhFZl7km
1mUc739C18qSb8zmcujzfgP0r05sSXFBr5veIevMLI32lB4mGA5LclsBZwIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFG1iw22HQoafl1VbfJg5T59lyOgmMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2EzLzk2MDk2
My1mMjNkLTQ5ODMtYmEzZi0zYTU4NTg4NmFlNGMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTMvOTYwOTYz
LWYyM2QtNDk4My1iYTNmLTNhNTg1ODg2YWU0Yy8xL2JXTERiWWRDaHAtWFZWdDht
RGxQbjJYSTZDWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQBW87WAwQAW9CfMA0GCSqGSIb3DQEBCwUAA4IB
AQAbPpeKJppcHcJLY0lyWmJ2La9DiBh3i5SdxTO3fvmWAXlccxgsiwF4OnCQmqR8
PigOsVg3pntjEDh/NqJ7l7KpiysNXUTE1oPrCbSdyOFTJaY/f+duVFVpSR7Tjm2q
wl7ZGevMDTfokSKYCMf02JjFpqJIA/2Qs1DgHTAaxPDcmRTFTqNCME8pC/Fk9Teo
Ww90jMi6D3h5oIQgAk4IoVl2bgpcfWOXFfhl0blAC1Jc/7SsAxLXiWSIhY9FZKOk
TpF5Z1z5fF5vYBsIb68MgZ3Mz46I6PCwifRjSrlpyFO4BaSMpgJ+oKkiA/AfH2BW
6BXE9tro3SAkbtzLlyWQwaIh
-----END CERTIFICATE-----