Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bWLDbYdChp-XVVt8mDlPn2XI6CY.cer
File:                     bWLDbYdChp-XVVt8mDlPn2XI6CY.cer (raw, json)
Hash identifier:          1c4r6nsFCae96JSz0oK1+dyLGWPnNrJaiVcgNBqLVfw=
Subject key identifier:   6D:62:C3:6D:87:42:86:9F:97:55:5B:7C:98:39:4F:9F:65:C8:E8:26
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DB5A17B4A0C31CD658938A321C2F8D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a3/960963-f23d-4983-ba3f-3a585886ae4c/1/bWLDbYdChp-XVVt8mDlPn2XI6CY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a3/960963-f23d-4983-ba3f-3a585886ae4c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:30:04 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.206.214.0/23
                          IP: 91.208.159.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5a:17:b4:a0:c3:1c:d6:58:93:8a:32:1c:2f:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d62c36d8742869f97555b7c98394f9f65c8e826
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a0:ba:93:ca:b4:4a:ad:08:54:b9:a6:dc:02:
                    3f:17:d7:29:48:b3:18:43:bf:e0:b3:c9:17:24:e7:
                    e0:11:6d:ac:98:fa:1c:af:65:28:b2:53:c1:9b:43:
                    1f:12:5c:0a:72:30:39:77:b8:d0:17:c3:41:8e:3e:
                    b6:28:60:51:5e:10:83:14:06:28:b2:a1:5e:9c:80:
                    2e:2e:27:f1:0d:e3:73:4a:84:79:92:60:05:47:8c:
                    95:85:96:ac:01:55:72:dc:2a:5c:8a:94:54:5c:81:
                    68:68:a3:fe:53:ae:6c:b8:d1:7f:c5:cb:27:8f:64:
                    9b:51:9b:23:05:d8:e2:61:df:d4:39:aa:c7:55:84:
                    40:fc:3d:2d:c3:d0:06:4c:48:ea:6e:21:d5:56:91:
                    65:13:81:b8:6a:62:86:46:11:49:ba:c9:0f:21:a3:
                    52:2c:fc:9d:2b:f3:b9:d4:a4:b3:90:b1:7c:72:33:
                    dc:f0:3f:8f:b4:e3:62:83:3f:bd:ad:84:4a:27:20:
                    7d:d3:ab:eb:25:c3:54:f7:11:9d:c9:ef:d5:9a:11:
                    59:97:b9:26:d6:65:1c:ef:7f:42:d7:ca:92:6f:cc:
                    e6:72:e8:f3:7e:03:f4:af:4e:6c:49:71:41:af:9b:
                    de:21:eb:cc:2c:8d:f6:94:1e:26:18:0e:4b:72:5b:
                    01:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:62:C3:6D:87:42:86:9F:97:55:5B:7C:98:39:4F:9F:65:C8:E8:26
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/960963-f23d-4983-ba3f-3a585886ae4c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/960963-f23d-4983-ba3f-3a585886ae4c/1/bWLDbYdChp-XVVt8mDlPn2XI6CY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.214.0/23
                  91.208.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:b2:a2:31:bc:0a:59:bb:03:f0:4e:76:59:f6:b8:b6:2c:98:
         e4:1f:45:0f:58:81:06:a3:2d:34:a8:1f:c3:4c:99:a9:89:e6:
         05:a9:fd:fb:f2:fc:d3:dc:c0:ad:ca:f2:a1:eb:c5:4b:d7:03:
         8b:e4:09:45:3c:b5:2d:76:c1:70:4d:09:8d:05:8b:8b:3e:8a:
         2e:ea:11:df:f7:39:b1:04:52:9c:0f:a2:28:09:02:22:90:0c:
         22:fe:2c:03:d8:e2:d2:66:af:4d:6e:0a:34:fc:64:09:47:f5:
         d2:94:72:64:bb:9e:94:21:da:88:65:7a:b8:31:c5:e0:98:17:
         03:b3:ff:46:f8:fb:2a:4c:b0:8b:15:3e:5b:c7:c2:aa:29:dd:
         e4:88:d0:04:66:c7:dc:0e:ed:f9:ba:10:9c:9c:57:fa:15:f8:
         8e:c7:20:65:07:c6:ab:b0:9a:d3:ad:bf:87:53:46:f7:90:5e:
         28:8b:36:c0:2c:cc:de:34:6f:d7:cd:5c:c2:8e:c7:30:44:b1:
         1b:4d:b3:7a:a9:a4:b5:a5:87:cc:a6:1f:26:60:fc:58:b5:ea:
         e6:9e:dd:f0:8b:10:dc:e7:2f:b3:9a:c0:7b:d0:31:f9:d6:31:
         8c:cc:1b:d1:5b:5f:ef:c6:5a:79:b6:b2:e4:07:2c:39:b3:68:
         9d:35:e4:06
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAYzC21oXtKDDHNZYk4oyHC+NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDYyYzM2ZDg3NDI4NjlmOTc1NTViN2M5ODM5NGY5ZjY1YzhlODI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6C6k8q0Sq0IVLmm3AI/F9cpSLMY
Q7/gs8kXJOfgEW2smPocr2UoslPBm0MfElwKcjA5d7jQF8NBjj62KGBRXhCDFAYo
sqFenIAuLifxDeNzSoR5kmAFR4yVhZasAVVy3CpcipRUXIFoaKP+U65suNF/xcsn
j2SbUZsjBdjiYd/UOarHVYRA/D0tw9AGTEjqbiHVVpFlE4G4amKGRhFJuskPIaNS
LPydK/O51KSzkLF8cjPc8D+PtONigz+9rYRKJyB906vrJcNU9xGdye/VmhFZl7km
1mUc739C18qSb8zmcujzfgP0r05sSXFBr5veIevMLI32lB4mGA5LclsBZwIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFG1iw22HQoafl1VbfJg5T59lyOgmMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2EzLzk2MDk2
My1mMjNkLTQ5ODMtYmEzZi0zYTU4NTg4NmFlNGMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTMvOTYwOTYz
LWYyM2QtNDk4My1iYTNmLTNhNTg1ODg2YWU0Yy8xL2JXTERiWWRDaHAtWFZWdDht
RGxQbjJYSTZDWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQBW87WAwQAW9CfMA0GCSqGSIb3DQEBCwUAA4IB
AQBhsqIxvApZuwPwTnZZ9ri2LJjkH0UPWIEGoy00qB/DTJmpieYFqf378vzT3MCt
yvKh68VL1wOL5AlFPLUtdsFwTQmNBYuLPoou6hHf9zmxBFKcD6IoCQIikAwi/iwD
2OLSZq9Nbgo0/GQJR/XSlHJku56UIdqIZXq4McXgmBcDs/9G+PsqTLCLFT5bx8Kq
Kd3kiNAEZsfcDu35uhCcnFf6FfiOxyBlB8arsJrTrb+HU0b3kF4oizbALMzeNG/X
zVzCjscwRLEbTbN6qaS1pYfMph8mYPxYtermnt3wixDc5y+zmsB70DH51jGMzBvR
W1/vxlp5trLkByw5s2idNeQG
-----END CERTIFICATE-----