Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bX6kOhxHVXh9SR-6VjuIgR3Mxfg.cer
File:                     bX6kOhxHVXh9SR-6VjuIgR3Mxfg.cer (raw, json)
Hash identifier:          iSyGYQVaXKH5g7nMiJnqGB4GQ1w+sIJ0V+VZI7M76Y8=
Subject key identifier:   6D:7E:A4:3A:1C:47:55:78:7D:49:1F:BA:56:3B:88:81:1D:CC:C5:F8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019425FC43E3092A05F49F372331938AE40A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6f/5c9996-6f6b-4c31-863e-589d30ffaa8c/1/bX6kOhxHVXh9SR-6VjuIgR3Mxfg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6f/5c9996-6f6b-4c31-863e-589d30ffaa8c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 07:47:57 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 91.199.225.0/24
                          IP: 195.28.12.0/23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:43:e3:09:2a:05:f4:9f:37:23:31:93:8a:e4:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 07:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d7ea43a1c4755787d491fba563b88811dccc5f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f9:f1:4c:cf:97:88:4e:53:c1:04:b4:26:49:
                    f6:81:43:41:00:3e:ab:ec:40:fe:30:0b:cb:6d:be:
                    77:88:7a:90:34:93:39:14:21:54:10:62:74:7f:f5:
                    02:bf:5e:55:cc:fc:b3:96:31:21:52:ea:10:7e:00:
                    7b:4f:1e:a5:84:28:59:2b:1a:0b:17:19:d5:ea:05:
                    cf:4c:08:ad:0e:33:bc:b3:8f:03:79:64:cc:25:0d:
                    fb:e0:2f:db:df:0a:e1:28:5b:92:09:a0:61:c9:28:
                    c7:3a:9c:ca:a9:bd:3c:f4:da:a8:45:2f:19:5c:4a:
                    dc:f4:09:7a:f6:3e:1b:ca:e5:df:ca:b2:8a:d2:a2:
                    38:80:3b:cb:2b:85:d9:32:8b:d5:97:b6:34:3f:ae:
                    ef:7a:a9:42:f8:96:e6:3a:86:33:ad:38:bd:f2:66:
                    07:f9:4e:32:c6:a2:8c:2a:f4:67:c5:b7:34:f8:40:
                    4c:af:8e:f0:d5:73:96:9b:3a:8c:36:ac:b7:dc:74:
                    8c:5c:26:f1:9a:3e:fd:01:26:80:51:42:62:7a:36:
                    4a:80:d1:64:b9:25:7e:4a:e4:2c:40:9a:be:b8:68:
                    47:1a:8b:cb:ff:df:23:90:9c:76:ba:16:46:8a:d6:
                    e1:08:f2:e3:6f:f9:07:a0:df:be:2e:1c:f6:6c:8f:
                    ce:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:7E:A4:3A:1C:47:55:78:7D:49:1F:BA:56:3B:88:81:1D:CC:C5:F8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/5c9996-6f6b-4c31-863e-589d30ffaa8c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/5c9996-6f6b-4c31-863e-589d30ffaa8c/1/bX6kOhxHVXh9SR-6VjuIgR3Mxfg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.225.0/24
                  195.28.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         06:3a:9f:6d:e7:df:bf:f2:dd:f9:5c:5b:4f:ba:2c:1f:40:40:
         cd:65:4f:ba:04:79:ba:a4:0c:1c:66:c6:8b:d0:ff:8c:21:67:
         5d:3f:fe:4c:39:1c:98:e4:f4:9d:fe:65:5a:88:0e:53:8c:54:
         4b:ca:15:40:3a:fa:59:ae:e3:d7:f6:88:8d:02:0f:61:5a:d5:
         23:45:cc:ea:5b:76:c7:bf:a4:60:43:6f:75:7b:3e:49:19:fb:
         c8:4c:63:ea:8a:f0:cf:3d:8e:8b:f6:1e:c7:02:91:fe:91:dd:
         aa:69:b9:6d:d2:33:22:9f:3c:9d:63:f6:cf:88:2d:83:65:22:
         68:b1:61:e7:33:23:e7:7e:ef:04:9d:ef:12:70:9c:c6:e9:b8:
         43:c9:e5:b2:86:d9:ae:cf:d6:43:29:b3:f3:79:6f:3d:51:37:
         b5:f9:2b:2e:5d:35:e9:88:b5:5d:c6:15:7c:cf:68:31:93:d1:
         56:06:39:57:16:46:40:21:5a:a7:4e:bb:2e:5d:bc:9e:5e:cb:
         10:64:b0:b0:03:6d:0d:f3:68:66:92:d6:3e:e1:86:06:eb:34:
         20:83:9f:0a:9f:f5:67:a2:27:19:81:58:59:3b:8f:7a:de:89:
         63:2a:d8:fd:be:36:90:d4:e9:67:0c:e4:69:85:c5:2f:32:e2:
         7e:56:4c:26
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAZQl/EPjCSoF9J83IzGTiuQKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDc0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDdlYTQzYTFjNDc1NTc4N2Q0OTFmYmE1NjNiODg4MTFkY2NjNWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfnxTM+XiE5TwQS0Jkn2gUNBAD6r
7ED+MAvLbb53iHqQNJM5FCFUEGJ0f/UCv15VzPyzljEhUuoQfgB7Tx6lhChZKxoL
FxnV6gXPTAitDjO8s48DeWTMJQ374C/b3wrhKFuSCaBhySjHOpzKqb089NqoRS8Z
XErc9Al69j4byuXfyrKK0qI4gDvLK4XZMovVl7Y0P67veqlC+JbmOoYzrTi98mYH
+U4yxqKMKvRnxbc0+EBMr47w1XOWmzqMNqy33HSMXCbxmj79ASaAUUJiejZKgNFk
uSV+SuQsQJq+uGhHGovL/98jkJx2uhZGitbhCPLjb/kHoN++Lhz2bI/OoQIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFG1+pDocR1V4fUkfulY7iIEdzMX4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZmLzVjOTk5
Ni02ZjZiLTRjMzEtODYzZS01ODlkMzBmZmFhOGMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmYvNWM5OTk2
LTZmNmItNGMzMS04NjNlLTU4OWQzMGZmYWE4Yy8xL2JYNmtPaHhIVlhoOVNSLTZW
anVJZ1IzTXhmZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQAW8fhAwQBwxwMMA0GCSqGSIb3DQEBCwUAA4IB
AQAGOp9t59+/8t35XFtPuiwfQEDNZU+6BHm6pAwcZsaL0P+MIWddP/5MORyY5PSd
/mVaiA5TjFRLyhVAOvpZruPX9oiNAg9hWtUjRczqW3bHv6RgQ291ez5JGfvITGPq
ivDPPY6L9h7HApH+kd2qablt0jMinzydY/bPiC2DZSJosWHnMyPnfu8Ene8ScJzG
6bhDyeWyhtmuz9ZDKbPzeW89UTe1+SsuXTXpiLVdxhV8z2gxk9FWBjlXFkZAIVqn
TrsuXbyeXssQZLCwA20N82hmktY+4YYG6zQgg58Kn/VnoicZgVhZO4963oljKtj9
vjaQ1OlnDORphcUvMuJ+Vkwm
-----END CERTIFICATE-----