Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bX6kOhxHVXh9SR-6VjuIgR3Mxfg.cer
File:                     bX6kOhxHVXh9SR-6VjuIgR3Mxfg.cer (raw, json)
Hash identifier:          tw2ENxiMmerq01ctJMWb4Mo6GBM7AjxWwmjwn5uiINg=
Subject key identifier:   6D:7E:A4:3A:1C:47:55:78:7D:49:1F:BA:56:3B:88:81:1D:CC:C5:F8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC649DC3E12A58AF4E758877ADCA9DA5D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6f/5c9996-6f6b-4c31-863e-589d30ffaa8c/1/bX6kOhxHVXh9SR-6VjuIgR3Mxfg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6f/5c9996-6f6b-4c31-863e-589d30ffaa8c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:29:38 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.199.225.0/24
                          IP: 195.28.12.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:dc:3e:12:a5:8a:f4:e7:58:87:7a:dc:a9:da:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d7ea43a1c4755787d491fba563b88811dccc5f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f9:f1:4c:cf:97:88:4e:53:c1:04:b4:26:49:
                    f6:81:43:41:00:3e:ab:ec:40:fe:30:0b:cb:6d:be:
                    77:88:7a:90:34:93:39:14:21:54:10:62:74:7f:f5:
                    02:bf:5e:55:cc:fc:b3:96:31:21:52:ea:10:7e:00:
                    7b:4f:1e:a5:84:28:59:2b:1a:0b:17:19:d5:ea:05:
                    cf:4c:08:ad:0e:33:bc:b3:8f:03:79:64:cc:25:0d:
                    fb:e0:2f:db:df:0a:e1:28:5b:92:09:a0:61:c9:28:
                    c7:3a:9c:ca:a9:bd:3c:f4:da:a8:45:2f:19:5c:4a:
                    dc:f4:09:7a:f6:3e:1b:ca:e5:df:ca:b2:8a:d2:a2:
                    38:80:3b:cb:2b:85:d9:32:8b:d5:97:b6:34:3f:ae:
                    ef:7a:a9:42:f8:96:e6:3a:86:33:ad:38:bd:f2:66:
                    07:f9:4e:32:c6:a2:8c:2a:f4:67:c5:b7:34:f8:40:
                    4c:af:8e:f0:d5:73:96:9b:3a:8c:36:ac:b7:dc:74:
                    8c:5c:26:f1:9a:3e:fd:01:26:80:51:42:62:7a:36:
                    4a:80:d1:64:b9:25:7e:4a:e4:2c:40:9a:be:b8:68:
                    47:1a:8b:cb:ff:df:23:90:9c:76:ba:16:46:8a:d6:
                    e1:08:f2:e3:6f:f9:07:a0:df:be:2e:1c:f6:6c:8f:
                    ce:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:7E:A4:3A:1C:47:55:78:7D:49:1F:BA:56:3B:88:81:1D:CC:C5:F8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/5c9996-6f6b-4c31-863e-589d30ffaa8c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/5c9996-6f6b-4c31-863e-589d30ffaa8c/1/bX6kOhxHVXh9SR-6VjuIgR3Mxfg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.225.0/24
                  195.28.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:ca:48:3c:7e:c0:a0:46:22:e3:69:d7:95:1a:66:5d:d8:07:
         d9:00:8d:af:ac:78:18:61:92:54:ba:d8:a0:bf:27:9c:f1:16:
         2e:85:ff:0c:27:62:ed:a2:67:1d:99:1d:ef:d0:c1:62:ce:c3:
         f0:9f:d1:f8:bf:29:1d:fc:c0:a0:0b:b5:3d:9e:aa:96:eb:67:
         a9:2e:57:77:8d:38:bc:89:e2:b7:39:c1:c1:cb:da:2d:5d:bb:
         69:39:e1:3a:bd:aa:32:92:2b:42:85:40:1a:10:ff:bd:21:00:
         55:20:50:01:7f:54:11:f9:7f:b6:5c:8d:54:85:5d:52:63:53:
         18:44:33:05:94:7a:0c:86:be:57:6f:0a:f1:63:2a:d9:83:bb:
         03:cb:8b:99:30:0c:13:04:4a:42:a9:c7:57:71:1c:60:2c:f4:
         8e:22:ce:b7:68:e2:2c:0e:81:f7:f6:e8:11:11:ee:fe:43:45:
         f2:02:35:db:5d:36:c9:59:a2:b0:64:3d:04:71:4f:4f:38:76:
         68:f4:4c:2b:35:8d:a0:63:85:45:d9:2c:32:44:cc:08:3d:9a:
         dc:44:1c:16:6c:ae:e2:10:af:86:b5:5e:25:d1:ab:fb:49:b3:
         6c:01:f7:48:a7:78:a8:22:a3:d6:56:2c:2a:73:33:ad:79:62:
         4f:41:37:19
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAYzGSdw+EqWK9OdYh3rcqdpdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDdlYTQzYTFjNDc1NTc4N2Q0OTFmYmE1NjNiODg4MTFkY2NjNWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfnxTM+XiE5TwQS0Jkn2gUNBAD6r
7ED+MAvLbb53iHqQNJM5FCFUEGJ0f/UCv15VzPyzljEhUuoQfgB7Tx6lhChZKxoL
FxnV6gXPTAitDjO8s48DeWTMJQ374C/b3wrhKFuSCaBhySjHOpzKqb089NqoRS8Z
XErc9Al69j4byuXfyrKK0qI4gDvLK4XZMovVl7Y0P67veqlC+JbmOoYzrTi98mYH
+U4yxqKMKvRnxbc0+EBMr47w1XOWmzqMNqy33HSMXCbxmj79ASaAUUJiejZKgNFk
uSV+SuQsQJq+uGhHGovL/98jkJx2uhZGitbhCPLjb/kHoN++Lhz2bI/OoQIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFG1+pDocR1V4fUkfulY7iIEdzMX4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZmLzVjOTk5
Ni02ZjZiLTRjMzEtODYzZS01ODlkMzBmZmFhOGMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmYvNWM5OTk2
LTZmNmItNGMzMS04NjNlLTU4OWQzMGZmYWE4Yy8xL2JYNmtPaHhIVlhoOVNSLTZW
anVJZ1IzTXhmZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQAW8fhAwQBwxwMMA0GCSqGSIb3DQEBCwUAA4IB
AQCSykg8fsCgRiLjadeVGmZd2AfZAI2vrHgYYZJUutigvyec8RYuhf8MJ2Ltomcd
mR3v0MFizsPwn9H4vykd/MCgC7U9nqqW62epLld3jTi8ieK3OcHBy9otXbtpOeE6
vaoykitChUAaEP+9IQBVIFABf1QR+X+2XI1UhV1SY1MYRDMFlHoMhr5XbwrxYyrZ
g7sDy4uZMAwTBEpCqcdXcRxgLPSOIs63aOIsDoH39ugREe7+Q0XyAjXbXTbJWaKw
ZD0EcU9POHZo9EwrNY2gY4VF2SwyRMwIPZrcRBwWbK7iEK+GtV4l0av7SbNsAfdI
p3ioIqPWViwqczOteWJPQTcZ
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:55:10 2024 by rpki-client on console-ams.rpki-client.org