Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bcDQX47p6Vj8ld5l3FmiFBxfHv0.cer
File:                     bcDQX47p6Vj8ld5l3FmiFBxfHv0.cer (raw, json)
Hash identifier:          xTEMPAuJPHNgA3R1MFv3/H7O7ts/Hz4S6jUiLXAh/Go=
Subject key identifier:   6D:C0:D0:5F:8E:E9:E9:58:FC:95:DE:65:DC:59:A2:14:1C:5F:1E:FD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2A6CC97C20FA0AE2CDFFDE09828131
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a7/1d57dd-5599-45a7-ab03-4d6ce0766eb5/1/bcDQX47p6Vj8ld5l3FmiFBxfHv0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a7/1d57dd-5599-45a7-ab03-4d6ce0766eb5/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:33:47 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 56552
                          IP: 185.71.64.0/22
                          IP: 185.121.240.0/22
                          IP: 2a06:a180::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:6c:c9:7c:20:fa:0a:e2:cd:ff:de:09:82:81:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:33:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6dc0d05f8ee9e958fc95de65dc59a2141c5f1efd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a6:46:d3:1d:33:f0:f0:94:1b:4f:12:73:9a:
                    1a:9e:1f:87:0e:77:ef:64:06:c0:c4:89:f5:8a:f4:
                    9b:da:8f:84:06:46:b0:2b:d7:4a:26:ff:7e:56:82:
                    98:e1:b3:83:26:b7:a4:cf:b7:58:0f:d8:1f:6a:6d:
                    bf:83:9e:3a:11:81:21:0e:95:e8:77:14:54:a1:8b:
                    26:07:22:30:13:cd:a8:16:e8:3f:1f:0f:c4:5c:fd:
                    9c:ba:49:9e:31:cd:9d:5d:19:45:df:15:7f:3e:5f:
                    f4:6c:67:63:c5:c4:95:26:d1:c5:b9:d8:5d:68:d6:
                    8c:22:0f:1a:ec:cc:4d:19:56:03:6c:2c:54:62:84:
                    9c:9d:3c:94:4a:f3:70:fa:60:c9:03:08:f9:38:0d:
                    e6:bd:1d:36:20:be:b1:4f:f6:67:02:a6:09:89:3b:
                    c6:e2:11:d5:dd:0a:2b:ad:0a:14:43:75:ae:06:7a:
                    25:ca:7b:03:9f:fb:c6:bc:b6:3b:18:d3:c8:ff:56:
                    07:19:9e:a7:4c:dc:5e:85:a5:a3:cd:7d:83:9e:4d:
                    6f:7f:3d:23:16:80:0e:85:80:dd:8b:aa:72:29:8f:
                    b3:70:d3:d3:82:20:af:88:58:32:29:17:c7:49:ee:
                    b5:93:5d:73:05:f3:85:ed:2f:9f:67:48:94:97:cd:
                    b8:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:C0:D0:5F:8E:E9:E9:58:FC:95:DE:65:DC:59:A2:14:1C:5F:1E:FD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/1d57dd-5599-45a7-ab03-4d6ce0766eb5/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/1d57dd-5599-45a7-ab03-4d6ce0766eb5/1/bcDQX47p6Vj8ld5l3FmiFBxfHv0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.64.0/22
                  185.121.240.0/22
                IPv6:
                  2a06:a180::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  56552

    Signature Algorithm: sha256WithRSAEncryption
         07:57:13:8d:01:ad:6b:44:f2:36:4a:bb:7b:f2:30:d0:7b:17:
         cc:05:03:28:14:01:72:f7:f4:e9:9d:14:c9:2b:ad:21:54:90:
         76:6b:8a:39:29:c2:31:48:b4:23:f7:d6:06:b5:68:2e:ee:7a:
         25:aa:1c:e2:f2:64:3a:06:12:2e:1a:ab:44:da:be:fb:be:e8:
         53:7c:b4:1f:81:09:71:ac:45:c6:9c:f5:18:04:69:61:25:44:
         85:3b:97:d9:e7:9b:f7:80:cd:11:f1:25:a0:0a:0b:bd:80:c3:
         0c:ce:9a:fb:7d:95:df:64:40:96:cc:7a:34:89:c6:08:6b:f6:
         5e:06:69:61:14:18:c1:29:c8:5a:c7:cf:52:cf:53:be:b3:57:
         c4:eb:48:ba:40:7f:04:f5:77:a6:e6:87:c5:d8:e7:91:be:b7:
         b6:db:60:cf:12:bc:9c:cf:9c:05:a8:17:e0:65:3d:45:c0:ee:
         7d:83:7b:7c:2a:62:04:82:5b:c0:15:a5:a7:bf:37:91:18:58:
         22:7c:2c:37:52:49:9e:c5:c5:f5:82:89:90:b1:6a:4b:4f:cb:
         94:12:3a:4b:ba:81:aa:6f:86:ab:9f:91:2b:d0:33:31:fa:b9:
         f5:90:ac:84:0e:88:ad:45:e9:db:d9:51:ab:76:b2:46:20:2c:
         06:03:73:ad
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAYzKKmzJfCD6CuLN/94JgoExMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzMzQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGMwZDA1ZjhlZTllOTU4ZmM5NWRlNjVkYzU5YTIxNDFjNWYxZWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKZG0x0z8PCUG08Sc5oanh+HDnfv
ZAbAxIn1ivSb2o+EBkawK9dKJv9+VoKY4bODJrekz7dYD9gfam2/g546EYEhDpXo
dxRUoYsmByIwE82oFug/Hw/EXP2cukmeMc2dXRlF3xV/Pl/0bGdjxcSVJtHFudhd
aNaMIg8a7MxNGVYDbCxUYoScnTyUSvNw+mDJAwj5OA3mvR02IL6xT/ZnAqYJiTvG
4hHV3QorrQoUQ3WuBnolynsDn/vGvLY7GNPI/1YHGZ6nTNxehaWjzX2Dnk1vfz0j
FoAOhYDdi6pyKY+zcNPTgiCviFgyKRfHSe61k11zBfOF7S+fZ0iUl824UwIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFG3A0F+O6elY/JXeZdxZohQcXx79MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2E3LzFkNTdk
ZC01NTk5LTQ1YTctYWIwMy00ZDZjZTA3NjZlYjUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTcvMWQ1N2Rk
LTU1OTktNDVhNy1hYjAzLTRkNmNlMDc2NmViNS8xL2JjRFFYNDdwNlZqOGxkNWwz
Rm1pRkJ4Zkh2MC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQCuUdAAwQCuXnwMA0EAgACMAcDBQMqBqGAMBoG
CCsGAQUFBwEIAQH/BAswCaAHMAUCAwDc6DANBgkqhkiG9w0BAQsFAAOCAQEAB1cT
jQGta0TyNkq7e/Iw0HsXzAUDKBQBcvf06Z0UySutIVSQdmuKOSnCMUi0I/fWBrVo
Lu56Jaoc4vJkOgYSLhqrRNq++77oU3y0H4EJcaxFxpz1GARpYSVEhTuX2eeb94DN
EfEloAoLvYDDDM6a+32V32RAlsx6NInGCGv2XgZpYRQYwSnIWsfPUs9TvrNXxOtI
ukB/BPV3puaHxdjnkb63tttgzxK8nM+cBagX4GU9RcDufYN7fCpiBIJbwBWlp783
kRhYInwsN1JJnsXF9YKJkLFqS0/LlBI6S7qBqm+Gq5+RK9AzMfq59ZCshA6IrUXp
29lRq3ayRiAsBgNzrQ==
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:21:18 2024 by rpki-client on console-ams.rpki-client.org