Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bdLO01LwH3613HYZ7XFMa2pceR4.cer
File:                     bdLO01LwH3613HYZ7XFMa2pceR4.cer (raw, json)
Hash identifier:          6ZQOR6u+/V9L2gepohpsQCdMWbg7ObBv7HHEdlneCqo=
Subject key identifier:   6D:D2:CE:D3:52:F0:1F:7E:B5:DC:76:19:ED:71:4C:6B:6A:5C:79:1E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194742215C7D80D964B98285FDD7AE5E4AE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/06/245e1a-0612-4596-a95a-9df72530b669/1/bdLO01LwH3613HYZ7XFMa2pceR4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/06/245e1a-0612-4596-a95a-9df72530b669/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 17 Jan 2025 11:59:38 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 215561
                          IP: 2001:678:1f0::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:74:22:15:c7:d8:0d:96:4b:98:28:5f:dd:7a:e5:e4:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 17 11:59:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6dd2ced352f01f7eb5dc7619ed714c6b6a5c791e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:10:6b:7b:d1:dc:3c:20:d0:11:3e:f3:f4:60:
                    97:c0:b8:34:27:e2:b4:e2:20:ab:ca:bc:14:12:79:
                    99:19:70:de:0a:bb:95:9b:73:d2:cd:6c:87:68:c6:
                    f0:13:ed:e1:14:f1:2d:1f:54:ee:16:24:05:69:25:
                    be:f1:71:4b:ac:31:e4:5d:de:fe:c3:07:51:bf:4f:
                    9d:65:cc:2d:10:e8:28:85:5d:4f:c9:d4:23:37:30:
                    d8:3c:51:00:b1:4a:17:b7:35:e3:f6:f0:39:0e:ed:
                    19:f0:f9:29:66:c3:dd:86:77:f3:72:18:75:03:62:
                    98:3c:7b:52:92:82:54:76:e8:a8:fa:12:16:0c:29:
                    cf:8c:7b:94:77:e6:81:8f:0b:8b:18:59:57:2b:38:
                    4d:e8:d9:0a:80:5d:86:1d:20:c7:53:eb:51:de:b3:
                    0d:f7:11:68:47:ed:ef:2e:d0:90:f8:da:6d:56:50:
                    01:da:66:02:13:43:f2:da:38:c4:d3:1a:93:ff:50:
                    b7:a6:39:c1:f7:f1:ff:24:69:2d:a3:69:e4:d7:ec:
                    b4:bd:90:b1:e5:e9:f2:8a:b5:78:ec:f6:56:a9:15:
                    52:80:54:d0:44:0c:86:df:53:d7:8d:44:5b:aa:eb:
                    cc:e3:19:61:f8:74:3a:ec:7f:b6:b2:c3:64:8b:9e:
                    9d:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:D2:CE:D3:52:F0:1F:7E:B5:DC:76:19:ED:71:4C:6B:6A:5C:79:1E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/245e1a-0612-4596-a95a-9df72530b669/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/245e1a-0612-4596-a95a-9df72530b669/1/bdLO01LwH3613HYZ7XFMa2pceR4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1f0::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215561

    Signature Algorithm: sha256WithRSAEncryption
         80:87:4d:3a:c7:80:1a:c3:12:be:94:6c:de:18:14:7b:9d:95:
         c6:d4:c3:59:6e:31:f0:51:26:9d:26:df:f3:ba:97:12:0a:e4:
         14:84:73:75:fd:07:a8:58:93:76:31:c2:06:6a:2e:ca:b3:54:
         49:bb:2c:bf:10:ef:f8:6d:62:47:36:3f:ba:ca:8a:52:0b:fb:
         49:07:dc:1a:c6:4f:cb:1e:6b:61:25:e4:c4:4c:97:29:c2:07:
         77:a1:c5:27:01:2f:d2:9b:fe:dc:33:33:b0:40:1d:97:82:46:
         9e:4c:64:2f:13:d5:9f:70:0f:33:e6:8b:20:4c:e5:60:fe:f0:
         af:44:e1:01:b4:06:1a:eb:0a:7e:63:0d:81:47:f8:4b:f9:98:
         47:bd:eb:e2:88:78:0e:6a:8d:da:e4:53:bb:0f:0c:01:19:b8:
         9d:78:29:7c:6d:b3:df:ad:cc:be:95:ea:49:57:c7:04:87:26:
         e9:d3:5a:2e:3b:d2:60:07:2e:cd:e7:85:ca:55:cf:cb:fe:75:
         91:58:2b:0f:58:a6:1e:de:e9:81:7a:e2:18:d3:bb:e7:03:35:
         20:21:36:f6:46:b4:c3:7b:f6:83:ef:36:4f:a5:0e:75:59:69:
         71:be:f6:4d:f0:bd:ae:32:8f:8e:d5:49:f9:cc:a6:ba:60:c2:
         45:e7:19:f6
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZR0IhXH2A2WS5goX9165eSuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTE3MTE1OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGQyY2VkMzUyZjAxZjdlYjVkYzc2MTllZDcxNGM2YjZhNWM3OTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxBre9HcPCDQET7z9GCXwLg0J+K0
4iCryrwUEnmZGXDeCruVm3PSzWyHaMbwE+3hFPEtH1TuFiQFaSW+8XFLrDHkXd7+
wwdRv0+dZcwtEOgohV1PydQjNzDYPFEAsUoXtzXj9vA5Du0Z8PkpZsPdhnfzchh1
A2KYPHtSkoJUduio+hIWDCnPjHuUd+aBjwuLGFlXKzhN6NkKgF2GHSDHU+tR3rMN
9xFoR+3vLtCQ+NptVlAB2mYCE0Py2jjE0xqT/1C3pjnB9/H/JGkto2nk1+y0vZCx
5enyirV47PZWqRVSgFTQRAyG31PXjURbquvM4xlh+HQ67H+2ssNki56ddQIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFG3SztNS8B9+tdx2Ge1xTGtqXHkeMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzA2LzI0NWUx
YS0wNjEyLTQ1OTYtYTk1YS05ZGY3MjUzMGI2NjkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDYvMjQ1ZTFh
LTA2MTItNDU5Ni1hOTVhLTlkZjcyNTMwYjY2OS8xL2JkTE8wMUx3SDM2MTNIWVo3
WEZNYTJwY2VSNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAHwMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwNKCTANBgkqhkiG9w0BAQsFAAOCAQEAgIdNOseAGsMSvpRs3hgUe52VxtTD
WW4x8FEmnSbf87qXEgrkFIRzdf0HqFiTdjHCBmouyrNUSbssvxDv+G1iRzY/usqK
Ugv7SQfcGsZPyx5rYSXkxEyXKcIHd6HFJwEv0pv+3DMzsEAdl4JGnkxkLxPVn3AP
M+aLIEzlYP7wr0ThAbQGGusKfmMNgUf4S/mYR73r4oh4DmqN2uRTuw8MARm4nXgp
fG2z363MvpXqSVfHBIcm6dNaLjvSYAcuzeeFylXPy/51kVgrD1imHt7pgXriGNO7
5wM1ICE29ka0w3v2g+82T6UOdVlpcb72TfC9rjKPjtVJ+cymumDCRecZ9g==
-----END CERTIFICATE-----