Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bkBn13v-qZ3yXOXgipIT0RKAFM8.cer
File:                     bkBn13v-qZ3yXOXgipIT0RKAFM8.cer (raw, json)
Hash identifier:          dlpgmBYwrX6ooHO1b3Cc+hRRbEgJJznby7/KoAh1/eU=
Subject key identifier:   6E:40:67:D7:7B:FE:A9:9D:F2:5C:E5:E0:8A:92:13:D1:12:80:14:CF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC72732F3DADD6F888753EEF3C3A2F6D1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/0d/589eca-3f19-4e23-a3fb-3303f71622f9/1/bkBn13v-qZ3yXOXgipIT0RKAFM8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/0d/589eca-3f19-4e23-a3fb-3303f71622f9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 22:31:24 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 49026
                          AS: 56730
                          AS: 64448
                          IP: 91.227.26.0/24
                          IP: 95.131.80.0/21
                          IP: 134.0.16.0/21
                          IP: 185.27.32.0/22
                          IP: 185.42.196.0/22
                          IP: 185.53.92.0/22
                          IP: 185.164.44.0/22
                          IP: 188.114.112.0/21
                          IP: 2a02:ef8::/32
                          IP: 2a03:b980::/32
                          IP: 2a0a:ac00::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:32:f3:da:dd:6f:88:87:53:ee:f3:c3:a2:f6:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e4067d77bfea99df25ce5e08a9213d1128014cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:0e:d5:42:eb:83:b2:47:70:40:9c:58:cc:cb:
                    8f:6b:39:e7:f1:ce:ee:05:b1:84:27:1b:5d:70:96:
                    07:00:19:44:b1:0e:fb:92:1e:41:27:4d:64:05:ff:
                    6e:dc:e9:53:26:da:e6:3f:2d:7b:4d:0e:43:c8:9b:
                    f9:36:f7:71:b7:e9:6b:67:36:5d:40:35:5e:32:0d:
                    c1:43:57:b3:4d:89:0b:e8:3b:41:3c:0d:52:25:34:
                    e2:bb:11:88:55:39:14:a4:e7:5f:cd:2a:40:7a:72:
                    72:e7:a1:49:e0:66:de:01:31:d2:d6:6e:f3:a9:3c:
                    56:12:74:6f:a2:f1:71:23:03:92:f5:a8:32:99:2c:
                    54:23:c2:dc:09:02:c4:c5:64:cf:9d:06:14:88:71:
                    8e:ff:30:f3:df:3c:5c:3a:d6:76:d3:51:fd:2c:9f:
                    3f:8b:b2:59:1c:d6:13:1a:55:ac:71:5f:88:6a:56:
                    1d:1e:40:d5:93:9a:f5:a4:80:b3:7e:6b:a8:54:db:
                    44:3e:76:b0:09:81:2e:e2:f2:fd:5a:bc:11:b2:e7:
                    f1:c5:7e:b3:e2:63:d4:b3:87:13:55:8a:f8:aa:c2:
                    db:d6:b0:b9:e3:97:e6:e1:b8:84:49:9f:2f:5d:bf:
                    44:30:6a:13:2f:19:96:21:78:00:4b:2e:ed:b0:bd:
                    30:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:40:67:D7:7B:FE:A9:9D:F2:5C:E5:E0:8A:92:13:D1:12:80:14:CF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/589eca-3f19-4e23-a3fb-3303f71622f9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/589eca-3f19-4e23-a3fb-3303f71622f9/1/bkBn13v-qZ3yXOXgipIT0RKAFM8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.26.0/24
                  95.131.80.0/21
                  134.0.16.0/21
                  185.27.32.0/22
                  185.42.196.0/22
                  185.53.92.0/22
                  185.164.44.0/22
                  188.114.112.0/21
                IPv6:
                  2a02:ef8::/32
                  2a03:b980::/32
                  2a0a:ac00::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  49026
                  56730
                  64448

    Signature Algorithm: sha256WithRSAEncryption
         33:ba:c6:5d:0c:f1:17:95:90:69:55:e4:36:23:4c:c7:3c:6f:
         83:9a:cb:f9:28:8d:8d:98:fa:ac:b9:90:50:c7:56:e2:49:ba:
         a0:05:68:52:ee:9b:b1:93:ce:32:89:8b:b4:8a:b1:f0:98:64:
         e1:1c:a0:a8:7c:6a:5f:b5:38:2c:7b:4a:49:0f:23:a7:72:bd:
         6f:ae:c7:8d:5f:b2:40:80:82:5a:ab:93:83:86:5d:92:9b:7f:
         a5:3f:9e:79:c2:d3:bf:21:2d:7c:fc:cc:28:77:77:06:78:c5:
         74:6d:0f:e4:12:2f:c3:2c:ca:d0:dd:88:e0:a3:82:0a:2d:e3:
         52:4e:1d:86:a8:13:1e:29:37:23:01:6d:ab:09:81:fb:0e:8d:
         80:1f:5c:e7:78:16:05:fe:fe:8a:ac:8d:1a:d8:d3:fb:cd:2e:
         4e:a5:1f:9e:49:28:1b:21:39:bd:3b:0a:ae:63:73:3f:3c:e5:
         0f:d6:e6:85:91:b9:c6:15:a8:6e:1b:f0:75:e2:9d:36:b2:58:
         c0:fe:46:55:bc:c6:9c:aa:de:78:c1:25:94:f2:65:d8:ba:25:
         5a:5f:db:3b:7b:76:e3:fc:98:2b:b1:d2:42:2e:79:c6:52:72:
         f7:cc:3e:47:19:e6:3f:92:fd:61:04:2f:e3:98:f7:8e:21:07:
         3b:54:9c:77
-----BEGIN CERTIFICATE-----
MIIF5TCCBM2gAwIBAgISAYzHJzLz2t1viIdT7vPDovbRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjIzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTQwNjdkNzdiZmVhOTlkZjI1Y2U1ZTA4YTkyMTNkMTEyODAxNGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAog7VQuuDskdwQJxYzMuPaznn8c7u
BbGEJxtdcJYHABlEsQ77kh5BJ01kBf9u3OlTJtrmPy17TQ5DyJv5Nvdxt+lrZzZd
QDVeMg3BQ1ezTYkL6DtBPA1SJTTiuxGIVTkUpOdfzSpAenJy56FJ4GbeATHS1m7z
qTxWEnRvovFxIwOS9agymSxUI8LcCQLExWTPnQYUiHGO/zDz3zxcOtZ201H9LJ8/
i7JZHNYTGlWscV+IalYdHkDVk5r1pICzfmuoVNtEPnawCYEu4vL9WrwRsufxxX6z
4mPUs4cTVYr4qsLb1rC545fm4biESZ8vXb9EMGoTLxmWIXgASy7tsL0wswIDAQAB
o4IC8TCCAu0wHQYDVR0OBBYEFG5AZ9d7/qmd8lzl4IqSE9ESgBTPMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBkLzU4OWVj
YS0zZjE5LTRlMjMtYTNmYi0zMzAzZjcxNjIyZjkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGQvNTg5ZWNh
LTNmMTktNGUyMy1hM2ZiLTMzMDNmNzE2MjJmOS8xL2JrQm4xM3YtcVozeVhPWGdp
cElUMFJLQUZNOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMGYGCCsGAQUF
BwEHAQH/BFcwVTA2BAIAATAwAwQAW+MaAwQDX4NQAwQDhgAQAwQCuRsgAwQCuSrE
AwQCuTVcAwQCuaQsAwQDvHJwMBsEAgACMBUDBQAqAg74AwUAKgO5gAMFAyoKrAAw
JAYIKwYBBQUHAQgBAf8EFTAToBEwDwIDAL+CAgMA3ZoCAwD7wDANBgkqhkiG9w0B
AQsFAAOCAQEAM7rGXQzxF5WQaVXkNiNMxzxvg5rL+SiNjZj6rLmQUMdW4km6oAVo
Uu6bsZPOMomLtIqx8Jhk4RygqHxqX7U4LHtKSQ8jp3K9b67HjV+yQICCWquTg4Zd
kpt/pT+eecLTvyEtfPzMKHd3BnjFdG0P5BIvwyzK0N2I4KOCCi3jUk4dhqgTHik3
IwFtqwmB+w6NgB9c53gWBf7+iqyNGtjT+80uTqUfnkkoGyE5vTsKrmNzPzzlD9bm
hZG5xhWobhvwdeKdNrJYwP5GVbzGnKreeMEllPJl2LolWl/bO3t24/yYK7HSQi55
xlJy98w+RxnmP5L9YQQv45j3jiEHO1Scdw==
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:55:42 2024 by rpki-client on console-ams.rpki-client.org