Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/btSqOMC1kdSms-WFaFxtQ4gNrHg.cer
File:                     btSqOMC1kdSms-WFaFxtQ4gNrHg.cer (raw, json)
Hash identifier:          dLyk8IUZDMkcSWMMoN9s/mCOXRNkMTUKCv/I1qbNQKo=
Subject key identifier:   6E:D4:AA:38:C0:B5:91:D4:A6:B3:E5:85:68:5C:6D:43:88:0D:AC:78
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0192D7F9484D71AF989E68322DAF7E324305
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/31/9a8786-09f4-4b60-867a-c8b2df23d519/1/btSqOMC1kdSms-WFaFxtQ4gNrHg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/31/9a8786-09f4-4b60-867a-c8b2df23d519/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 29 Oct 2024 11:11:31 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 213959
                          IP: 2001:67c:f54::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d7:f9:48:4d:71:af:98:9e:68:32:2d:af:7e:32:43:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Oct 29 11:11:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ed4aa38c0b591d4a6b3e585685c6d43880dac78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:2a:c4:49:03:29:6e:f9:96:a3:1d:11:c3:af:
                    7d:32:30:53:ac:7c:61:e7:a5:cc:75:0a:8f:c8:15:
                    27:17:c3:26:3e:43:25:20:71:14:0d:ae:a2:09:8c:
                    4d:16:c8:42:4f:72:cd:07:45:9a:c1:f1:2b:f0:20:
                    8b:83:d1:bf:ec:ec:91:25:65:9e:83:e0:65:e8:6b:
                    00:97:b8:78:7d:3b:11:45:d1:78:2f:f3:54:2f:e8:
                    eb:15:ef:07:e7:d9:c9:3a:d2:ae:73:a2:1d:ee:a4:
                    12:7b:fb:29:6e:6e:7d:28:73:74:79:06:d7:b4:02:
                    05:cb:ed:ad:fe:c1:72:2c:0f:e8:b7:47:f2:9f:58:
                    9a:96:17:76:f4:d2:76:3d:7b:23:09:51:3b:7b:a3:
                    e8:8a:57:8a:25:22:52:68:bf:db:85:29:dc:1b:a6:
                    86:41:f2:fb:fa:a5:82:42:8d:45:0b:61:17:58:28:
                    ea:e2:85:88:82:0f:06:a9:15:6b:37:4d:10:97:6f:
                    89:70:90:f2:25:81:07:f5:9c:7e:05:08:19:b6:80:
                    a6:70:ea:43:30:15:fc:cb:4b:98:43:fe:6b:41:4d:
                    8f:e1:28:76:dc:97:7e:3a:12:4d:7a:6b:14:45:76:
                    1a:0d:8f:60:26:51:d6:d8:11:fc:79:72:fd:c8:a7:
                    7c:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:D4:AA:38:C0:B5:91:D4:A6:B3:E5:85:68:5C:6D:43:88:0D:AC:78
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/9a8786-09f4-4b60-867a-c8b2df23d519/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/9a8786-09f4-4b60-867a-c8b2df23d519/1/btSqOMC1kdSms-WFaFxtQ4gNrHg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:f54::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213959

    Signature Algorithm: sha256WithRSAEncryption
         a4:4a:ca:9c:6a:ca:a4:81:13:fd:c8:f1:7a:32:aa:e7:7a:1a:
         ac:5b:7c:31:3e:19:58:87:24:4f:82:06:2d:ad:63:89:85:88:
         07:6a:19:b5:fd:e6:6b:59:0e:cc:57:21:33:10:be:11:b6:e9:
         47:76:21:95:a9:0e:f7:78:8f:ee:c1:b7:7e:25:1b:24:25:d7:
         27:ad:05:52:cd:44:5e:0e:2c:a9:ac:40:47:c5:4c:e7:93:3d:
         63:d2:b6:d6:aa:35:40:8d:30:92:8b:7f:bc:ab:c0:a2:2b:b8:
         6c:a4:76:5f:2f:0c:28:5e:3a:4c:58:d8:0f:b0:83:35:1f:47:
         93:8d:9c:1a:84:b3:2f:8f:8e:71:9b:20:fd:1a:6f:c9:fa:1b:
         43:2f:51:b1:15:22:c9:43:fd:51:6b:58:ac:a3:76:09:54:66:
         57:f6:50:0f:8c:02:be:5b:00:cc:82:47:33:b5:52:22:3e:47:
         ea:c2:18:25:20:15:d5:cb:9c:60:e5:e7:40:78:b1:f8:d3:ca:
         2e:22:1f:fb:72:22:39:36:54:69:34:79:9a:e6:31:d6:d0:a4:
         32:a7:30:58:e7:cf:4a:bd:c6:5d:f5:c3:23:8f:09:1e:2c:9f:
         ae:25:e2:9c:92:47:70:5e:76:44:91:d8:64:40:09:04:b2:fa:
         35:a0:d9:45
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZLX+UhNca+YnmgyLa9+MkMFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQxMDI5MTExMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWQ0YWEzOGMwYjU5MWQ0YTZiM2U1ODU2ODVjNmQ0Mzg4MGRhYzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2yrESQMpbvmWox0Rw699MjBTrHxh
56XMdQqPyBUnF8MmPkMlIHEUDa6iCYxNFshCT3LNB0WawfEr8CCLg9G/7OyRJWWe
g+Bl6GsAl7h4fTsRRdF4L/NUL+jrFe8H59nJOtKuc6Id7qQSe/spbm59KHN0eQbX
tAIFy+2t/sFyLA/ot0fyn1ialhd29NJ2PXsjCVE7e6PoileKJSJSaL/bhSncG6aG
QfL7+qWCQo1FC2EXWCjq4oWIgg8GqRVrN00Ql2+JcJDyJYEH9Zx+BQgZtoCmcOpD
MBX8y0uYQ/5rQU2P4Sh23Jd+OhJNemsURXYaDY9gJlHW2BH8eXL9yKd8jwIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFG7UqjjAtZHUprPlhWhcbUOIDax4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMxLzlhODc4
Ni0wOWY0LTRiNjAtODY3YS1jOGIyZGYyM2Q1MTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzEvOWE4Nzg2
LTA5ZjQtNGI2MC04NjdhLWM4YjJkZjIzZDUxOS8xL2J0U3FPTUMxa2RTbXMtV0Zh
Rnh0UTRnTnJIZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA9UMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwNDxzANBgkqhkiG9w0BAQsFAAOCAQEApErKnGrKpIET/cjxejKq53oarFt8
MT4ZWIckT4IGLa1jiYWIB2oZtf3ma1kOzFchMxC+EbbpR3YhlakO93iP7sG3fiUb
JCXXJ60FUs1EXg4sqaxAR8VM55M9Y9K21qo1QI0wkot/vKvAoiu4bKR2Xy8MKF46
TFjYD7CDNR9Hk42cGoSzL4+OcZsg/RpvyfobQy9RsRUiyUP9UWtYrKN2CVRmV/ZQ
D4wCvlsAzIJHM7VSIj5H6sIYJSAV1cucYOXnQHix+NPKLiIf+3IiOTZUaTR5muYx
1tCkMqcwWOfPSr3GXfXDI48JHiyfriXinJJHcF52RJHYZEAJBLL6NaDZRQ==
-----END CERTIFICATE-----