Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bzg_Pxkxuo0uyixRv30n09wgVVA.cer
File:                     bzg_Pxkxuo0uyixRv30n09wgVVA.cer (raw, json)
Hash identifier:          EHgHYNvUpqWAfSuUe3BwNG1uJSkIGEVdl1GMxOIN4N8=
Subject key identifier:   6F:38:3F:3F:19:31:BA:8D:2E:CA:2C:51:BF:7D:27:D3:DC:20:55:50
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019251771D8F93F8626F2FB853F34A6EC093
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c3/5dfeec-10a2-48b7-bcfa-a625ef51892a/1/bzg_Pxkxuo0uyixRv30n09wgVVA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c3/5dfeec-10a2-48b7-bcfa-a625ef51892a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 03 Oct 2024 08:20:13 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 194.153.156.0/26

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:51:77:1d:8f:93:f8:62:6f:2f:b8:53:f3:4a:6e:c0:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Oct  3 08:20:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f383f3f1931ba8d2eca2c51bf7d27d3dc205550
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:d7:9c:59:cb:bc:00:c6:ed:10:ee:dd:13:6e:
                    a3:54:c0:e0:9b:ca:a6:d0:97:55:5d:fd:c8:42:9a:
                    8b:47:df:2e:75:8d:ce:f6:8d:e5:08:26:8f:d0:58:
                    2a:2e:ed:89:72:0a:ff:83:1a:96:fd:16:df:28:c2:
                    93:df:8e:48:bb:81:59:ff:0d:c1:6d:25:2d:80:37:
                    58:28:18:f7:6e:42:f4:9a:46:92:40:74:90:cf:f1:
                    f1:20:32:d7:62:cc:d6:90:98:6b:64:6c:09:ff:c8:
                    f4:0b:fa:51:b6:07:c6:3a:4e:fa:38:8a:5b:87:52:
                    ac:06:d2:85:c4:50:d7:db:dc:e9:81:e0:a5:c5:89:
                    82:8d:e7:27:6d:bf:10:23:5b:b4:c1:64:c3:db:2c:
                    66:70:00:97:49:54:f6:1e:40:58:7d:60:a3:c0:3b:
                    5b:a0:ba:b8:a8:6f:df:6d:1a:84:3d:42:4e:0f:9e:
                    a6:4e:9f:54:77:aa:42:b5:18:13:00:58:e6:a5:64:
                    3a:4e:0e:c0:72:ef:60:62:21:71:9a:56:32:d2:69:
                    72:27:9a:eb:37:72:36:65:c9:27:d0:4e:2e:c0:f7:
                    a8:4f:d3:15:c2:34:bb:93:13:4d:33:bf:60:c9:5b:
                    ed:c6:50:b3:48:fd:36:fa:bc:a2:a9:f3:e2:87:ba:
                    5c:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:38:3F:3F:19:31:BA:8D:2E:CA:2C:51:BF:7D:27:D3:DC:20:55:50
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/5dfeec-10a2-48b7-bcfa-a625ef51892a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/5dfeec-10a2-48b7-bcfa-a625ef51892a/1/bzg_Pxkxuo0uyixRv30n09wgVVA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.153.156.0/26

    Signature Algorithm: sha256WithRSAEncryption
         01:59:ec:83:70:1c:9d:c1:3c:28:ae:aa:12:f7:e4:30:9b:93:
         95:f2:24:b6:e7:db:67:d3:ed:de:37:f3:d0:c1:b2:4c:86:b3:
         a1:4b:38:5c:35:40:6b:61:25:ab:a3:bf:03:9c:37:ab:eb:09:
         76:55:f2:d7:fb:c0:c3:15:05:ee:94:3f:11:5b:c9:81:fa:31:
         95:e4:28:aa:b0:e0:7b:2d:a6:fd:a2:9c:8b:48:f3:d2:4d:13:
         61:d6:42:fa:65:ed:96:61:f1:81:ca:0f:2c:31:f5:46:31:6f:
         b1:45:ed:2e:46:d4:73:39:94:05:f6:1f:bb:3f:fe:7a:6a:92:
         80:78:6a:d4:72:28:07:31:65:5d:f8:21:b5:c9:d4:89:3d:fc:
         fd:75:0b:c8:f6:4d:e2:6c:64:98:a5:86:37:e9:9e:ca:6f:2f:
         d4:da:81:a9:61:c2:eb:f4:43:3e:1b:40:87:8b:e4:36:65:e1:
         85:a8:1a:3c:b5:13:5d:57:cd:29:d1:d5:d5:bd:3f:8e:48:23:
         6d:3c:db:e1:b3:b0:70:ae:1d:32:c7:b3:a6:42:b0:40:78:9b:
         25:1c:c9:81:ce:c4:71:b6:b6:62:2b:cc:67:44:9d:d4:40:c0:
         d2:26:96:5c:19:80:6b:5b:e3:cf:d0:4b:2f:43:95:12:41:35:
         7f:08:72:9c
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAZJRdx2Pk/hiby+4U/NKbsCTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQxMDAzMDgyMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjM4M2YzZjE5MzFiYThkMmVjYTJjNTFiZjdkMjdkM2RjMjA1NTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotecWcu8AMbtEO7dE26jVMDgm8qm
0JdVXf3IQpqLR98udY3O9o3lCCaP0FgqLu2Jcgr/gxqW/RbfKMKT345Iu4FZ/w3B
bSUtgDdYKBj3bkL0mkaSQHSQz/HxIDLXYszWkJhrZGwJ/8j0C/pRtgfGOk76OIpb
h1KsBtKFxFDX29zpgeClxYmCjecnbb8QI1u0wWTD2yxmcACXSVT2HkBYfWCjwDtb
oLq4qG/fbRqEPUJOD56mTp9Ud6pCtRgTAFjmpWQ6Tg7Acu9gYiFxmlYy0mlyJ5rr
N3I2Zckn0E4uwPeoT9MVwjS7kxNNM79gyVvtxlCzSP02+ryiqfPih7pcowIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFG84Pz8ZMbqNLsosUb99J9PcIFVQMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MzLzVkZmVl
Yy0xMGEyLTQ4YjctYmNmYS1hNjI1ZWY1MTg5MmEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzMvNWRmZWVj
LTEwYTItNDhiNy1iY2ZhLWE2MjVlZjUxODkyYS8xL2J6Z19QeGt4dW8wdXlpeFJ2
MzBuMDl3Z1ZWQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAATAHAwUGwpmcADANBgkqhkiG9w0BAQsFAAOCAQEAAVns
g3AcncE8KK6qEvfkMJuTlfIktufbZ9Pt3jfz0MGyTIazoUs4XDVAa2Elq6O/A5w3
q+sJdlXy1/vAwxUF7pQ/EVvJgfoxleQoqrDgey2m/aKci0jz0k0TYdZC+mXtlmHx
gcoPLDH1RjFvsUXtLkbUczmUBfYfuz/+emqSgHhq1HIoBzFlXfghtcnUiT38/XUL
yPZN4mxkmKWGN+meym8v1NqBqWHC6/RDPhtAh4vkNmXhhagaPLUTXVfNKdHV1b0/
jkgjbTzb4bOwcK4dMsezpkKwQHibJRzJgc7Ecba2YivMZ0Sd1EDA0iaWXBmAa1vj
z9BLL0OVEkE1fwhynA==
-----END CERTIFICATE-----