Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dLA_BQyflGvisljcSWDsCQhfwVc.cer
File:                     dLA_BQyflGvisljcSWDsCQhfwVc.cer (raw, json)
Hash identifier:          rFB2VkqAFBcp+2wJHe8o+q3aBWYTBlGSXGHq632bvEk=
Subject key identifier:   74:B0:3F:05:0C:9F:94:6B:E2:B2:58:DC:49:60:EC:09:08:5F:C1:57
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019423D6FFF56BD4DE51E4FD8EE2CE4447A5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2b/c75753-17c2-4324-8264-37c72a7ac8d1/1/dLA_BQyflGvisljcSWDsCQhfwVc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2b/c75753-17c2-4324-8264-37c72a7ac8d1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 21:48:00 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 49070
                          IP: 91.215.196.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:ff:f5:6b:d4:de:51:e4:fd:8e:e2:ce:44:47:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 21:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74b03f050c9f946be2b258dc4960ec09085fc157
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:33:d6:cc:10:ea:32:a7:c6:cd:ba:11:61:cd:
                    99:b5:41:15:1c:6e:53:f5:5b:27:b3:50:46:b4:f9:
                    fd:0c:51:ae:1e:04:79:7b:6c:37:3e:76:15:35:88:
                    36:99:69:20:2c:ee:25:12:10:73:80:22:7c:87:e3:
                    94:41:ee:e3:49:b4:58:93:8c:d1:70:bf:a0:00:2f:
                    36:2c:8f:15:10:aa:b5:26:df:7b:f1:0c:69:c2:10:
                    b1:ec:75:82:a3:f6:3d:f7:7c:5c:85:c3:66:5c:44:
                    13:18:d0:f0:76:c5:9f:87:56:28:bb:b2:13:33:34:
                    d7:9a:ce:a6:1f:1b:ae:76:c5:64:d8:89:11:f3:89:
                    dc:8c:04:9f:22:c5:30:16:40:27:87:59:d6:98:55:
                    ab:78:1b:4f:cb:3c:35:05:c2:3c:e1:7e:ac:6c:a7:
                    35:90:ca:3a:5a:5e:fc:c3:3c:c6:4f:70:48:72:5c:
                    05:9e:af:ec:5e:8d:d7:2b:4f:4c:3a:be:60:c8:37:
                    18:8d:b2:93:e1:7b:3c:61:56:f5:d6:a6:b8:62:81:
                    49:59:3b:9a:95:e0:d2:a9:61:99:e1:c4:24:77:98:
                    c8:2c:4d:3f:54:86:44:c3:dc:f0:7d:38:31:02:6e:
                    2a:d6:28:f0:13:06:ed:a8:2f:72:52:e5:92:9a:04:
                    1a:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:B0:3F:05:0C:9F:94:6B:E2:B2:58:DC:49:60:EC:09:08:5F:C1:57
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/c75753-17c2-4324-8264-37c72a7ac8d1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/c75753-17c2-4324-8264-37c72a7ac8d1/1/dLA_BQyflGvisljcSWDsCQhfwVc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.215.196.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  49070

    Signature Algorithm: sha256WithRSAEncryption
         87:60:69:d6:ee:0f:d6:c1:20:f6:75:ad:b9:c0:5b:d5:6c:5c:
         b8:41:03:8e:58:3f:56:55:cf:af:db:99:00:b0:35:b4:40:fd:
         0f:83:a6:16:d0:f4:41:f1:cd:74:3c:41:5f:62:c1:be:98:25:
         a5:d5:27:f8:3a:81:17:54:8e:1d:27:79:b0:d9:41:c3:92:0f:
         65:4b:30:06:2c:e6:ab:9f:a5:75:04:09:c5:c4:9f:a3:91:d5:
         4e:72:60:c9:8c:05:d7:1c:03:c0:7e:b6:5d:20:65:97:64:99:
         5c:20:38:56:12:7f:f2:ef:30:e2:81:c8:63:7c:31:a8:f7:06:
         57:0e:bc:38:5f:47:ff:a1:6a:2c:db:9e:4b:cc:60:2e:65:31:
         dc:46:95:52:4f:2b:c9:f4:d6:3f:93:98:62:06:2f:17:3a:da:
         08:39:a4:8b:4c:22:16:4d:e7:55:1b:2d:49:24:1a:b7:80:8c:
         25:93:05:3d:30:60:dd:7d:73:7a:cd:c7:cb:a7:4f:f2:df:d7:
         99:81:72:58:81:68:7d:34:1a:69:cb:90:ac:fe:bb:31:6c:bf:
         f4:2c:b3:ba:fb:56:6c:a6:56:37:f0:a7:dc:e2:13:8c:81:09:
         ae:09:66:04:41:9c:9b:76:21:dd:c0:c4:b7:42:19:45:ae:f2:
         98:cc:8e:b9
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQj1v/1a9TeUeT9juLOREelMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMjE0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGIwM2YwNTBjOWY5NDZiZTJiMjU4ZGM0OTYwZWMwOTA4NWZjMTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5TPWzBDqMqfGzboRYc2ZtUEVHG5T
9Vsns1BGtPn9DFGuHgR5e2w3PnYVNYg2mWkgLO4lEhBzgCJ8h+OUQe7jSbRYk4zR
cL+gAC82LI8VEKq1Jt978QxpwhCx7HWCo/Y993xchcNmXEQTGNDwdsWfh1You7IT
MzTXms6mHxuudsVk2IkR84ncjASfIsUwFkAnh1nWmFWreBtPyzw1BcI84X6sbKc1
kMo6Wl78wzzGT3BIclwFnq/sXo3XK09MOr5gyDcYjbKT4Xs8YVb11qa4YoFJWTua
leDSqWGZ4cQkd5jILE0/VIZEw9zwfTgxAm4q1ijwEwbtqC9yUuWSmgQaQQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFHSwPwUMn5Rr4rJY3Elg7AkIX8FXMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJiL2M3NTc1
My0xN2MyLTQzMjQtODI2NC0zN2M3MmE3YWM4ZDEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmIvYzc1NzUz
LTE3YzItNDMyNC04MjY0LTM3YzcyYTdhYzhkMS8xL2RMQV9CUXlmbEd2aXNsamNT
V0RzQ1FoZndWYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCW9fEMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwC/rjANBgkqhkiG9w0BAQsFAAOCAQEAh2Bp1u4P1sEg9nWtucBb1WxcuEEDjlg/
VlXPr9uZALA1tED9D4OmFtD0QfHNdDxBX2LBvpglpdUn+DqBF1SOHSd5sNlBw5IP
ZUswBizmq5+ldQQJxcSfo5HVTnJgyYwF1xwDwH62XSBll2SZXCA4VhJ/8u8w4oHI
Y3wxqPcGVw68OF9H/6FqLNueS8xgLmUx3EaVUk8ryfTWP5OYYgYvFzraCDmki0wi
Fk3nVRstSSQat4CMJZMFPTBg3X1zes3Hy6dP8t/XmYFyWIFofTQaacuQrP67MWy/
9CyzuvtWbKZWN/Cn3OITjIEJrglmBEGcm3Yh3cDEt0IZRa7ymMyOuQ==
-----END CERTIFICATE-----