Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dLA_BQyflGvisljcSWDsCQhfwVc.cer
File:                     dLA_BQyflGvisljcSWDsCQhfwVc.cer (raw, json)
Hash identifier:          XSBSv79euEGf5yLC/dLAMLGgbnqbdUjl44el306MDZI=
Subject key identifier:   74:B0:3F:05:0C:9F:94:6B:E2:B2:58:DC:49:60:EC:09:08:5F:C1:57
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0190690E9288623DB3178013E1DDF2660B65
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2b/c75753-17c2-4324-8264-37c72a7ac8d1/1/dLA_BQyflGvisljcSWDsCQhfwVc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2b/c75753-17c2-4324-8264-37c72a7ac8d1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 30 Jun 2024 12:11:21 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 49070
                          IP: 91.215.196.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:69:0e:92:88:62:3d:b3:17:80:13:e1:dd:f2:66:0b:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jun 30 12:11:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74b03f050c9f946be2b258dc4960ec09085fc157
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:33:d6:cc:10:ea:32:a7:c6:cd:ba:11:61:cd:
                    99:b5:41:15:1c:6e:53:f5:5b:27:b3:50:46:b4:f9:
                    fd:0c:51:ae:1e:04:79:7b:6c:37:3e:76:15:35:88:
                    36:99:69:20:2c:ee:25:12:10:73:80:22:7c:87:e3:
                    94:41:ee:e3:49:b4:58:93:8c:d1:70:bf:a0:00:2f:
                    36:2c:8f:15:10:aa:b5:26:df:7b:f1:0c:69:c2:10:
                    b1:ec:75:82:a3:f6:3d:f7:7c:5c:85:c3:66:5c:44:
                    13:18:d0:f0:76:c5:9f:87:56:28:bb:b2:13:33:34:
                    d7:9a:ce:a6:1f:1b:ae:76:c5:64:d8:89:11:f3:89:
                    dc:8c:04:9f:22:c5:30:16:40:27:87:59:d6:98:55:
                    ab:78:1b:4f:cb:3c:35:05:c2:3c:e1:7e:ac:6c:a7:
                    35:90:ca:3a:5a:5e:fc:c3:3c:c6:4f:70:48:72:5c:
                    05:9e:af:ec:5e:8d:d7:2b:4f:4c:3a:be:60:c8:37:
                    18:8d:b2:93:e1:7b:3c:61:56:f5:d6:a6:b8:62:81:
                    49:59:3b:9a:95:e0:d2:a9:61:99:e1:c4:24:77:98:
                    c8:2c:4d:3f:54:86:44:c3:dc:f0:7d:38:31:02:6e:
                    2a:d6:28:f0:13:06:ed:a8:2f:72:52:e5:92:9a:04:
                    1a:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:B0:3F:05:0C:9F:94:6B:E2:B2:58:DC:49:60:EC:09:08:5F:C1:57
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/c75753-17c2-4324-8264-37c72a7ac8d1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/c75753-17c2-4324-8264-37c72a7ac8d1/1/dLA_BQyflGvisljcSWDsCQhfwVc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.215.196.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  49070

    Signature Algorithm: sha256WithRSAEncryption
         a7:57:22:e5:0a:5e:8a:22:15:40:d1:2c:75:8f:2c:03:11:dc:
         d5:dc:83:9f:c9:b8:75:50:45:94:1a:14:a1:71:e1:28:c5:5c:
         23:ef:d9:5d:a2:f2:76:c9:77:cc:68:6c:60:14:a3:40:f1:a2:
         8d:0d:3d:80:4a:6c:26:64:f1:10:14:f5:bb:b0:a1:63:dd:e4:
         66:85:d6:a3:8f:7c:d1:83:f8:0d:8c:c8:97:c0:98:f5:08:ce:
         f9:5d:30:5e:57:e7:8b:34:1c:68:8b:20:92:c2:0b:a8:7f:9e:
         35:af:20:73:f2:82:ff:a5:32:10:f6:7c:c5:87:e9:31:a9:78:
         d4:84:9e:90:a4:30:cd:e0:79:89:9e:8b:59:53:45:f3:61:b1:
         3b:ca:92:1d:18:04:71:00:27:c9:c0:05:1c:43:a3:82:32:77:
         18:49:90:75:8a:09:0f:45:8b:32:55:c4:a2:70:41:8b:53:d4:
         a0:3b:d5:86:88:3f:99:c8:dc:80:a1:4b:b0:f2:c6:8d:16:d8:
         9b:61:46:15:49:c8:19:60:68:c8:f9:30:47:d2:cc:6f:c7:a3:
         24:42:d1:9b:b7:ba:e5:ec:f8:5a:2c:fd:cc:31:2c:5a:f1:83:
         b1:ac:04:cc:35:1b:62:34:37:d6:d2:bb:74:d7:38:0c:bb:f6:
         7f:55:b0:85
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZBpDpKIYj2zF4AT4d3yZgtlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNjMwMTIxMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGIwM2YwNTBjOWY5NDZiZTJiMjU4ZGM0OTYwZWMwOTA4NWZjMTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5TPWzBDqMqfGzboRYc2ZtUEVHG5T
9Vsns1BGtPn9DFGuHgR5e2w3PnYVNYg2mWkgLO4lEhBzgCJ8h+OUQe7jSbRYk4zR
cL+gAC82LI8VEKq1Jt978QxpwhCx7HWCo/Y993xchcNmXEQTGNDwdsWfh1You7IT
MzTXms6mHxuudsVk2IkR84ncjASfIsUwFkAnh1nWmFWreBtPyzw1BcI84X6sbKc1
kMo6Wl78wzzGT3BIclwFnq/sXo3XK09MOr5gyDcYjbKT4Xs8YVb11qa4YoFJWTua
leDSqWGZ4cQkd5jILE0/VIZEw9zwfTgxAm4q1ijwEwbtqC9yUuWSmgQaQQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFHSwPwUMn5Rr4rJY3Elg7AkIX8FXMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJiL2M3NTc1
My0xN2MyLTQzMjQtODI2NC0zN2M3MmE3YWM4ZDEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmIvYzc1NzUz
LTE3YzItNDMyNC04MjY0LTM3YzcyYTdhYzhkMS8xL2RMQV9CUXlmbEd2aXNsamNT
V0RzQ1FoZndWYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCW9fEMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwC/rjANBgkqhkiG9w0BAQsFAAOCAQEAp1ci5QpeiiIVQNEsdY8sAxHc1dyDn8m4
dVBFlBoUoXHhKMVcI+/ZXaLydsl3zGhsYBSjQPGijQ09gEpsJmTxEBT1u7ChY93k
ZoXWo4980YP4DYzIl8CY9QjO+V0wXlfnizQcaIsgksILqH+eNa8gc/KC/6UyEPZ8
xYfpMal41ISekKQwzeB5iZ6LWVNF82GxO8qSHRgEcQAnycAFHEOjgjJ3GEmQdYoJ
D0WLMlXEonBBi1PUoDvVhog/mcjcgKFLsPLGjRbYm2FGFUnIGWBoyPkwR9LMb8ej
JELRm7e65ez4Wiz9zDEsWvGDsawEzDUbYjQ31tK7dNc4DLv2f1WwhQ==
-----END CERTIFICATE-----