Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9bNxv0zLYi-KrCR7OdNdiTTWfE.cer
File:                     e9bNxv0zLYi-KrCR7OdNdiTTWfE.cer (raw, json)
Hash identifier:          WgcVYyXEzbekoXLpFAnkXaiE4rnZ218ON57OHLd9Uy4=
Subject key identifier:   7B:D6:CD:C6:FD:33:2D:88:BE:2A:B0:91:EC:E7:4D:76:24:D3:59:F1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018F2B3EC9D9A54A53C51CC975F9BE109F5A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ff/29f386-4247-4e6a-9bf1-61c4a256f9ad/1/e9bNxv0zLYi-KrCR7OdNdiTTWfE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ff/29f386-4247-4e6a-9bf1-61c4a256f9ad/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 29 Apr 2024 19:04:46 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 192.112.151.0/24
                          IP: 192.112.178.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2b:3e:c9:d9:a5:4a:53:c5:1c:c9:75:f9:be:10:9f:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr 29 19:04:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7bd6cdc6fd332d88be2ab091ece74d7624d359f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:38:43:cb:58:e4:1c:ae:4e:3f:64:29:9b:df:
                    ee:12:4e:47:11:3b:3b:0a:ca:12:d7:89:91:60:10:
                    f1:e9:48:10:74:2c:85:2d:64:83:08:40:36:3d:0b:
                    99:72:ef:eb:ed:0f:3a:50:66:df:94:5d:b5:70:43:
                    70:3f:af:38:6e:b9:b7:25:37:27:55:d6:3a:46:04:
                    b5:85:da:0e:3a:5f:72:c1:55:2a:fd:12:00:8c:a1:
                    ff:c3:01:09:36:70:4c:37:c4:66:98:94:d5:b4:86:
                    78:28:90:1f:23:21:76:1d:47:44:68:7a:93:7a:d2:
                    77:6c:73:a1:c6:c9:04:48:1d:8e:39:ce:81:0e:27:
                    f0:59:94:fe:14:3c:8b:e5:eb:8e:93:c7:89:f1:2f:
                    22:9a:2d:e6:64:d7:e1:26:57:cd:0b:8c:44:99:16:
                    ce:29:5f:dc:5b:f8:ce:a9:6c:ad:14:4f:be:80:dc:
                    99:a3:98:40:9f:3b:18:e8:8d:dd:fc:27:dc:ca:ca:
                    52:8e:46:c6:65:c8:f8:73:8c:04:66:4f:4a:a3:8c:
                    65:ba:0a:be:f1:dd:25:3e:9a:3a:3d:de:e6:8d:2d:
                    3c:bc:de:94:98:ae:c9:cc:fd:a5:be:b7:35:c1:58:
                    ee:ca:96:cf:a6:e2:3a:07:f7:3b:d6:64:02:0e:30:
                    6f:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:D6:CD:C6:FD:33:2D:88:BE:2A:B0:91:EC:E7:4D:76:24:D3:59:F1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/29f386-4247-4e6a-9bf1-61c4a256f9ad/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/29f386-4247-4e6a-9bf1-61c4a256f9ad/1/e9bNxv0zLYi-KrCR7OdNdiTTWfE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.112.151.0/24
                  192.112.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:b2:0c:4b:81:a7:0d:ae:ac:98:40:11:36:19:43:52:f0:e5:
         d3:a3:32:7c:5b:e9:fd:15:1b:65:32:84:b0:39:67:09:c2:75:
         e2:b4:4f:e7:93:56:e0:d0:66:53:fe:6b:84:d1:7e:8b:85:3f:
         21:bd:fd:53:a2:82:7b:5e:c3:50:8c:66:74:9a:31:4d:b3:9f:
         d2:24:40:f6:d3:05:0b:3d:5e:f5:c0:51:46:07:a0:23:dc:16:
         5d:70:76:fd:f2:24:8b:a7:1b:10:93:02:b4:52:c3:27:42:67:
         e9:b2:b1:ae:d8:c4:76:a9:25:77:04:66:5f:47:2b:a0:40:95:
         25:0a:aa:fd:80:02:81:49:30:08:55:30:70:89:8b:3f:9a:f8:
         e2:99:f6:b0:85:96:8e:79:1f:48:c6:75:3a:f2:da:d0:4e:e8:
         31:ec:9b:38:05:b1:cb:c4:7e:82:3e:89:0a:a4:45:09:17:63:
         3b:cc:fd:08:ec:6d:36:b6:ee:5e:74:56:ca:1d:00:21:89:64:
         f8:bf:03:4a:82:03:bc:2d:b5:12:b9:17:52:00:96:02:a6:c3:
         23:d8:7f:de:78:59:d5:d4:79:7e:b2:a4:e7:44:6e:37:a6:b1:
         0c:56:30:f1:ab:28:b2:66:d6:6c:74:28:ee:35:8a:c4:71:12:
         fc:0a:f4:e7
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAY8rPsnZpUpTxRzJdfm+EJ9aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNDI5MTkwNDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmQ2Y2RjNmZkMzMyZDg4YmUyYWIwOTFlY2U3NGQ3NjI0ZDM1OWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3jhDy1jkHK5OP2Qpm9/uEk5HETs7
CsoS14mRYBDx6UgQdCyFLWSDCEA2PQuZcu/r7Q86UGbflF21cENwP684brm3JTcn
VdY6RgS1hdoOOl9ywVUq/RIAjKH/wwEJNnBMN8RmmJTVtIZ4KJAfIyF2HUdEaHqT
etJ3bHOhxskESB2OOc6BDifwWZT+FDyL5euOk8eJ8S8imi3mZNfhJlfNC4xEmRbO
KV/cW/jOqWytFE++gNyZo5hAnzsY6I3d/CfcyspSjkbGZcj4c4wEZk9Ko4xlugq+
8d0lPpo6Pd7mjS08vN6UmK7JzP2lvrc1wVjuypbPpuI6B/c71mQCDjBvQQIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFHvWzcb9My2IviqwkeznTXYk01nxMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZmLzI5ZjM4
Ni00MjQ3LTRlNmEtOWJmMS02MWM0YTI1NmY5YWQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmYvMjlmMzg2
LTQyNDctNGU2YS05YmYxLTYxYzRhMjU2ZjlhZC8xL2U5Yk54djB6TFlpLUtyQ1I3
T2ROZGlUVFdmRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQAwHCXAwQAwHCyMA0GCSqGSIb3DQEBCwUAA4IB
AQAHsgxLgacNrqyYQBE2GUNS8OXTozJ8W+n9FRtlMoSwOWcJwnXitE/nk1bg0GZT
/muE0X6LhT8hvf1TooJ7XsNQjGZ0mjFNs5/SJED20wULPV71wFFGB6Aj3BZdcHb9
8iSLpxsQkwK0UsMnQmfpsrGu2MR2qSV3BGZfRyugQJUlCqr9gAKBSTAIVTBwiYs/
mvjimfawhZaOeR9IxnU68trQTugx7Js4BbHLxH6CPokKpEUJF2M7zP0I7G02tu5e
dFbKHQAhiWT4vwNKggO8LbUSuRdSAJYCpsMj2H/eeFnV1Hl+sqTnRG43prEMVjDx
qyiyZtZsdCjuNYrEcRL8CvTn
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:00:01 2024 by rpki-client on console-fra.rpki-client.org