Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/iBmVbdzq4CLP4SPaNzxrERZANo0.cer
File:                     iBmVbdzq4CLP4SPaNzxrERZANo0.cer (raw, json)
Hash identifier:          6L46A3+ezGns7WWEwcLUp/+d304Ir/suF1iNSttabdY=
Subject key identifier:   88:19:95:6D:DC:EA:E0:22:CF:E1:23:DA:37:3C:6B:11:16:40:36:8D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2B7A1AC5AB07703C7D9B13F48E805E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/37/988768-f17b-4f59-be09-2deb14c290ed/1/iBmVbdzq4CLP4SPaNzxrERZANo0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/37/988768-f17b-4f59-be09-2deb14c290ed/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:34:56 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 2600
                          IP: 212.109.224.0/19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:7a:1a:c5:ab:07:70:3c:7d:9b:13:f4:8e:80:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:34:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8819956ddceae022cfe123da373c6b111640368d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:4a:62:8a:bf:b9:3e:57:58:ae:42:c2:65:50:
                    81:88:41:88:0f:5c:9c:dc:e5:ba:28:73:cd:19:4d:
                    be:ff:41:cc:a3:16:46:03:99:7a:be:87:5f:49:bf:
                    39:ec:7a:5b:a4:77:99:5f:a8:47:34:e3:1a:4f:cc:
                    20:03:97:03:9e:bc:1f:1b:49:95:80:0e:a0:12:7e:
                    88:68:be:9e:89:cb:41:d4:b9:7f:26:42:ef:4c:dc:
                    5b:2d:5b:7b:dd:89:38:d8:d5:5b:93:73:f6:4d:67:
                    57:56:85:a5:f0:b9:aa:c6:17:07:d2:73:5f:3f:8b:
                    1c:54:58:31:d7:ce:8a:42:4f:73:0e:0b:d8:c9:70:
                    ba:0b:08:fe:ed:49:03:b3:a6:2e:c0:30:95:d0:0b:
                    56:9b:97:0c:7b:55:a3:48:9b:8d:51:2b:fb:17:bf:
                    a6:52:d0:46:d7:d2:b1:6b:58:67:4e:d7:11:05:9c:
                    b3:21:8e:42:c9:9c:60:7d:23:53:c7:10:a1:36:d0:
                    d6:e7:76:4b:2e:1c:1b:a3:8e:07:b3:6f:b9:fe:7d:
                    2b:55:f8:5c:3f:75:ca:46:7e:4f:21:a4:eb:f2:ad:
                    94:83:8a:fa:5c:ce:f7:94:1e:85:12:fb:41:27:f5:
                    21:cb:51:56:2a:ee:98:37:6c:f1:9e:f2:88:4c:66:
                    01:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:19:95:6D:DC:EA:E0:22:CF:E1:23:DA:37:3C:6B:11:16:40:36:8D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/988768-f17b-4f59-be09-2deb14c290ed/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/988768-f17b-4f59-be09-2deb14c290ed/1/iBmVbdzq4CLP4SPaNzxrERZANo0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.109.224.0/19

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  2600

    Signature Algorithm: sha256WithRSAEncryption
         2c:dd:3e:b3:ba:22:0e:2c:29:99:a1:6b:5b:3b:8e:d1:52:52:
         97:ef:4c:fa:e1:d6:5a:8d:12:af:52:a0:90:56:a5:38:30:e9:
         02:d0:d0:3a:23:34:d7:00:9e:3b:b0:a5:e0:f0:1d:6d:d8:9e:
         bc:4e:05:e3:ec:0a:91:84:05:d4:a6:e0:f9:d9:6d:45:35:d1:
         1e:8e:97:5b:23:77:1a:f8:c6:d2:7d:11:18:e2:da:5a:c2:e7:
         a9:ad:5c:0f:ba:d6:29:19:75:2b:f1:71:fb:f5:2a:01:63:6a:
         f3:aa:da:b3:60:ed:17:97:10:05:10:37:15:1d:db:d4:33:06:
         7c:1c:f4:f2:3a:d1:a7:8e:34:06:43:8a:76:77:08:a8:91:e3:
         5e:03:21:0f:7c:fb:fb:19:d4:59:2b:dd:06:78:10:25:65:0f:
         06:23:60:15:94:e5:12:0c:a5:09:bb:42:df:ef:4b:75:56:22:
         a7:39:77:0e:59:52:28:5b:7a:1b:70:69:8c:09:6f:f4:27:91:
         1d:59:08:9d:2e:0f:13:22:82:19:55:72:11:ee:f7:69:e5:b8:
         cb:ab:8d:27:ac:91:73:b4:f0:95:67:cf:08:00:c4:7e:29:59:
         3d:2a:9e:4c:1a:3a:93:fd:bf:17:da:91:f4:2a:e6:3a:68:b7:
         b5:f7:ec:77
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAYzKK3oaxasHcDx9mxP0joBeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzNDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODE5OTU2ZGRjZWFlMDIyY2ZlMTIzZGEzNzNjNmIxMTE2NDAzNjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3kpiir+5PldYrkLCZVCBiEGID1yc
3OW6KHPNGU2+/0HMoxZGA5l6vodfSb857HpbpHeZX6hHNOMaT8wgA5cDnrwfG0mV
gA6gEn6IaL6eictB1Ll/JkLvTNxbLVt73Yk42NVbk3P2TWdXVoWl8LmqxhcH0nNf
P4scVFgx186KQk9zDgvYyXC6Cwj+7UkDs6YuwDCV0AtWm5cMe1WjSJuNUSv7F7+m
UtBG19Kxa1hnTtcRBZyzIY5CyZxgfSNTxxChNtDW53ZLLhwbo44Hs2+5/n0rVfhc
P3XKRn5PIaTr8q2Ug4r6XM73lB6FEvtBJ/Uhy1FWKu6YN2zxnvKITGYB/QIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFIgZlW3c6uAiz+Ej2jc8axEWQDaNMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM3Lzk4ODc2
OC1mMTdiLTRmNTktYmUwOS0yZGViMTRjMjkwZWQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzcvOTg4NzY4
LWYxN2ItNGY1OS1iZTA5LTJkZWIxNGMyOTBlZC8xL2lCbVZiZHpxNENMUDRTUGFO
enhyRVJaQU5vMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQF1G3gMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AgooMA0GCSqGSIb3DQEBCwUAA4IBAQAs3T6zuiIOLCmZoWtbO47RUlKX70z64dZa
jRKvUqCQVqU4MOkC0NA6IzTXAJ47sKXg8B1t2J68TgXj7AqRhAXUpuD52W1FNdEe
jpdbI3ca+MbSfREY4tpawueprVwPutYpGXUr8XH79SoBY2rzqtqzYO0XlxAFEDcV
HdvUMwZ8HPTyOtGnjjQGQ4p2dwiokeNeAyEPfPv7GdRZK90GeBAlZQ8GI2AVlOUS
DKUJu0Lf70t1ViKnOXcOWVIoW3obcGmMCW/0J5EdWQidLg8TIoIZVXIR7vdp5bjL
q40nrJFztPCVZ88IAMR+KVk9Kp5MGjqT/b8X2pH0KuY6aLe19+x3
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:20:03 2024 by rpki-client on console-fra.rpki-client.org