Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/wGLmqllGb-VhqTq81NzfPepNwmc.cer
File:                     wGLmqllGb-VhqTq81NzfPepNwmc.cer (raw, json)
Hash identifier:          suT2jZZojl4D5VfjD/JT89eTpaWBUeoHIzps6INw4cI=
Subject key identifier:   C0:62:E6:AA:59:46:6F:E5:61:A9:3A:BC:D4:DC:DF:3D:EA:4D:C2:67
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018EE25CAE9DF1415759698A81264C7FA7CD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4c/2901ce-67e7-44f5-99ea-2373a1ba6d0b/1/wGLmqllGb-VhqTq81NzfPepNwmc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4c/2901ce-67e7-44f5-99ea-2373a1ba6d0b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 15 Apr 2024 15:25:08 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 198371
                          IP: 176.104.104.0/21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e2:5c:ae:9d:f1:41:57:59:69:8a:81:26:4c:7f:a7:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr 15 15:25:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c062e6aa59466fe561a93abcd4dcdf3dea4dc267
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:74:82:3d:1b:1f:29:08:0c:17:b2:66:d0:d5:
                    5d:f8:51:d1:74:f5:f8:81:66:68:f2:15:f7:a2:98:
                    39:3b:78:b1:0d:68:15:e9:1e:b2:c6:d2:0e:75:12:
                    a0:7d:a4:0d:ae:4a:d5:c7:7f:88:8b:c7:c0:34:b6:
                    49:ca:e6:96:69:39:cc:02:54:76:32:09:27:2a:46:
                    20:62:24:48:62:8a:38:f2:81:36:e3:87:49:c7:11:
                    eb:f8:01:c7:a9:79:18:e3:3d:e9:ee:64:32:5f:8f:
                    be:47:2e:03:b8:b5:ca:16:d1:38:f3:fa:a8:ef:11:
                    4c:2e:40:9f:60:90:4c:fe:c8:33:ed:91:63:96:d3:
                    49:79:d6:b6:78:01:ae:f2:52:9f:95:e6:bc:fe:e0:
                    cc:22:01:9b:a9:26:39:e3:66:7d:8d:73:d0:04:0b:
                    28:2b:bc:4f:0b:96:ed:d7:53:e3:00:38:94:78:8f:
                    11:a4:58:f6:8c:0b:77:4a:a7:eb:b1:38:42:cc:4c:
                    3d:fd:e2:bc:4e:26:7d:40:6e:af:8b:9c:15:7c:8c:
                    0d:67:e8:42:c1:0d:90:49:1b:33:67:c8:8a:84:51:
                    88:37:0e:42:3a:fd:0a:69:23:b5:81:fe:7c:df:71:
                    da:6a:84:87:f6:76:09:43:6a:ef:e0:24:f6:1b:26:
                    26:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:62:E6:AA:59:46:6F:E5:61:A9:3A:BC:D4:DC:DF:3D:EA:4D:C2:67
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/2901ce-67e7-44f5-99ea-2373a1ba6d0b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/2901ce-67e7-44f5-99ea-2373a1ba6d0b/1/wGLmqllGb-VhqTq81NzfPepNwmc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.104.104.0/21

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198371

    Signature Algorithm: sha256WithRSAEncryption
         99:e3:1c:ee:ae:6a:28:aa:41:25:31:0c:f8:cb:ff:1a:ba:16:
         18:94:04:43:9e:36:38:0a:c0:a6:4f:2d:d9:3d:93:e1:8f:94:
         ff:29:db:dd:26:19:ee:82:5d:b3:4d:bc:67:66:01:4c:80:2f:
         03:71:0d:f7:f1:58:fa:8c:6c:f1:c0:69:40:49:a3:66:ea:3a:
         21:a7:1c:54:f2:ef:c7:26:49:aa:57:2b:36:26:8c:03:3c:ff:
         c4:03:07:e6:27:bb:a0:91:84:76:61:a7:9d:c0:dc:95:20:08:
         14:93:97:d3:32:c8:22:1d:62:f2:4d:91:1a:4b:f3:4e:01:c4:
         c1:6d:68:91:38:06:0a:49:9c:9c:3f:08:78:18:6b:d0:74:4e:
         95:84:63:09:a8:a7:0b:90:41:f7:26:c8:26:8d:16:d8:5d:2d:
         e2:b9:7f:17:8d:c8:0a:69:4c:dd:db:d5:f0:d5:5b:7e:e2:78:
         ce:fc:68:8b:61:f5:d5:ea:cc:50:66:cf:d0:09:69:3f:55:ff:
         11:63:0a:75:73:26:f5:06:27:26:aa:d2:e8:93:f3:74:e4:1f:
         cf:15:f0:17:57:3e:02:74:e3:6d:85:c8:5d:80:a5:fc:e6:19:
         c7:1a:8a:62:46:df:be:64:c1:fc:b4:c3:32:1e:62:8d:4d:71:
         5f:5a:05:c1
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAY7iXK6d8UFXWWmKgSZMf6fNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNDE1MTUyNTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDYyZTZhYTU5NDY2ZmU1NjFhOTNhYmNkNGRjZGYzZGVhNGRjMjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknSCPRsfKQgMF7Jm0NVd+FHRdPX4
gWZo8hX3opg5O3ixDWgV6R6yxtIOdRKgfaQNrkrVx3+Ii8fANLZJyuaWaTnMAlR2
MgknKkYgYiRIYoo48oE244dJxxHr+AHHqXkY4z3p7mQyX4++Ry4DuLXKFtE48/qo
7xFMLkCfYJBM/sgz7ZFjltNJeda2eAGu8lKflea8/uDMIgGbqSY542Z9jXPQBAso
K7xPC5bt11PjADiUeI8RpFj2jAt3SqfrsThCzEw9/eK8TiZ9QG6vi5wVfIwNZ+hC
wQ2QSRszZ8iKhFGINw5COv0KaSO1gf5833HaaoSH9nYJQ2rv4CT2GyYmYQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFMBi5qpZRm/lYak6vNTc3z3qTcJnMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRjLzI5MDFj
ZS02N2U3LTQ0ZjUtOTllYS0yMzczYTFiYTZkMGIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGMvMjkwMWNl
LTY3ZTctNDRmNS05OWVhLTIzNzNhMWJhNmQwYi8xL3dHTG1xbGxHYi1WaHFUcTgx
TnpmUGVwTndtYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQDsGhoMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMG4zANBgkqhkiG9w0BAQsFAAOCAQEAmeMc7q5qKKpBJTEM+Mv/GroWGJQEQ542
OArApk8t2T2T4Y+U/ynb3SYZ7oJds028Z2YBTIAvA3EN9/FY+oxs8cBpQEmjZuo6
IaccVPLvxyZJqlcrNiaMAzz/xAMH5ie7oJGEdmGnncDclSAIFJOX0zLIIh1i8k2R
GkvzTgHEwW1okTgGCkmcnD8IeBhr0HROlYRjCainC5BB9ybIJo0W2F0t4rl/F43I
CmlM3dvV8NVbfuJ4zvxoi2H11erMUGbP0AlpP1X/EWMKdXMm9QYnJqrS6JPzdOQf
zxXwF1c+AnTjbYXIXYCl/OYZxxqKYkbfvmTB/LTDMh5ijU1xX1oFwQ==
-----END CERTIFICATE-----