Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/P_xs3-GW1bOdLqYOkMldtwRF2bk.cer
File:                     P_xs3-GW1bOdLqYOkMldtwRF2bk.cer (raw, json)
Hash identifier:          1jrbgwdFgXuNVNZ5VFRQYmX2EXH43YtXrrJcL7hd6v0=
Subject key identifier:   3F:FC:6C:DF:E1:96:D5:B3:9D:2E:A6:0E:90:C9:5D:B7:04:45:D9:B9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019634CCD246DE7E2474127826FE2FFB91C6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/bc/4abf81-5417-43ac-b59c-155b39e076c2/1/P_xs3-GW1bOdLqYOkMldtwRF2bk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/bc/4abf81-5417-43ac-b59c-155b39e076c2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 14 Apr 2025 14:56:00 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 195.20.146.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:34:cc:d2:46:de:7e:24:74:12:78:26:fe:2f:fb:91:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr 14 14:56:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ffc6cdfe196d5b39d2ea60e90c95db70445d9b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:67:d4:30:6e:6e:13:db:7e:7a:c9:b1:d1:b9:
                    89:f8:a3:33:fb:8a:a7:2f:fc:98:5c:e9:cc:85:36:
                    6b:61:57:27:46:52:8e:6c:e2:be:f6:b6:52:3f:15:
                    65:4d:25:1e:90:4e:50:90:57:a8:8a:e9:0d:19:47:
                    68:3f:62:ce:b0:b8:20:5b:21:1d:67:16:83:c3:7b:
                    8e:7f:d8:24:d1:96:96:65:5a:37:8d:4a:47:e5:ce:
                    de:45:92:f5:17:2a:4d:63:a6:72:eb:39:80:ce:f7:
                    de:3e:ea:fc:5e:e4:10:c0:c7:a9:5a:30:5a:f9:d5:
                    76:30:b9:75:05:12:75:a7:9b:dc:69:71:60:a0:84:
                    65:44:80:8a:47:4f:d0:61:94:52:59:68:0e:35:cb:
                    ca:96:7d:8e:4f:73:15:8b:68:42:81:9d:6a:cf:15:
                    47:4f:e1:0d:4c:4a:83:84:57:3a:7d:d4:44:57:46:
                    aa:ee:fe:c8:06:ac:98:3a:13:4f:48:da:59:44:d3:
                    6b:c6:5d:83:77:da:e6:7d:96:e6:ed:5d:67:d0:8d:
                    f4:c4:05:c3:45:d1:65:06:f8:b8:d1:52:34:2f:48:
                    e0:a6:0e:48:c7:1f:dd:43:cd:86:18:02:3a:ca:1c:
                    ce:bc:3f:42:e8:ab:3a:a3:27:3b:b8:d5:01:a6:ac:
                    97:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:FC:6C:DF:E1:96:D5:B3:9D:2E:A6:0E:90:C9:5D:B7:04:45:D9:B9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/4abf81-5417-43ac-b59c-155b39e076c2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/4abf81-5417-43ac-b59c-155b39e076c2/1/P_xs3-GW1bOdLqYOkMldtwRF2bk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:7f:a0:a5:29:c9:d7:19:a4:77:03:6f:5f:ad:d4:79:7b:a3:
         e4:05:04:22:5c:72:4d:28:73:de:e8:2b:a6:73:dc:52:42:7b:
         8e:64:f2:28:89:98:af:18:51:1a:b2:a8:bc:c6:b2:0f:d8:de:
         3c:28:3b:1e:b7:f9:3c:19:6e:69:fd:21:13:6e:73:02:74:98:
         44:fd:96:bf:b0:cb:eb:46:52:ee:ab:ef:3d:73:53:32:b2:94:
         f8:06:32:fc:c0:29:96:fa:d1:26:69:35:d3:0f:c8:fa:12:fe:
         4a:79:6f:58:83:cc:e8:98:45:20:9f:27:3d:9e:ad:f5:c3:d4:
         c5:6f:f8:ab:e0:a2:d9:1d:cd:6f:c7:ce:eb:e9:74:70:df:5c:
         5e:bb:1a:1c:d3:07:3d:0f:e8:6f:39:32:2f:7d:fc:c4:aa:2e:
         23:32:74:58:b3:a7:80:8d:84:88:16:f3:02:01:25:1d:b1:62:
         3c:cd:09:c1:21:dc:c7:43:d8:62:5a:24:01:12:e9:2a:c2:de:
         0f:1a:b2:dc:e1:4a:c0:23:94:bc:3e:b0:e6:cd:ad:d8:71:eb:
         cf:d0:59:75:e4:6c:fd:8e:fc:0e:f7:63:88:e4:66:88:f7:ab:
         52:f9:6d:a3:5b:ff:81:b0:7f:32:06:09:3e:8b:26:c0:8f:ac:
         9c:16:23:5d
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZY0zNJG3n4kdBJ4Jv4v+5HGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNDE0MTQ1NjAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmZjNmNkZmUxOTZkNWIzOWQyZWE2MGU5MGM5NWRiNzA0NDVkOWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmfUMG5uE9t+esmx0bmJ+KMz+4qn
L/yYXOnMhTZrYVcnRlKObOK+9rZSPxVlTSUekE5QkFeoiukNGUdoP2LOsLggWyEd
ZxaDw3uOf9gk0ZaWZVo3jUpH5c7eRZL1FypNY6Zy6zmAzvfePur8XuQQwMepWjBa
+dV2MLl1BRJ1p5vcaXFgoIRlRICKR0/QYZRSWWgONcvKln2OT3MVi2hCgZ1qzxVH
T+ENTEqDhFc6fdREV0aq7v7IBqyYOhNPSNpZRNNrxl2Dd9rmfZbm7V1n0I30xAXD
RdFlBvi40VI0L0jgpg5Ixx/dQ82GGAI6yhzOvD9C6Ks6oyc7uNUBpqyXLwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFD/8bN/hltWznS6mDpDJXbcERdm5MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JjLzRhYmY4
MS01NDE3LTQzYWMtYjU5Yy0xNTViMzllMDc2YzIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmMvNGFiZjgx
LTU0MTctNDNhYy1iNTljLTE1NWIzOWUwNzZjMi8xL1BfeHMzLUdXMWJPZExxWU9r
TWxkdHdSRjJiay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwxSSMA0GCSqGSIb3DQEBCwUAA4IBAQBXf6Cl
KcnXGaR3A29frdR5e6PkBQQiXHJNKHPe6Cumc9xSQnuOZPIoiZivGFEasqi8xrIP
2N48KDset/k8GW5p/SETbnMCdJhE/Za/sMvrRlLuq+89c1MyspT4BjL8wCmW+tEm
aTXTD8j6Ev5KeW9Yg8zomEUgnyc9nq31w9TFb/ir4KLZHc1vx87r6XRw31xeuxoc
0wc9D+hvOTIvffzEqi4jMnRYs6eAjYSIFvMCASUdsWI8zQnBIdzHQ9hiWiQBEukq
wt4PGrLc4UrAI5S8PrDmza3YcevP0Fl15Gz9jvwO92OI5GaI96tS+W2jW/+BsH8y
Bgk+iybAj6ycFiNd
-----END CERTIFICATE-----