Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1-Ka3mwOX60XugnpNY9ynR2lVKVY.cer
File:                     1-Ka3mwOX60XugnpNY9ynR2lVKVY.cer (raw, json)
Hash identifier:          MhlnDbBhC6QAoOK0gpXEUfrKUL7TyDoWLtQIXXqCBp0=
Subject key identifier:   F8:A6:B7:9B:03:97:EB:45:EE:82:7A:4D:63:DC:A7:47:69:55:29:56
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019427B5D69D9340A2D62C5B4D4E33E6BC9A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/94/b937fa-ef55-4e45-84c0-9f502df4ff65/1/1-Ka3mwOX60XugnpNY9ynR2lVKVY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/94/b937fa-ef55-4e45-84c0-9f502df4ff65/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 15:50:15 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 199436
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 20:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:d6:9d:93:40:a2:d6:2c:5b:4d:4e:33:e6:bc:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 15:50:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8a6b79b0397eb45ee827a4d63dca74769552956
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:56:ec:d8:c4:1b:75:d2:a9:93:6a:49:0c:54:
                    a4:d6:5e:76:71:a9:58:6f:97:cb:32:35:42:fd:9a:
                    cc:8e:94:6a:2d:71:e8:8c:08:18:6e:2c:2b:e0:e4:
                    7f:70:bd:1b:04:e9:36:0c:ad:5e:56:c1:e9:e0:09:
                    a0:03:f2:33:c8:43:31:00:54:13:1e:3f:7a:a8:ea:
                    e4:1e:e0:41:de:f2:14:26:b0:a1:8b:51:c1:87:57:
                    b4:3a:e3:4a:dd:13:d6:76:1e:c7:0c:86:50:e7:81:
                    f4:e2:69:dc:17:aa:c6:ef:3e:dd:f1:01:e0:53:d9:
                    f0:04:c0:cd:5b:03:79:da:81:ce:67:09:05:95:3a:
                    55:da:f7:2e:95:80:6a:9b:a2:de:aa:06:2d:22:28:
                    90:44:11:7b:40:54:6a:cb:81:c5:fa:dc:28:e9:78:
                    3c:dc:de:c5:96:5a:1c:af:83:7d:e0:90:ec:a6:2d:
                    71:60:18:71:11:cb:7c:4b:ce:e9:c8:9f:57:35:a5:
                    27:35:9e:a5:1c:e9:7d:60:68:48:76:7a:74:ab:35:
                    4d:ab:73:9d:7f:e0:e3:84:7b:91:bf:df:21:6d:36:
                    24:a4:11:0d:3d:e4:5c:71:4f:db:92:ba:94:da:9e:
                    54:5a:83:fb:8f:bd:9a:52:13:d0:fe:0c:fe:82:79:
                    93:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:A6:B7:9B:03:97:EB:45:EE:82:7A:4D:63:DC:A7:47:69:55:29:56
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b937fa-ef55-4e45-84c0-9f502df4ff65/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b937fa-ef55-4e45-84c0-9f502df4ff65/1/1-Ka3mwOX60XugnpNY9ynR2lVKVY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  199436

    Signature Algorithm: sha256WithRSAEncryption
         3a:76:6d:09:4a:9b:ca:b6:a5:77:fd:db:b6:c2:ef:ae:26:ec:
         48:62:48:fb:28:32:bb:12:9c:4a:6f:99:51:f8:d9:4d:cf:1b:
         97:5e:d9:cc:28:7e:9f:b8:c8:3e:a0:08:65:4b:68:88:9f:50:
         9d:55:30:ee:65:c3:6f:75:dd:f4:d9:de:38:08:7b:12:ca:28:
         f4:b5:31:97:94:05:9d:94:3c:cb:40:cc:a0:8b:bc:dc:96:98:
         bf:71:1b:e7:55:e2:fa:94:a7:d2:39:f7:aa:29:fa:e1:2f:ad:
         5d:1d:20:31:a5:57:70:70:c5:a8:e0:36:08:8a:c3:20:f0:81:
         b0:43:ef:b0:14:9f:66:d1:4f:28:e8:34:31:4c:c1:a0:0f:32:
         c2:b6:a5:67:81:9e:d1:f5:95:68:27:2d:9c:c5:55:f0:0d:b1:
         9c:03:c8:d4:ec:e9:a2:17:53:29:ac:4b:68:31:3d:fe:de:93:
         fb:b4:24:0f:1d:46:35:6a:61:ad:8d:ab:c1:18:66:09:2e:c6:
         64:98:94:d8:d7:e2:e5:18:00:d0:e8:5e:03:5f:79:35:46:ac:
         d8:39:d6:bd:58:36:f2:c2:3f:88:9c:5b:fa:9b:c3:1e:71:9e:
         d5:3d:aa:dd:d6:c5:cb:2b:9f:b2:7e:91:62:ad:b5:f0:28:29:
         8c:73:db:9a
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgISAZQntdadk0Ci1ixbTU4z5ryaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTU1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGE2Yjc5YjAzOTdlYjQ1ZWU4MjdhNGQ2M2RjYTc0NzY5NTUyOTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAslbs2MQbddKpk2pJDFSk1l52calY
b5fLMjVC/ZrMjpRqLXHojAgYbiwr4OR/cL0bBOk2DK1eVsHp4AmgA/IzyEMxAFQT
Hj96qOrkHuBB3vIUJrChi1HBh1e0OuNK3RPWdh7HDIZQ54H04mncF6rG7z7d8QHg
U9nwBMDNWwN52oHOZwkFlTpV2vculYBqm6LeqgYtIiiQRBF7QFRqy4HF+two6Xg8
3N7Fllocr4N94JDspi1xYBhxEct8S87pyJ9XNaUnNZ6lHOl9YGhIdnp0qzVNq3Od
f+DjhHuRv98hbTYkpBENPeRccU/bkrqU2p5UWoP7j72aUhPQ/gz+gnmTmQIDAQAB
o4ICgDCCAnwwHQYDVR0OBBYEFPimt5sDl+tF7oJ6TWPcp0dpVSlWMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEkBggrBgEFBQcBCwSCARYwggESMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk0L2I5Mzdm
YS1lZjU1LTRlNDUtODRjMC05ZjUwMmRmNGZmNjUvMS8wfQYIKwYBBQUHMAqGcXJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTQvYjkzN2Zh
LWVmNTUtNGU0NS04NGMwLTlmNTAyZGY0ZmY2NS8xLzEtS2EzbXdPWDYwWHVnbnBO
WTl5blIybFZLVlkubWZ0MDIGCCsGAQUFBzANhiZodHRwczovL3JyZHAucmlwZS5u
ZXQvbm90aWZpY2F0aW9uLnhtbDBZBgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jw
a2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhD
MlFIVlYzZDVtay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEF
BQcBCAEB/wQLMAmgBzAFAgMDCwwwDQYJKoZIhvcNAQELBQADggEBADp2bQlKm8q2
pXf927bC764m7EhiSPsoMrsSnEpvmVH42U3PG5de2cwofp+4yD6gCGVLaIifUJ1V
MO5lw2913fTZ3jgIexLKKPS1MZeUBZ2UPMtAzKCLvNyWmL9xG+dV4vqUp9I596op
+uEvrV0dIDGlV3BwxajgNgiKwyDwgbBD77AUn2bRTyjoNDFMwaAPMsK2pWeBntH1
lWgnLZzFVfANsZwDyNTs6aIXUymsS2gxPf7ek/u0JA8dRjVqYa2Nq8EYZgkuxmSY
lNjX4uUYANDoXgNfeTVGrNg51r1YNvLCP4icW/qbwx5xntU9qt3Wxcsrn7J+kWKt
tfAoKYxz25o=
-----END CERTIFICATE-----