Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7jSQhUVj0yIi6azlrYpknptKFyk.cer
File:                     7jSQhUVj0yIi6azlrYpknptKFyk.cer (raw, json)
Hash identifier:          L7q7sYyehbN93qeAzoW2sp40B+HUcWl1Zoi1086c3OQ=
Subject key identifier:   EE:34:90:85:45:63:D3:22:22:E9:AC:E5:AD:8A:64:9E:9B:4A:17:29
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194258EC95568A76698BF7A87BBD2674850
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/3c/d02fbc-8bf5-468d-a2a3-45c53b7ef9fa/1/7jSQhUVj0yIi6azlrYpknptKFyk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/3c/d02fbc-8bf5-468d-a2a3-45c53b7ef9fa/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 05:48:22 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 214061
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 20:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:c9:55:68:a7:66:98:bf:7a:87:bb:d2:67:48:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 05:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee3490854563d32222e9ace5ad8a649e9b4a1729
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:0f:bc:16:2c:5e:8e:8a:72:92:6d:c5:85:8d:
                    a1:bb:bf:65:96:b5:1e:0b:7a:97:39:46:00:75:ea:
                    33:60:35:8d:17:51:d5:cf:34:d5:3b:11:2a:52:e0:
                    cb:59:90:2e:b4:b2:29:48:a0:7f:17:4f:6f:70:3d:
                    6e:bb:16:91:a1:7e:56:d0:eb:79:00:9a:99:05:a8:
                    39:74:ce:5b:92:cf:82:bc:dd:ed:51:7c:cd:11:fd:
                    c8:6d:a9:ff:3b:2a:0e:bb:5d:ab:4b:ef:17:47:b7:
                    06:d2:4c:fa:be:d8:f0:d5:67:73:81:7d:f4:dd:78:
                    00:48:0f:39:1c:c4:34:fd:04:bc:f1:22:8c:f8:43:
                    ce:79:3a:8b:9d:b3:99:8b:34:2e:05:72:8f:e7:b7:
                    27:a3:8b:76:bc:df:9a:99:0e:b9:8a:16:9a:01:7d:
                    ae:88:d9:d2:6d:23:56:b2:7c:f6:84:11:98:1d:30:
                    b2:67:22:4f:2b:05:52:b9:0d:08:70:db:26:cf:4d:
                    a2:12:da:63:f7:cc:ad:2e:7d:40:56:2d:17:dc:90:
                    ab:c1:a9:40:37:1a:3d:0c:5e:4f:31:8a:a4:50:4c:
                    9e:9e:fc:d4:66:ba:18:17:25:31:de:28:13:44:e1:
                    00:f6:05:65:18:18:36:f2:ca:72:25:bc:75:fd:6b:
                    c6:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:34:90:85:45:63:D3:22:22:E9:AC:E5:AD:8A:64:9E:9B:4A:17:29
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/d02fbc-8bf5-468d-a2a3-45c53b7ef9fa/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/d02fbc-8bf5-468d-a2a3-45c53b7ef9fa/1/7jSQhUVj0yIi6azlrYpknptKFyk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214061

    Signature Algorithm: sha256WithRSAEncryption
         19:2d:11:ae:65:fb:63:be:8f:16:b3:89:01:cb:20:23:76:70:
         41:e3:8e:23:fa:2a:f0:06:ed:80:19:e3:7f:50:27:44:17:ba:
         31:62:d2:ae:54:f9:9c:ab:ac:a8:bd:1c:0a:9e:74:87:95:2f:
         8a:12:f9:0f:94:ac:b4:df:6c:b0:54:99:fa:9a:33:64:0b:c7:
         13:c4:6f:2a:0b:9e:9a:3a:31:7f:c5:9d:ed:f1:a1:d1:b6:1d:
         07:3e:0b:2c:6c:64:61:44:de:2d:a6:b6:a2:f8:09:76:e4:bb:
         94:15:b2:e1:6a:5a:99:a7:c9:fc:8b:2f:7e:9f:15:77:93:19:
         62:48:3a:21:14:6a:57:a8:bc:07:9c:b6:74:87:2f:3c:2f:4c:
         7a:01:47:dc:89:1b:5f:f1:40:b2:58:8c:a7:f2:88:4c:44:1c:
         a2:b1:3c:31:54:22:e0:8f:23:9b:37:80:62:de:b1:5c:da:a4:
         15:f1:f4:59:42:ac:55:d2:97:a6:e4:7e:87:a2:94:d5:97:4d:
         e6:3a:01:6d:79:1f:44:0d:2c:a1:e8:8c:63:2b:1c:98:de:f3:
         fd:4f:11:10:e8:9b:c9:5a:7e:37:2c:3a:28:bf:fd:de:9d:a1:
         4e:49:eb:77:81:be:5d:45:3a:eb:52:bd:d3:04:50:fd:7e:d1:
         09:4e:4f:a6
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQljslVaKdmmL96h7vSZ0hQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDU0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTM0OTA4NTQ1NjNkMzIyMjJlOWFjZTVhZDhhNjQ5ZTliNGExNzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxA+8Fixejopykm3FhY2hu79llrUe
C3qXOUYAdeozYDWNF1HVzzTVOxEqUuDLWZAutLIpSKB/F09vcD1uuxaRoX5W0Ot5
AJqZBag5dM5bks+CvN3tUXzNEf3Iban/OyoOu12rS+8XR7cG0kz6vtjw1WdzgX30
3XgASA85HMQ0/QS88SKM+EPOeTqLnbOZizQuBXKP57cno4t2vN+amQ65ihaaAX2u
iNnSbSNWsnz2hBGYHTCyZyJPKwVSuQ0IcNsmz02iEtpj98ytLn1AVi0X3JCrwalA
Nxo9DF5PMYqkUEyenvzUZroYFyUx3igTROEA9gVlGBg28spyJbx1/WvG3QIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFO40kIVFY9MiIums5a2KZJ6bShcpMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNjL2QwMmZi
Yy04YmY1LTQ2OGQtYTJhMy00NWM1M2I3ZWY5ZmEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2MvZDAyZmJj
LThiZjUtNDY4ZC1hMmEzLTQ1YzUzYjdlZjlmYS8xLzdqU1FoVVZqMHlJaTZhemxy
WXBrbnB0S0Z5ay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNELTANBgkqhkiG9w0BAQsFAAOCAQEAGS0RrmX7Y76P
FrOJAcsgI3ZwQeOOI/oq8AbtgBnjf1AnRBe6MWLSrlT5nKusqL0cCp50h5UvihL5
D5SstN9ssFSZ+pozZAvHE8RvKguemjoxf8Wd7fGh0bYdBz4LLGxkYUTeLaa2ovgJ
duS7lBWy4WpamafJ/Isvfp8Vd5MZYkg6IRRqV6i8B5y2dIcvPC9MegFH3IkbX/FA
sliMp/KITEQcorE8MVQi4I8jmzeAYt6xXNqkFfH0WUKsVdKXpuR+h6KU1ZdN5joB
bXkfRA0soeiMYyscmN7z/U8REOibyVp+Nyw6KL/93p2hTknrd4G+XUU661K90wRQ
/X7RCU5Ppg==
-----END CERTIFICATE-----