Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9lxtzZ_b0kwW5QrhVR7o9DrIv9Q.cer
File:                     9lxtzZ_b0kwW5QrhVR7o9DrIv9Q.cer (raw, json)
Hash identifier:          TTrTfVSVHZcYRYpS30jET9HaEfCstBzpXQnkBUY525Y=
Subject key identifier:   F6:5C:6D:CD:9F:DB:D2:4C:16:E5:0A:E1:55:1E:E8:F4:3A:C8:BF:D4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019424B3702A78BB8E8002FC07C0D3C2FE50
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b2/65a93e-33ef-4760-bd4e-1973635167b2/1/9lxtzZ_b0kwW5QrhVR7o9DrIv9Q.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b2/65a93e-33ef-4760-bd4e-1973635167b2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 01:48:47 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 45.133.204.0/22
                          IP: 2a0e:78c0::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:70:2a:78:bb:8e:80:02:fc:07:c0:d3:c2:fe:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 01:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f65c6dcd9fdbd24c16e50ae1551ee8f43ac8bfd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:4d:85:5d:ec:c1:41:fa:a8:56:aa:55:1c:da:
                    31:7c:60:0b:04:e0:00:bb:8c:99:9c:c5:03:59:0c:
                    18:a9:dc:30:c1:7c:60:5c:8b:eb:cd:3b:e9:bd:3c:
                    e0:ad:6e:50:34:42:82:08:fe:d1:c9:a9:3c:2e:32:
                    b6:69:3e:f7:a4:79:1c:de:87:64:71:73:47:f6:d9:
                    c4:75:4f:d5:7d:7d:b3:c0:67:0b:f2:61:9d:6f:76:
                    d1:01:8b:3c:24:31:6f:61:2d:5e:21:69:72:0e:40:
                    73:ee:f3:35:8d:10:ae:2a:c7:d2:04:1b:26:b0:8f:
                    5a:ac:c3:16:a6:41:4d:90:6c:e2:45:d7:8d:44:84:
                    dc:15:34:c9:a0:e5:fb:eb:4d:cf:62:09:7e:c1:b5:
                    5b:f2:9b:30:8a:cb:bc:1d:7f:02:47:19:92:bf:49:
                    df:64:89:79:c0:62:1a:be:fa:1b:54:cf:85:24:86:
                    05:57:90:3a:41:67:ea:60:66:f7:7e:0a:47:72:9f:
                    29:be:fa:d4:f3:6f:a2:37:33:dc:83:11:ac:5c:71:
                    6d:a8:b9:4f:7a:13:64:ce:36:7b:55:cf:86:cc:55:
                    45:5a:33:c4:de:17:f4:16:a4:47:0c:5a:cc:6b:00:
                    64:b9:71:53:1a:41:a7:5b:56:11:f1:ad:55:75:4a:
                    0b:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:5C:6D:CD:9F:DB:D2:4C:16:E5:0A:E1:55:1E:E8:F4:3A:C8:BF:D4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/65a93e-33ef-4760-bd4e-1973635167b2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/65a93e-33ef-4760-bd4e-1973635167b2/1/9lxtzZ_b0kwW5QrhVR7o9DrIv9Q.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.204.0/22
                IPv6:
                  2a0e:78c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         25:8a:02:cf:0d:8d:c2:07:4a:fa:19:b9:c8:81:b3:0c:6d:fa:
         d5:b9:69:fb:1a:c4:07:83:5d:a1:c8:d7:ee:4f:fc:d0:bd:46:
         27:a7:f0:3a:74:25:63:2b:6c:b8:85:82:41:5a:b4:c3:fb:96:
         10:19:ef:02:cd:91:94:ef:1d:ad:bb:cd:5c:ae:4e:a0:5c:ae:
         9e:37:ff:7a:54:e4:b1:a5:b8:af:69:ff:bc:a7:3a:41:38:c8:
         b4:7d:8f:93:09:82:7c:01:d1:cb:6f:9a:10:1d:40:45:01:03:
         b1:47:d0:36:3e:76:53:2c:35:f6:0f:92:2a:3b:55:ad:20:4f:
         c8:58:65:e3:47:59:e8:40:f6:95:da:0e:a1:1c:e9:23:8e:5c:
         9a:1a:03:7e:e3:21:9c:63:9d:94:c8:f0:9e:f8:f9:f0:d6:f4:
         55:b2:9b:9f:b6:45:86:72:8d:f7:7b:6f:da:36:1f:89:37:de:
         d5:62:c3:69:ed:d6:2c:b7:7f:f3:0b:3e:e2:b9:cc:f0:a7:84:
         0e:f4:e2:a1:a3:6b:0b:25:4d:aa:38:9c:a8:3c:97:ff:c3:65:
         43:ec:e7:96:42:1e:7b:d1:53:81:a2:93:ba:6b:00:1f:f7:c9:
         f4:f6:b4:16:bb:31:a8:bf:1f:fd:a6:4a:b8:08:2b:84:ef:8c:
         89:ff:aa:a1
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQks3AqeLuOgAL8B8DTwv5QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDE0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjVjNmRjZDlmZGJkMjRjMTZlNTBhZTE1NTFlZThmNDNhYzhiZmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU2FXezBQfqoVqpVHNoxfGALBOAA
u4yZnMUDWQwYqdwwwXxgXIvrzTvpvTzgrW5QNEKCCP7Ryak8LjK2aT73pHkc3odk
cXNH9tnEdU/VfX2zwGcL8mGdb3bRAYs8JDFvYS1eIWlyDkBz7vM1jRCuKsfSBBsm
sI9arMMWpkFNkGziRdeNRITcFTTJoOX7603PYgl+wbVb8pswisu8HX8CRxmSv0nf
ZIl5wGIavvobVM+FJIYFV5A6QWfqYGb3fgpHcp8pvvrU82+iNzPcgxGsXHFtqLlP
ehNkzjZ7Vc+GzFVFWjPE3hf0FqRHDFrMawBkuXFTGkGnW1YR8a1VdUoLIQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFPZcbc2f29JMFuUK4VUe6PQ6yL/UMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2IyLzY1YTkz
ZS0zM2VmLTQ3NjAtYmQ0ZS0xOTczNjM1MTY3YjIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjIvNjVhOTNl
LTMzZWYtNDc2MC1iZDRlLTE5NzM2MzUxNjdiMi8xLzlseHR6Wl9iMGt3VzVRcmhW
UjdvOURySXY5US5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCLYXMMA0EAgACMAcDBQMqDnjAMA0GCSqGSIb3
DQEBCwUAA4IBAQAligLPDY3CB0r6GbnIgbMMbfrVuWn7GsQHg12hyNfuT/zQvUYn
p/A6dCVjK2y4hYJBWrTD+5YQGe8CzZGU7x2tu81crk6gXK6eN/96VOSxpbivaf+8
pzpBOMi0fY+TCYJ8AdHLb5oQHUBFAQOxR9A2PnZTLDX2D5IqO1WtIE/IWGXjR1no
QPaV2g6hHOkjjlyaGgN+4yGcY52UyPCe+Pnw1vRVspuftkWGco33e2/aNh+JN97V
YsNp7dYst3/zCz7iuczwp4QO9OKho2sLJU2qOJyoPJf/w2VD7OeWQh570VOBopO6
awAf98n09rQWuzGovx/9pkq4CCuE74yJ/6qh
-----END CERTIFICATE-----