Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/DloI_DRpD1LbDCt-R-jlOIMUWpg.cer
File:                     DloI_DRpD1LbDCt-R-jlOIMUWpg.cer (raw, json)
Hash identifier:          8EWmta3Ozd3fIYiK5Yj0AwQBFzpKYKCtPGkvo+bWaeo=
Subject key identifier:   0E:5A:08:FC:34:69:0F:52:DB:0C:2B:7E:47:E8:E5:38:83:14:5A:98
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01963DAC11423B70F83871ACFF849258EDFB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/65/017849-7ccf-4815-bc69-a77f0b32144e/1/DloI_DRpD1LbDCt-R-jlOIMUWpg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/65/017849-7ccf-4815-bc69-a77f0b32144e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 16 Apr 2025 08:16:48 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 210360
                          IP: 2001:678:b24::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3d:ac:11:42:3b:70:f8:38:71:ac:ff:84:92:58:ed:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr 16 08:16:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e5a08fc34690f52db0c2b7e47e8e53883145a98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:29:03:30:ae:ff:df:1d:44:fd:4e:ff:ae:59:
                    78:8e:db:54:cd:c1:70:5f:f3:e0:b2:95:9b:d5:c5:
                    2f:76:f6:b4:6a:28:33:d5:45:00:7c:dc:b5:99:6b:
                    b0:22:91:4c:bf:5f:af:90:4a:95:a8:fd:67:c4:f7:
                    f1:e6:15:2c:4d:c7:6a:67:7f:46:56:41:51:59:07:
                    e8:cf:bf:d1:48:05:9d:e4:46:fe:dc:f6:be:a3:79:
                    d0:d9:4e:40:80:98:fe:6f:19:f4:e3:92:46:8c:ed:
                    47:57:eb:40:8f:d1:ad:04:3f:36:f9:d5:91:6b:7c:
                    97:ae:5f:8b:1e:ac:1b:12:dc:ea:dd:ef:13:c6:13:
                    71:0e:e3:4a:6f:b7:04:f1:b3:48:44:5a:74:c9:55:
                    85:9a:6b:81:93:db:18:9d:63:ab:d5:81:cd:da:64:
                    e3:9a:9a:ea:95:2d:d8:98:24:ff:de:31:0e:4a:ac:
                    74:f7:4f:68:24:8b:d0:05:f5:c8:89:b6:89:b0:63:
                    35:35:d3:dc:dd:c3:ac:48:b4:01:70:3d:d7:38:b5:
                    1b:a6:3e:8f:cb:43:17:ab:c0:a1:ae:a2:73:f3:74:
                    6b:fa:ad:3d:7f:65:1b:ef:6a:6e:89:37:fa:3a:7c:
                    86:34:09:1a:ae:9f:a0:99:8f:fa:d2:41:0c:69:b7:
                    7e:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:5A:08:FC:34:69:0F:52:DB:0C:2B:7E:47:E8:E5:38:83:14:5A:98
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/017849-7ccf-4815-bc69-a77f0b32144e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/017849-7ccf-4815-bc69-a77f0b32144e/1/DloI_DRpD1LbDCt-R-jlOIMUWpg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:b24::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210360

    Signature Algorithm: sha256WithRSAEncryption
         93:8f:a0:06:75:98:55:9b:a8:ca:04:2d:34:24:77:32:96:9f:
         89:c2:e7:de:ec:36:45:bb:29:1f:b1:e7:71:84:f3:7e:8b:d2:
         f8:46:b8:c6:cc:4a:2e:ca:b7:f7:11:22:1e:87:eb:86:63:4a:
         33:42:9e:15:f5:bc:b4:59:70:fc:a5:f5:fa:3c:6a:db:d0:1b:
         da:d8:d4:23:69:e5:17:00:78:a8:9c:1d:00:f6:bf:38:8a:f6:
         84:09:e7:95:51:c8:4b:2e:31:84:ed:05:e7:f7:52:f7:19:e0:
         ac:8a:5c:92:18:d0:02:35:e6:0e:dd:0a:e0:16:56:3e:d4:39:
         2d:d8:cf:d7:0a:79:52:4b:9e:bd:f1:1b:76:a2:9a:99:6a:d5:
         7e:a4:6d:88:22:06:61:26:7d:c9:a3:32:4f:44:2c:f4:89:4a:
         ad:e0:7c:cb:14:7e:70:aa:d6:0d:f6:f8:f0:f5:5e:88:9f:56:
         04:22:8f:ff:04:a4:80:c8:b7:eb:c1:a2:91:e4:a4:21:17:39:
         73:24:c4:fb:04:33:a3:50:c8:51:fb:2d:3e:c7:e6:67:a1:e3:
         98:cd:3c:57:b6:98:21:d4:ed:71:71:d3:9e:86:9b:56:69:90:
         e8:4a:c3:2e:e4:fc:f3:c5:c2:07:b1:90:cb:53:be:b7:c8:b4:
         ba:fe:79:9e
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZY9rBFCO3D4OHGs/4SSWO37MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNDE2MDgxNjQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTVhMDhmYzM0NjkwZjUyZGIwYzJiN2U0N2U4ZTUzODgzMTQ1YTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5SkDMK7/3x1E/U7/rll4jttUzcFw
X/PgspWb1cUvdva0aigz1UUAfNy1mWuwIpFMv1+vkEqVqP1nxPfx5hUsTcdqZ39G
VkFRWQfoz7/RSAWd5Eb+3Pa+o3nQ2U5AgJj+bxn045JGjO1HV+tAj9GtBD82+dWR
a3yXrl+LHqwbEtzq3e8TxhNxDuNKb7cE8bNIRFp0yVWFmmuBk9sYnWOr1YHN2mTj
mprqlS3YmCT/3jEOSqx0909oJIvQBfXIibaJsGM1NdPc3cOsSLQBcD3XOLUbpj6P
y0MXq8ChrqJz83Rr+q09f2Ub72puiTf6OnyGNAkarp+gmY/60kEMabd+kQIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFA5aCPw0aQ9S2wwrfkfo5TiDFFqYMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzY1LzAxNzg0
OS03Y2NmLTQ4MTUtYmM2OS1hNzdmMGIzMjE0NGUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjUvMDE3ODQ5
LTdjY2YtNDgxNS1iYzY5LWE3N2YwYjMyMTQ0ZS8xL0Rsb0lfRFJwRDFMYkRDdC1S
LWpsT0lNVVdwZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAskMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwM1uDANBgkqhkiG9w0BAQsFAAOCAQEAk4+gBnWYVZuoygQtNCR3MpaficLn
3uw2RbspH7HncYTzfovS+Ea4xsxKLsq39xEiHofrhmNKM0KeFfW8tFlw/KX1+jxq
29Ab2tjUI2nlFwB4qJwdAPa/OIr2hAnnlVHISy4xhO0F5/dS9xngrIpckhjQAjXm
Dt0K4BZWPtQ5LdjP1wp5UkuevfEbdqKamWrVfqRtiCIGYSZ9yaMyT0Qs9IlKreB8
yxR+cKrWDfb48PVeiJ9WBCKP/wSkgMi368GikeSkIRc5cyTE+wQzo1DIUfstPsfm
Z6HjmM08V7aYIdTtcXHTnoabVmmQ6ErDLuT888XCB7GQy1O+t8i0uv55ng==
-----END CERTIFICATE-----