Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/HzjUsMuomcJPTjQHOE1tP6jVGl8.cer
File:                     HzjUsMuomcJPTjQHOE1tP6jVGl8.cer (raw, json)
Hash identifier:          p+TwZC0vbea27D8lgQ8PbDuymljflps+/ov5PWuxJKA=
Subject key identifier:   1F:38:D4:B0:CB:A8:99:C2:4F:4E:34:07:38:4D:6D:3F:A8:D5:1A:5F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194236973D67068B14E9001907CFCFAC2D5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/99/16cf7d-a151-49ec-8d8a-3a288c2c852c/1/HzjUsMuomcJPTjQHOE1tP6jVGl8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/99/16cf7d-a151-49ec-8d8a-3a288c2c852c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 19:48:21 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 214590
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:73:d6:70:68:b1:4e:90:01:90:7c:fc:fa:c2:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 19:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f38d4b0cba899c24f4e3407384d6d3fa8d51a5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:fc:4f:72:19:8b:b7:10:53:4c:a4:f6:22:99:
                    c8:48:aa:f7:c9:95:34:68:c4:08:41:db:4c:30:fc:
                    ba:26:33:fe:99:d2:19:41:a9:c3:a6:ed:15:fb:70:
                    25:1b:f1:75:08:a3:a4:35:21:82:0f:e6:e2:7f:1a:
                    bd:13:05:2b:a5:d6:6f:c6:4d:f5:24:7c:ca:9f:d4:
                    84:01:51:0e:8d:d9:c5:64:18:35:63:f9:b4:11:5e:
                    3f:11:55:ea:4c:dc:97:cd:75:6c:5f:8b:60:b0:0f:
                    4a:a2:26:5a:14:ea:a8:9e:eb:28:51:71:d4:ca:dc:
                    30:9b:6e:14:aa:a8:18:e7:19:1f:19:f4:03:52:9b:
                    31:c2:89:da:23:85:9b:5a:ca:95:fe:0e:03:67:b4:
                    b4:db:e4:9a:23:45:c4:19:75:10:9e:1c:1e:08:4f:
                    ce:6d:b2:d5:6a:32:0d:77:e1:fc:98:a5:6b:fb:aa:
                    a6:c2:7a:41:66:a2:ff:15:9e:27:d2:3b:84:31:cf:
                    06:f5:ca:8d:67:cd:5e:c8:3a:40:42:08:0e:4a:7c:
                    4e:84:e8:c6:90:1a:11:6a:07:ed:7e:9e:7e:1f:31:
                    c8:7d:80:a8:38:07:2a:98:f3:6a:97:d4:c3:e8:2f:
                    6d:19:3f:13:7f:12:b6:18:fe:c1:ff:e5:dd:39:b7:
                    55:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:38:D4:B0:CB:A8:99:C2:4F:4E:34:07:38:4D:6D:3F:A8:D5:1A:5F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/16cf7d-a151-49ec-8d8a-3a288c2c852c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/16cf7d-a151-49ec-8d8a-3a288c2c852c/1/HzjUsMuomcJPTjQHOE1tP6jVGl8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214590

    Signature Algorithm: sha256WithRSAEncryption
         34:fe:f8:47:5e:00:d1:fe:8c:e8:f2:53:f1:08:91:da:d0:bb:
         76:92:4e:f4:50:82:f0:9e:7c:c7:d4:1f:81:b4:a3:19:f8:6f:
         fe:7c:c8:40:3c:b5:be:fa:c7:2e:98:70:16:cd:9f:b9:cb:77:
         0b:4c:d9:f9:21:b4:9f:98:de:a0:86:aa:ff:c3:cd:a1:b7:52:
         50:ed:e9:63:1a:95:99:b9:79:41:89:51:d3:6b:fe:75:10:9d:
         18:e0:f8:cb:84:4f:6b:73:ec:0b:9f:4b:9a:9f:c0:f9:5c:6f:
         da:2e:9b:27:af:c9:f9:ee:9b:4f:41:43:a3:05:0e:51:e7:78:
         c0:7c:80:e0:98:18:f7:63:a9:e5:41:b4:3b:5a:d5:65:c8:eb:
         2f:ef:89:3b:42:4d:59:52:3f:2a:d2:1a:9f:be:f8:57:33:b3:
         d3:32:f9:36:16:ce:3d:37:1b:af:8f:8a:53:2a:99:9c:f5:b9:
         68:84:33:f1:5e:61:12:bc:c0:32:c2:60:cd:69:cf:27:9d:e4:
         21:ec:79:15:17:56:2b:b2:0f:ef:a7:33:19:24:47:12:17:e6:
         64:d1:e3:78:8a:fb:8d:8a:a3:bb:ce:1d:35:8e:29:50:34:fe:
         db:6b:eb:39:a0:dc:b8:41:59:4c:0e:39:2d:84:89:5d:95:a0:
         1f:06:4f:b1
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQjaXPWcGixTpABkHz8+sLVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTk0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjM4ZDRiMGNiYTg5OWMyNGY0ZTM0MDczODRkNmQzZmE4ZDUxYTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfxPchmLtxBTTKT2IpnISKr3yZU0
aMQIQdtMMPy6JjP+mdIZQanDpu0V+3AlG/F1CKOkNSGCD+bifxq9EwUrpdZvxk31
JHzKn9SEAVEOjdnFZBg1Y/m0EV4/EVXqTNyXzXVsX4tgsA9KoiZaFOqonusoUXHU
ytwwm24UqqgY5xkfGfQDUpsxwonaI4WbWsqV/g4DZ7S02+SaI0XEGXUQnhweCE/O
bbLVajINd+H8mKVr+6qmwnpBZqL/FZ4n0juEMc8G9cqNZ81eyDpAQggOSnxOhOjG
kBoRagftfp5+HzHIfYCoOAcqmPNql9TD6C9tGT8TfxK2GP7B/+XdObdVhQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFB841LDLqJnCT040BzhNbT+o1RpfMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk5LzE2Y2Y3
ZC1hMTUxLTQ5ZWMtOGQ4YS0zYTI4OGMyYzg1MmMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTkvMTZjZjdk
LWExNTEtNDllYy04ZDhhLTNhMjg4YzJjODUyYy8xL0h6alVzTXVvbWNKUFRqUUhP
RTF0UDZqVkdsOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNGPjANBgkqhkiG9w0BAQsFAAOCAQEANP74R14A0f6M
6PJT8QiR2tC7dpJO9FCC8J58x9QfgbSjGfhv/nzIQDy1vvrHLphwFs2fuct3C0zZ
+SG0n5jeoIaq/8PNobdSUO3pYxqVmbl5QYlR02v+dRCdGOD4y4RPa3PsC59Lmp/A
+Vxv2i6bJ6/J+e6bT0FDowUOUed4wHyA4JgY92Op5UG0O1rVZcjrL++JO0JNWVI/
KtIan774VzOz0zL5NhbOPTcbr4+KUyqZnPW5aIQz8V5hErzAMsJgzWnPJ53kIex5
FRdWK7IP76czGSRHEhfmZNHjeIr7jYqju84dNY4pUDT+22vrOaDcuEFZTA45LYSJ
XZWgHwZPsQ==
-----END CERTIFICATE-----