Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/R3MkMIHq3B70rjI0-Gsr1yYitcQ.cer
File:                     R3MkMIHq3B70rjI0-Gsr1yYitcQ.cer (raw, json)
Hash identifier:          gPwxgsElyHhocrSIkcGoyvK7+8TvLSiQy8WHBw3Wr/0=
Subject key identifier:   47:73:24:30:81:EA:DC:1E:F4:AE:32:34:F8:6B:2B:D7:26:22:B5:C4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01982C99AA6DB30C63FA342351A2836FB461
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/5f/b54988-87e1-4a9d-a33b-34a949c92074/1/R3MkMIHq3B70rjI0-Gsr1yYitcQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/5f/b54988-87e1-4a9d-a33b-34a949c92074/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 21 Jul 2025 10:48:44 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 214329
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 00:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2c:99:aa:6d:b3:0c:63:fa:34:23:51:a2:83:6f:b4:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jul 21 10:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4773243081eadc1ef4ae3234f86b2bd72622b5c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:74:4b:78:3a:99:b0:ca:8d:ec:cc:f0:08:ba:
                    10:3c:c9:d2:be:0d:0e:ab:ab:d0:b1:72:88:4d:16:
                    29:68:5e:48:00:45:e3:fe:5b:3d:32:1f:12:c8:dd:
                    cd:a1:67:58:40:b5:74:2b:91:98:c1:20:de:8e:d9:
                    7a:a0:9d:f4:2c:cd:d1:31:23:c0:c5:f1:ef:c4:57:
                    a2:3d:9e:9f:4e:10:6c:ae:2d:74:f6:8e:ee:ab:49:
                    a0:ff:e6:d8:5c:95:8a:5a:7e:9b:e9:46:20:fb:76:
                    bd:f1:a2:d0:3a:a9:6a:d3:ad:04:fe:b6:28:02:2b:
                    13:32:04:e0:80:d9:40:ba:c8:41:ae:de:94:7d:5b:
                    79:49:ee:5b:17:d9:da:9a:cc:cf:a0:88:a3:8d:b5:
                    a4:01:1b:0b:25:96:91:b4:ea:f4:7b:1f:7a:fd:5a:
                    ca:85:90:7e:c6:d2:e9:68:16:9d:5a:b9:d5:14:43:
                    7f:5d:17:d6:ff:41:e6:d7:45:0b:3f:88:88:45:5c:
                    7b:bc:23:10:12:be:12:9d:d6:0a:e6:7a:da:56:e0:
                    79:65:01:c8:8b:f3:46:a6:50:e5:1c:f8:96:9c:de:
                    82:b1:43:b5:39:07:f8:39:a8:2d:f9:70:03:e7:99:
                    58:53:26:0f:00:75:ae:d7:14:b8:40:13:2e:d2:8c:
                    f3:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:73:24:30:81:EA:DC:1E:F4:AE:32:34:F8:6B:2B:D7:26:22:B5:C4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b54988-87e1-4a9d-a33b-34a949c92074/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b54988-87e1-4a9d-a33b-34a949c92074/1/R3MkMIHq3B70rjI0-Gsr1yYitcQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214329

    Signature Algorithm: sha256WithRSAEncryption
         11:cb:da:03:04:25:61:af:d7:8f:a6:6a:9e:ab:af:81:03:c7:
         f7:40:35:50:4a:94:34:e3:7d:ef:f2:3a:ab:f2:f7:7e:9d:e9:
         0b:0f:82:4a:b2:23:d5:e9:e0:b1:3c:87:8b:e5:8a:18:2a:34:
         0e:53:fb:df:5d:dc:11:0e:ee:2b:4e:bb:87:e6:43:aa:b3:24:
         37:a2:35:eb:e7:9a:6f:af:30:70:03:c9:f1:74:42:8c:de:fc:
         a3:ba:3e:16:37:fa:24:02:47:ec:00:05:cd:53:51:19:00:47:
         52:64:d8:12:c8:5d:29:38:d1:31:5d:fe:cf:57:63:cb:d3:00:
         bf:57:5b:34:e1:a7:97:61:57:7a:16:b5:18:14:a3:bc:d6:06:
         34:40:36:b8:77:85:2a:1f:e3:cc:9f:c1:17:04:8c:27:1a:03:
         bf:f0:22:13:db:e8:48:3b:a5:23:41:72:65:dd:3b:be:d4:c0:
         19:18:e1:21:7e:67:25:84:e7:3d:10:c2:89:b4:da:43:f2:7b:
         8c:f8:af:ee:79:1e:12:11:96:57:e7:25:bf:ad:ae:63:a3:83:
         d7:83:94:d0:2d:0c:4e:ca:38:78:34:27:5b:6a:08:61:42:00:
         66:42:c2:e2:3e:d6:77:fd:68:7c:c9:04:92:c1:57:46:78:15:
         35:6a:89:de
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZgsmaptswxj+jQjUaKDb7RhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNzIxMTA0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzczMjQzMDgxZWFkYzFlZjRhZTMyMzRmODZiMmJkNzI2MjJiNWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXRLeDqZsMqN7MzwCLoQPMnSvg0O
q6vQsXKITRYpaF5IAEXj/ls9Mh8SyN3NoWdYQLV0K5GYwSDejtl6oJ30LM3RMSPA
xfHvxFeiPZ6fThBsri109o7uq0mg/+bYXJWKWn6b6UYg+3a98aLQOqlq060E/rYo
AisTMgTggNlAushBrt6UfVt5Se5bF9namszPoIijjbWkARsLJZaRtOr0ex96/VrK
hZB+xtLpaBadWrnVFEN/XRfW/0Hm10ULP4iIRVx7vCMQEr4SndYK5nraVuB5ZQHI
i/NGplDlHPiWnN6CsUO1OQf4Oagt+XAD55lYUyYPAHWu1xS4QBMu0ozzMQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFEdzJDCB6twe9K4yNPhrK9cmIrXEMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVmL2I1NDk4
OC04N2UxLTRhOWQtYTMzYi0zNGE5NDljOTIwNzQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWYvYjU0OTg4
LTg3ZTEtNGE5ZC1hMzNiLTM0YTk0OWM5MjA3NC8xL1IzTWtNSUhxM0I3MHJqSTAt
R3NyMXlZaXRjUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNFOTANBgkqhkiG9w0BAQsFAAOCAQEAEcvaAwQlYa/X
j6ZqnquvgQPH90A1UEqUNON97/I6q/L3fp3pCw+CSrIj1engsTyHi+WKGCo0DlP7
313cEQ7uK067h+ZDqrMkN6I16+eab68wcAPJ8XRCjN78o7o+Fjf6JAJH7AAFzVNR
GQBHUmTYEshdKTjRMV3+z1djy9MAv1dbNOGnl2FXeha1GBSjvNYGNEA2uHeFKh/j
zJ/BFwSMJxoDv/AiE9voSDulI0FyZd07vtTAGRjhIX5nJYTnPRDCibTaQ/J7jPiv
7nkeEhGWV+clv62uY6OD14OU0C0MTso4eDQnW2oIYUIAZkLC4j7Wd/1ofMkEksFX
RngVNWqJ3g==
-----END CERTIFICATE-----