Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/UnFDjiPOkl5mwlmYEiG1toOi8I8.cer
File:                     UnFDjiPOkl5mwlmYEiG1toOi8I8.cer (raw, json)
Hash identifier:          1FUZiaGwrdb/ZWIcRLdWbAYCUFqxMNWJEDVvGxBHyE8=
Subject key identifier:   52:71:43:8E:23:CE:92:5E:66:C2:59:98:12:21:B5:B6:83:A2:F0:8F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019427487A9D7D507C209054A080761AAEE6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/28/806917-af6b-4e1e-8773-9ad035474114/1/UnFDjiPOkl5mwlmYEiG1toOi8I8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/28/806917-af6b-4e1e-8773-9ad035474114/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 13:50:48 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 41940
                          IP: 194.60.77.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:7a:9d:7d:50:7c:20:90:54:a0:80:76:1a:ae:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 13:50:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5271438e23ce925e66c259981221b5b683a2f08f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:79:42:41:b5:59:b9:7f:38:c0:86:08:db:e1:
                    20:4d:2d:20:95:8c:d8:d4:7f:6e:91:7a:b6:49:cf:
                    69:c6:f2:58:09:34:f8:5c:3a:68:53:44:8a:3a:94:
                    b4:3d:e2:92:f5:0c:e0:05:4d:f3:d3:e1:80:9b:d0:
                    69:ef:33:9c:0b:2f:82:6a:e1:ba:3f:64:db:79:aa:
                    f6:41:4a:aa:03:47:b4:7c:54:d2:1e:35:1f:4e:f1:
                    c8:8f:60:73:53:03:29:83:04:c5:d1:0b:78:80:38:
                    dc:da:f0:d4:51:1b:b8:e3:b4:f4:2a:7c:11:18:0e:
                    01:44:49:d3:0b:b9:ea:e5:b3:58:52:2c:51:27:ce:
                    ce:80:2d:2f:92:dd:c0:fe:7a:10:f0:42:71:86:96:
                    83:ee:b0:3f:af:53:9e:a0:8f:9c:5a:fe:d7:67:76:
                    be:81:96:05:b8:8d:dc:3d:1f:8f:52:3d:b3:f5:45:
                    ce:50:2a:b0:c4:a3:1d:e8:15:7e:d8:0d:a8:af:58:
                    1d:43:9b:ee:e4:2e:6a:d5:86:f1:24:d2:a9:91:7d:
                    81:c0:35:76:41:c8:3f:2b:b2:98:98:58:29:c0:1f:
                    de:82:58:cb:c6:98:be:ea:0c:34:22:35:06:41:45:
                    41:f3:3d:96:82:02:fe:53:24:58:d9:63:54:6b:d0:
                    48:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:71:43:8E:23:CE:92:5E:66:C2:59:98:12:21:B5:B6:83:A2:F0:8F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/806917-af6b-4e1e-8773-9ad035474114/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/806917-af6b-4e1e-8773-9ad035474114/1/UnFDjiPOkl5mwlmYEiG1toOi8I8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.60.77.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  41940

    Signature Algorithm: sha256WithRSAEncryption
         15:85:57:53:a2:2a:2d:47:aa:e9:bc:8f:9d:2e:bf:2c:fe:cb:
         e9:43:04:24:df:cb:63:34:11:f3:a0:07:70:a8:38:a2:69:d2:
         20:9a:7d:fd:dc:89:71:0c:80:6a:9e:04:0a:eb:fb:0c:df:ed:
         d1:95:8f:63:8a:98:6a:a3:e2:7f:c3:17:1e:b6:8c:d7:30:16:
         29:01:be:e4:b1:15:37:27:c9:04:c1:31:1e:b7:9b:19:71:e1:
         91:c3:89:f2:f8:ca:ba:7f:10:4a:05:6d:0e:4e:8f:b5:27:21:
         54:6a:57:d3:90:c3:1b:e5:04:fd:ff:cb:dd:b7:2b:0b:ea:0f:
         4b:03:bd:0c:1d:b6:fe:ea:98:94:93:b3:d4:19:e1:74:ca:84:
         92:f3:9f:c8:19:f4:12:b6:39:ec:f9:93:70:c8:06:69:6c:ef:
         01:5c:ef:b7:8f:87:bf:30:09:ef:e4:40:01:73:d9:00:19:b6:
         8e:96:ac:25:01:37:0b:8b:21:f2:7b:9e:b2:8e:25:67:6e:80:
         d6:83:b2:63:20:c9:70:5e:dc:94:fd:8d:6e:dd:42:45:ad:78:
         69:20:7d:d2:20:29:e0:eb:a2:f8:2f:86:10:34:93:fc:fd:78:
         53:75:97:47:d6:8c:c2:bb:10:d0:b4:20:8a:42:d2:10:87:31:
         db:c1:26:9a
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQnSHqdfVB8IJBUoIB2Gq7mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTM1MDQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjcxNDM4ZTIzY2U5MjVlNjZjMjU5OTgxMjIxYjViNjgzYTJmMDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA13lCQbVZuX84wIYI2+EgTS0glYzY
1H9ukXq2Sc9pxvJYCTT4XDpoU0SKOpS0PeKS9QzgBU3z0+GAm9Bp7zOcCy+CauG6
P2Tbear2QUqqA0e0fFTSHjUfTvHIj2BzUwMpgwTF0Qt4gDjc2vDUURu447T0KnwR
GA4BREnTC7nq5bNYUixRJ87OgC0vkt3A/noQ8EJxhpaD7rA/r1OeoI+cWv7XZ3a+
gZYFuI3cPR+PUj2z9UXOUCqwxKMd6BV+2A2or1gdQ5vu5C5q1YbxJNKpkX2BwDV2
Qcg/K7KYmFgpwB/egljLxpi+6gw0IjUGQUVB8z2WggL+UyRY2WNUa9BIMQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFFJxQ44jzpJeZsJZmBIhtbaDovCPMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzI4LzgwNjkx
Ny1hZjZiLTRlMWUtODc3My05YWQwMzU0NzQxMTQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjgvODA2OTE3
LWFmNmItNGUxZS04NzczLTlhZDAzNTQ3NDExNC8xL1VuRkRqaVBPa2w1bXdsbVlF
aUcxdG9PaThJOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwjxNMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCj1DANBgkqhkiG9w0BAQsFAAOCAQEAFYVXU6IqLUeq6byPnS6/LP7L6UMEJN/L
YzQR86AHcKg4omnSIJp9/dyJcQyAap4ECuv7DN/t0ZWPY4qYaqPif8MXHraM1zAW
KQG+5LEVNyfJBMExHrebGXHhkcOJ8vjKun8QSgVtDk6PtSchVGpX05DDG+UE/f/L
3bcrC+oPSwO9DB22/uqYlJOz1BnhdMqEkvOfyBn0ErY57PmTcMgGaWzvAVzvt4+H
vzAJ7+RAAXPZABm2jpasJQE3C4sh8nueso4lZ26A1oOyYyDJcF7clP2Nbt1CRa14
aSB90iAp4Oui+C+GEDST/P14U3WXR9aMwrsQ0LQgikLSEIcx28Emmg==
-----END CERTIFICATE-----