Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1eSq4t1mqdzA42SB3qZvPjYGqA.cer
File:                     b1eSq4t1mqdzA42SB3qZvPjYGqA.cer (raw, json)
Hash identifier:          hjO35uxqErNg8a/cTW1iOg8+C+3Xgdp5uPQTi/62yV8=
Subject key identifier:   6F:57:92:AB:8B:75:9A:A7:73:03:8D:92:07:7A:99:BC:F8:D8:1A:A0
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019424B3C82930F55379044BE358F8A27B1A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/56/7f9978-1fe4-4b99-8143-5d1b1ecb99bf/1/b1eSq4t1mqdzA42SB3qZvPjYGqA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/56/7f9978-1fe4-4b99-8143-5d1b1ecb99bf/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 01:49:09 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 193.22.173.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:c8:29:30:f5:53:79:04:4b:e3:58:f8:a2:7b:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 01:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f5792ab8b759aa773038d92077a99bcf8d81aa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:12:62:23:8b:36:fa:5b:ad:4b:15:8f:f4:d2:
                    98:9e:b6:b4:5a:7d:e5:d6:2b:d2:05:f4:3a:f9:6b:
                    4b:29:2b:d0:56:6e:60:7e:b5:0c:59:6e:6a:9a:e1:
                    fa:a4:a6:1c:fb:81:e0:9a:50:a3:5d:c1:82:04:65:
                    bf:5e:62:90:23:20:26:5e:1d:47:74:56:dd:d6:3f:
                    b8:f6:07:b6:71:b6:d2:cc:88:28:ab:15:bf:02:c6:
                    0d:a0:46:c1:5c:f4:78:d8:14:d0:bb:e0:93:70:f9:
                    26:7a:e1:e9:d6:0d:36:42:9f:0d:e0:77:0c:1c:2d:
                    15:6f:1b:a0:7e:35:f8:95:0d:69:a0:b6:4b:43:6e:
                    00:a9:eb:3e:b3:df:29:5f:cf:b3:16:5b:e8:be:69:
                    49:bf:4b:05:50:13:22:63:93:c8:29:af:14:d4:22:
                    97:f3:7d:e3:09:a2:cc:78:b9:ec:f7:99:a5:36:03:
                    44:eb:af:72:59:70:b4:47:b3:c6:03:48:f7:61:1b:
                    c6:8b:24:d4:b1:ca:b8:9f:aa:12:92:18:e0:50:9a:
                    2a:14:a4:f5:63:a6:76:d0:eb:96:3c:bc:8f:22:ba:
                    74:1e:db:f0:94:1f:a4:5a:f5:5d:5b:e5:e6:53:b2:
                    b2:61:89:75:ac:d3:80:92:09:63:23:de:12:11:55:
                    76:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:57:92:AB:8B:75:9A:A7:73:03:8D:92:07:7A:99:BC:F8:D8:1A:A0
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/7f9978-1fe4-4b99-8143-5d1b1ecb99bf/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/7f9978-1fe4-4b99-8143-5d1b1ecb99bf/1/b1eSq4t1mqdzA42SB3qZvPjYGqA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:85:2a:e4:b3:91:f4:bb:a7:37:a5:ac:46:bd:23:5e:2d:b5:
         3d:a1:d7:b9:db:dd:20:a8:0e:a4:c1:36:7f:c5:29:1e:e9:b9:
         e5:82:7f:4a:bd:56:91:d8:9b:58:45:11:a1:1e:8e:30:40:65:
         05:34:89:31:d6:1c:bd:50:94:b4:d7:35:89:f7:01:b7:ea:7b:
         9a:7f:86:8a:bb:b5:36:a7:2e:4a:7d:40:ed:ac:08:7a:dd:ef:
         05:eb:a7:6f:c3:94:23:48:58:3a:2c:55:aa:d0:eb:b0:c1:ee:
         0c:23:44:a2:49:b4:f7:52:bb:8e:eb:8b:75:9f:19:6f:4d:6e:
         ed:00:55:5b:2b:45:03:30:75:3f:ee:d5:ab:06:82:f9:7b:64:
         04:6a:08:94:36:41:99:31:87:ad:a0:da:62:ca:0e:e7:2d:8d:
         ea:f0:e8:d3:88:fa:3d:c4:0d:e5:f9:bb:91:64:b0:4e:0b:77:
         b6:b8:e5:46:59:f2:34:14:82:1c:bd:c7:45:91:e4:b6:86:8a:
         7e:8a:48:80:7c:fa:d5:bc:84:a9:19:f6:9d:3a:62:20:dc:00:
         7d:01:bf:ea:ea:a2:72:69:3f:66:ad:f3:04:c6:c4:12:4b:4a:
         35:67:db:a5:d6:a2:de:85:cb:8b:e6:52:88:94:7e:16:c2:fb:
         28:14:32:fd
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQks8gpMPVTeQRL41j4onsaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDE0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjU3OTJhYjhiNzU5YWE3NzMwMzhkOTIwNzdhOTliY2Y4ZDgxYWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxJiI4s2+lutSxWP9NKYnra0Wn3l
1ivSBfQ6+WtLKSvQVm5gfrUMWW5qmuH6pKYc+4HgmlCjXcGCBGW/XmKQIyAmXh1H
dFbd1j+49ge2cbbSzIgoqxW/AsYNoEbBXPR42BTQu+CTcPkmeuHp1g02Qp8N4HcM
HC0VbxugfjX4lQ1poLZLQ24Aqes+s98pX8+zFlvovmlJv0sFUBMiY5PIKa8U1CKX
833jCaLMeLns95mlNgNE669yWXC0R7PGA0j3YRvGiyTUscq4n6oSkhjgUJoqFKT1
Y6Z20OuWPLyPIrp0HtvwlB+kWvVdW+XmU7KyYYl1rNOAkgljI94SEVV2VwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFG9XkquLdZqncwONkgd6mbz42BqgMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU2LzdmOTk3
OC0xZmU0LTRiOTktODE0My01ZDFiMWVjYjk5YmYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTYvN2Y5OTc4
LTFmZTQtNGI5OS04MTQzLTVkMWIxZWNiOTliZi8xL2IxZVNxNHQxbXFkekE0MlNC
M3FadlBqWUdxQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwRatMA0GCSqGSIb3DQEBCwUAA4IBAQB/hSrk
s5H0u6c3paxGvSNeLbU9ode5290gqA6kwTZ/xSke6bnlgn9KvVaR2JtYRRGhHo4w
QGUFNIkx1hy9UJS01zWJ9wG36nuaf4aKu7U2py5KfUDtrAh63e8F66dvw5QjSFg6
LFWq0Ouwwe4MI0SiSbT3UruO64t1nxlvTW7tAFVbK0UDMHU/7tWrBoL5e2QEagiU
NkGZMYetoNpiyg7nLY3q8OjTiPo9xA3l+buRZLBOC3e2uOVGWfI0FIIcvcdFkeS2
hop+ikiAfPrVvISpGfadOmIg3AB9Ab/q6qJyaT9mrfMExsQSS0o1Z9ul1qLehcuL
5lKIlH4WwvsoFDL9
-----END CERTIFICATE-----