Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/i5LFXos1lQd133Y-dJMNUinJ-gA.cer
File:                     i5LFXos1lQd133Y-dJMNUinJ-gA.cer (raw, json)
Hash identifier:          9lK3COYHwggwmM/8nmZm0E6dI8lKnehAqRtGMffpIok=
Subject key identifier:   8B:92:C5:5E:8B:35:95:07:75:DF:76:3E:74:93:0D:52:29:C9:FA:00
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019421B23B79875730AC054963927D1A46A7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9c/30f7a4-36c8-499d-8d43-bebbe4aa7cab/1/i5LFXos1lQd133Y-dJMNUinJ-gA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9c/30f7a4-36c8-499d-8d43-bebbe4aa7cab/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 11:48:36 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 193.93.112.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 20:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:3b:79:87:57:30:ac:05:49:63:92:7d:1a:46:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 11:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b92c55e8b35950775df763e74930d5229c9fa00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:b6:26:93:dc:c8:38:e7:06:f9:fc:29:b0:ae:
                    06:3c:a9:f9:e2:cc:2b:dc:23:51:07:06:20:28:22:
                    91:05:71:1f:39:a1:62:da:6a:06:c5:8a:fe:91:dd:
                    1b:ad:d0:46:c3:c8:b4:3c:bb:15:c2:21:b6:8f:27:
                    de:5f:94:c9:9c:cf:6a:37:28:b0:df:77:aa:b6:3d:
                    a2:37:7d:1e:11:1b:5b:8e:3f:bb:43:9f:c7:5f:ec:
                    3c:78:c3:b5:10:27:fd:43:05:25:8c:93:07:b7:80:
                    b7:f9:15:da:92:cf:ac:57:e8:64:87:42:be:f4:75:
                    ad:41:c9:3d:ac:55:e9:3f:9d:af:51:96:56:fe:f8:
                    14:d8:f7:dc:77:99:6a:65:f8:88:cf:35:38:4d:47:
                    e4:6b:a0:b6:7a:73:8b:3d:4b:47:31:46:37:f8:f3:
                    a9:d8:00:4c:e6:a4:02:6f:12:ab:3c:a1:f3:2a:7f:
                    76:6f:60:ef:e5:d8:52:db:00:c7:62:5c:1e:b2:ff:
                    db:49:5e:1e:0c:0e:b5:7a:91:4f:50:3d:ba:2e:7a:
                    9f:cd:ea:9d:59:47:32:87:fb:50:db:98:37:ac:70:
                    7f:61:b4:36:16:4d:ea:0e:17:e3:21:60:d4:30:b2:
                    54:a6:29:32:e3:72:68:b1:c9:77:59:a1:24:8f:18:
                    d8:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:92:C5:5E:8B:35:95:07:75:DF:76:3E:74:93:0D:52:29:C9:FA:00
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/30f7a4-36c8-499d-8d43-bebbe4aa7cab/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/30f7a4-36c8-499d-8d43-bebbe4aa7cab/1/i5LFXos1lQd133Y-dJMNUinJ-gA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.93.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:86:92:ec:4c:1c:3d:29:f7:d1:5d:9d:71:03:3b:47:a8:0c:
         43:52:83:6e:93:9b:3a:30:f5:0c:31:01:69:89:d7:ea:25:4d:
         c0:19:cf:af:7c:6e:72:40:db:98:1a:54:6a:05:79:01:78:90:
         d1:26:8f:43:0e:95:da:4c:20:c1:04:22:5f:f7:6a:bf:0b:59:
         b9:fd:13:5c:ed:51:6e:76:13:09:ff:56:83:c0:d0:7b:41:81:
         fe:44:83:52:e8:d3:58:bf:13:c6:90:a5:78:0b:f8:dd:70:f3:
         35:2f:35:92:19:53:3c:84:e1:b6:55:b5:28:63:85:b7:51:e0:
         99:c6:11:73:19:ae:da:e7:15:d2:b1:77:51:d3:3b:f6:21:c2:
         55:38:2d:2e:12:f1:c7:c8:48:19:ef:b3:6e:7a:8e:fe:55:f9:
         8e:ee:6c:26:73:81:b8:98:06:f4:3b:97:88:0f:8e:1b:13:95:
         23:81:34:6b:6a:76:b7:6e:eb:ec:7a:82:f5:01:6f:a6:f9:f2:
         06:90:38:33:e8:25:05:15:25:c2:2f:10:f7:f7:d8:af:6b:9f:
         d9:a7:38:64:71:03:93:a7:d9:91:2f:53:ae:5f:62:2e:41:fb:
         d2:46:89:7e:9f:2c:6e:e0:f2:5f:e3:9a:81:88:be:6d:cd:c3:
         b5:99:66:73
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQhsjt5h1cwrAVJY5J9GkanMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTE0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjkyYzU1ZThiMzU5NTA3NzVkZjc2M2U3NDkzMGQ1MjI5YzlmYTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA27Ymk9zIOOcG+fwpsK4GPKn54swr
3CNRBwYgKCKRBXEfOaFi2moGxYr+kd0brdBGw8i0PLsVwiG2jyfeX5TJnM9qNyiw
33eqtj2iN30eERtbjj+7Q5/HX+w8eMO1ECf9QwUljJMHt4C3+RXaks+sV+hkh0K+
9HWtQck9rFXpP52vUZZW/vgU2Pfcd5lqZfiIzzU4TUfka6C2enOLPUtHMUY3+POp
2ABM5qQCbxKrPKHzKn92b2Dv5dhS2wDHYlwesv/bSV4eDA61epFPUD26Lnqfzeqd
WUcyh/tQ25g3rHB/YbQ2Fk3qDhfjIWDUMLJUpiky43Joscl3WaEkjxjYrwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFIuSxV6LNZUHdd92PnSTDVIpyfoAMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzljLzMwZjdh
NC0zNmM4LTQ5OWQtOGQ0My1iZWJiZTRhYTdjYWIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWMvMzBmN2E0
LTM2YzgtNDk5ZC04ZDQzLWJlYmJlNGFhN2NhYi8xL2k1TEZYb3MxbFFkMTMzWS1k
Sk1OVWluSi1nQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwV1wMA0GCSqGSIb3DQEBCwUAA4IBAQAnhpLs
TBw9KffRXZ1xAztHqAxDUoNuk5s6MPUMMQFpidfqJU3AGc+vfG5yQNuYGlRqBXkB
eJDRJo9DDpXaTCDBBCJf92q/C1m5/RNc7VFudhMJ/1aDwNB7QYH+RINS6NNYvxPG
kKV4C/jdcPM1LzWSGVM8hOG2VbUoY4W3UeCZxhFzGa7a5xXSsXdR0zv2IcJVOC0u
EvHHyEgZ77Nueo7+VfmO7mwmc4G4mAb0O5eID44bE5UjgTRrana3buvseoL1AW+m
+fIGkDgz6CUFFSXCLxD399iva5/ZpzhkcQOTp9mRL1OuX2IuQfvSRol+nyxu4PJf
45qBiL5tzcO1mWZz
-----END CERTIFICATE-----