Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/iYbiVoMwLDgnDQ-QxKrRUZOT1UU.cer
File:                     iYbiVoMwLDgnDQ-QxKrRUZOT1UU.cer (raw, json)
Hash identifier:          g+Zax9s92+ICtlsZZtyocUgVhMXige6akt9BqM/hawo=
Subject key identifier:   89:86:E2:56:83:30:2C:38:27:0D:0F:90:C4:AA:D1:51:93:93:D5:45
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941F8C030263975E507553F7511BB25F17
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/14/dcf559-afb4-46b9-b2d5-937dcff51e2d/1/iYbiVoMwLDgnDQ-QxKrRUZOT1UU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/14/dcf559-afb4-46b9-b2d5-937dcff51e2d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 01:47:37 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 91.239.122.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:03:02:63:97:5e:50:75:53:f7:51:1b:b2:5f:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8986e25683302c38270d0f90c4aad1519393d545
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:41:0f:9e:33:dd:70:28:83:36:20:14:3d:dd:
                    e1:43:7b:c4:8a:31:42:80:08:40:e0:7e:dd:90:f9:
                    b1:04:b8:82:bb:bf:a6:2b:5f:53:3c:ae:90:1d:d4:
                    47:65:4f:5c:34:d5:66:1f:ad:45:a7:30:3b:22:5b:
                    67:62:24:26:40:5f:89:1d:d9:39:37:ad:a0:4b:77:
                    d5:04:62:90:83:ce:1a:c2:95:bf:f6:a4:15:7c:5e:
                    6d:88:c6:97:72:92:24:f9:cd:cd:15:93:26:f5:e6:
                    f8:89:af:c1:8b:e7:93:ec:03:97:f8:07:43:39:a3:
                    8c:35:c7:d0:6f:ff:f0:7f:72:56:0c:fb:4f:5d:21:
                    71:c2:ce:6f:5d:d3:98:f0:ca:9c:b8:95:60:61:e7:
                    d9:af:64:53:fa:aa:ed:92:10:a5:5c:d3:cc:b8:35:
                    33:ec:c7:c8:33:7a:71:40:cc:66:8f:eb:f6:b2:7f:
                    fc:54:ee:3e:0f:95:fb:38:dc:50:85:bf:72:26:49:
                    33:72:0c:ef:4f:9a:69:1c:ce:3e:56:e6:31:df:26:
                    0d:75:f1:f0:24:4a:79:83:a6:b9:f6:52:05:6c:d0:
                    66:df:28:4b:7f:9b:af:e7:1f:ca:99:fd:5c:3c:74:
                    dd:8d:6a:fd:4d:74:b9:d7:09:7b:81:33:ba:f7:27:
                    5e:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:86:E2:56:83:30:2C:38:27:0D:0F:90:C4:AA:D1:51:93:93:D5:45
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/dcf559-afb4-46b9-b2d5-937dcff51e2d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/dcf559-afb4-46b9-b2d5-937dcff51e2d/1/iYbiVoMwLDgnDQ-QxKrRUZOT1UU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:3f:6e:5a:3b:e1:05:3e:55:94:ce:e8:d1:10:2a:6b:07:ad:
         ed:07:ec:7f:29:d5:58:bb:93:98:54:88:81:04:49:83:89:48:
         92:0a:37:c4:bf:89:7d:ea:2e:60:07:22:8d:3c:e6:a9:ed:79:
         ef:4f:b4:66:fb:2f:8d:f5:80:8a:4c:b0:70:98:5a:d2:49:0c:
         bb:6e:51:65:cd:8f:0f:23:f5:0b:d7:67:df:64:01:aa:70:eb:
         b1:50:c5:4c:82:25:71:3d:84:60:05:dd:a3:16:53:7b:b4:64:
         cf:3f:0a:0e:b1:8d:f6:74:a6:4b:13:49:f4:53:0a:df:af:a4:
         b5:59:47:cd:a2:4b:0d:5a:94:9d:6f:70:58:85:94:ce:2d:4c:
         0b:7c:5e:9a:5a:54:50:ce:ea:9d:31:06:ca:7f:88:7f:ad:ef:
         d3:63:84:08:d1:41:64:c3:4f:14:9a:97:3c:1b:4e:39:a8:35:
         da:05:46:b0:a1:17:9b:7b:a5:55:55:d8:d0:9b:d9:c3:77:e7:
         42:cc:42:f9:aa:11:a3:d6:a6:8a:7a:a7:0b:71:76:83:07:ba:
         28:36:c2:e1:08:b0:ac:ed:f6:74:47:c6:2a:56:45:4a:65:db:
         a8:c4:99:10:90:39:c3:0e:4b:c0:7d:8e:dc:1d:5f:a5:35:c8:
         71:42:61:f3
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQfjAMCY5deUHVT91Ebsl8XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDE0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTg2ZTI1NjgzMzAyYzM4MjcwZDBmOTBjNGFhZDE1MTkzOTNkNTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEEPnjPdcCiDNiAUPd3hQ3vEijFC
gAhA4H7dkPmxBLiCu7+mK19TPK6QHdRHZU9cNNVmH61FpzA7IltnYiQmQF+JHdk5
N62gS3fVBGKQg84awpW/9qQVfF5tiMaXcpIk+c3NFZMm9eb4ia/Bi+eT7AOX+AdD
OaOMNcfQb//wf3JWDPtPXSFxws5vXdOY8MqcuJVgYefZr2RT+qrtkhClXNPMuDUz
7MfIM3pxQMxmj+v2sn/8VO4+D5X7ONxQhb9yJkkzcgzvT5ppHM4+VuYx3yYNdfHw
JEp5g6a59lIFbNBm3yhLf5uv5x/Kmf1cPHTdjWr9TXS51wl7gTO69ydeswIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFImG4laDMCw4Jw0PkMSq0VGTk9VFMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE0L2RjZjU1
OS1hZmI0LTQ2YjktYjJkNS05MzdkY2ZmNTFlMmQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTQvZGNmNTU5
LWFmYjQtNDZiOS1iMmQ1LTkzN2RjZmY1MWUyZC8xL2lZYmlWb013TERnbkRRLVF4
S3JSVVpPVDFVVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW+96MA0GCSqGSIb3DQEBCwUAA4IBAQCvP25a
O+EFPlWUzujRECprB63tB+x/KdVYu5OYVIiBBEmDiUiSCjfEv4l96i5gByKNPOap
7XnvT7Rm+y+N9YCKTLBwmFrSSQy7blFlzY8PI/UL12ffZAGqcOuxUMVMgiVxPYRg
Bd2jFlN7tGTPPwoOsY32dKZLE0n0Uwrfr6S1WUfNoksNWpSdb3BYhZTOLUwLfF6a
WlRQzuqdMQbKf4h/re/TY4QI0UFkw08Umpc8G045qDXaBUawoRebe6VVVdjQm9nD
d+dCzEL5qhGj1qaKeqcLcXaDB7ooNsLhCLCs7fZ0R8YqVkVKZduoxJkQkDnDDkvA
fY7cHV+lNchxQmHz
-----END CERTIFICATE-----