Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/t8jfPaM5OL8bJF8cRHn9JN2flPA.cer
File:                     t8jfPaM5OL8bJF8cRHn9JN2flPA.cer (raw, json)
Hash identifier:          HAelpfoRmVriWFSg7J3GZq+2G+XDqj7DDcDECad3edk=
Subject key identifier:   B7:C8:DF:3D:A3:39:38:BF:1B:24:5F:1C:44:79:FD:24:DD:9F:94:F0
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019424B32D0B828E513BC6095541B05F4A8A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/87/4dd198-93cb-459c-bee2-2d1daa299e83/1/t8jfPaM5OL8bJF8cRHn9JN2flPA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/87/4dd198-93cb-459c-bee2-2d1daa299e83/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 01:48:29 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.238.164.0/22
                          IP: 2a09:d540::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 20:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:2d:0b:82:8e:51:3b:c6:09:55:41:b0:5f:4a:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 01:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7c8df3da33938bf1b245f1c4479fd24dd9f94f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:16:24:46:0a:e1:e4:b6:52:b3:21:d1:a9:35:
                    15:ca:c1:79:15:a8:40:0a:09:4c:10:7d:4b:16:52:
                    46:60:86:1c:82:57:26:6a:f9:d3:a5:fd:2f:56:1b:
                    84:b3:fe:45:a7:29:c3:4a:ee:41:87:ce:48:bf:26:
                    70:c6:27:b5:a9:b0:f4:2f:cb:a5:f0:9b:84:e3:d9:
                    64:f4:4e:07:7f:35:e6:a1:9c:f5:43:48:fc:19:14:
                    a3:2c:98:21:e4:61:19:ed:65:53:4c:c9:86:b9:b7:
                    9c:d6:b7:10:6e:64:5e:30:87:87:35:40:85:3d:51:
                    8b:ac:cf:be:6a:9d:c0:fe:1e:e7:34:2d:59:99:c8:
                    de:d2:58:a5:ae:1c:34:f2:5e:0d:42:9a:64:64:90:
                    12:55:2e:f5:27:d1:13:02:fc:92:90:2b:c7:76:8d:
                    65:ed:fe:83:57:f6:c2:26:c7:a1:bc:db:94:95:0f:
                    e4:80:f6:bd:83:0e:61:07:f0:38:a0:5d:49:8d:68:
                    9a:e4:a2:f5:f0:5c:3f:55:64:db:7b:d9:b6:60:e8:
                    e2:40:ba:77:92:bc:9b:3a:ed:8e:ca:d3:b0:79:50:
                    3f:e9:62:69:66:4f:30:0c:7a:42:f2:1e:ed:9e:3f:
                    71:66:91:1e:b3:50:ca:24:81:6c:6a:c3:21:db:e0:
                    82:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:C8:DF:3D:A3:39:38:BF:1B:24:5F:1C:44:79:FD:24:DD:9F:94:F0
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/4dd198-93cb-459c-bee2-2d1daa299e83/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/4dd198-93cb-459c-bee2-2d1daa299e83/1/t8jfPaM5OL8bJF8cRHn9JN2flPA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.164.0/22
                IPv6:
                  2a09:d540::/29

    Signature Algorithm: sha256WithRSAEncryption
         73:10:76:6b:bd:a7:bb:bc:77:36:8f:68:e9:c1:b2:75:a8:1c:
         6a:b5:4a:de:76:40:73:04:fc:34:fc:ee:5a:ed:d0:e3:49:52:
         20:a6:9e:43:2b:c0:c9:bf:9e:3b:b5:c6:e4:f9:22:89:a9:f0:
         4c:3f:6d:bf:8a:36:ff:85:da:24:78:cc:3f:dc:80:34:70:36:
         98:f4:8e:ed:a3:b5:01:bc:bc:87:19:64:fc:70:70:34:df:5b:
         fe:d3:41:fa:82:1e:f5:f0:8e:71:0a:ab:ef:59:e2:87:1e:6d:
         bf:1a:1e:b0:e9:a5:91:14:a4:d4:67:ff:53:7d:bb:3d:12:f7:
         96:4b:a4:9b:8f:56:a2:72:f8:2c:c1:9d:37:ea:60:7d:9c:e0:
         a1:ac:16:ff:6e:99:e6:e0:66:f4:58:a9:de:dd:29:5c:e1:af:
         89:ef:6b:22:47:1b:ac:76:fd:5a:11:59:0f:c4:6a:f0:28:b2:
         ba:6e:f9:74:32:d5:d2:31:54:6a:71:4c:bd:bb:ba:ef:81:c2:
         22:65:fd:89:51:f7:fc:59:c4:8f:e2:7e:59:e6:1a:5a:ef:7d:
         d4:ef:aa:b0:f0:36:61:9b:0a:31:da:e2:f8:0b:6f:49:37:8c:
         38:e0:82:92:2e:f1:ef:48:75:9a:c6:93:0c:63:70:d9:91:ee:
         8d:3d:04:35
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQksy0Lgo5RO8YJVUGwX0qKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDE0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2M4ZGYzZGEzMzkzOGJmMWIyNDVmMWM0NDc5ZmQyNGRkOWY5NGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxYkRgrh5LZSsyHRqTUVysF5FahA
CglMEH1LFlJGYIYcglcmavnTpf0vVhuEs/5FpynDSu5Bh85IvyZwxie1qbD0L8ul
8JuE49lk9E4HfzXmoZz1Q0j8GRSjLJgh5GEZ7WVTTMmGubec1rcQbmReMIeHNUCF
PVGLrM++ap3A/h7nNC1Zmcje0lilrhw08l4NQppkZJASVS71J9ETAvySkCvHdo1l
7f6DV/bCJsehvNuUlQ/kgPa9gw5hB/A4oF1JjWia5KL18Fw/VWTbe9m2YOjiQLp3
krybOu2OytOweVA/6WJpZk8wDHpC8h7tnj9xZpEes1DKJIFsasMh2+CC+wIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFLfI3z2jOTi/GyRfHER5/STdn5TwMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg3LzRkZDE5
OC05M2NiLTQ1OWMtYmVlMi0yZDFkYWEyOTllODMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODcvNGRkMTk4
LTkzY2ItNDU5Yy1iZWUyLTJkMWRhYTI5OWU4My8xL3Q4amZQYU01T0w4YkpGOGNS
SG45Sk4yZmxQQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCue6kMA0EAgACMAcDBQMqCdVAMA0GCSqGSIb3
DQEBCwUAA4IBAQBzEHZrvae7vHc2j2jpwbJ1qBxqtUredkBzBPw0/O5a7dDjSVIg
pp5DK8DJv547tcbk+SKJqfBMP22/ijb/hdokeMw/3IA0cDaY9I7to7UBvLyHGWT8
cHA031v+00H6gh718I5xCqvvWeKHHm2/Gh6w6aWRFKTUZ/9Tfbs9EveWS6Sbj1ai
cvgswZ036mB9nOChrBb/bpnm4Gb0WKne3Slc4a+J72siRxusdv1aEVkPxGrwKLK6
bvl0MtXSMVRqcUy9u7rvgcIiZf2JUff8WcSP4n5Z5hpa733U76qw8DZhmwox2uL4
C29JN4w44IKSLvHvSHWaxpMMY3DZke6NPQQ1
-----END CERTIFICATE-----