Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/zgQm-dLl8wq4eoJ2f9iW7rpLHFc.cer
File:                     zgQm-dLl8wq4eoJ2f9iW7rpLHFc.cer (raw, json)
Hash identifier:          R6tz9Na7S8xnU030ooZnzEy8bZUG7K/acBgVE4EmQew=
Subject key identifier:   CE:04:26:F9:D2:E5:F3:0A:B8:7A:82:76:7F:D8:96:EE:BA:4B:1C:57
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019424B37A081F6F467EFAB8F29AE95CD836
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e2/394dc0-75aa-40a8-8222-ee4a4618524c/1/zgQm-dLl8wq4eoJ2f9iW7rpLHFc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e2/394dc0-75aa-40a8-8222-ee4a4618524c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 01:48:49 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 91.213.1.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:7a:08:1f:6f:46:7e:fa:b8:f2:9a:e9:5c:d8:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 01:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce0426f9d2e5f30ab87a82767fd896eeba4b1c57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:70:aa:c3:7f:59:fe:75:77:74:32:fe:c6:08:
                    66:8c:e1:a6:af:3e:41:9d:c2:ad:a2:c3:48:a0:0f:
                    37:e0:62:8e:a4:ad:b5:1f:cf:37:43:8d:8c:8d:45:
                    e8:d4:f8:5b:96:21:e3:36:27:12:bc:59:c0:6e:78:
                    7e:84:25:c9:a2:79:22:fb:56:49:d9:de:bf:46:1d:
                    b5:d2:a8:e1:85:07:cf:d3:86:ac:8f:de:26:f2:5e:
                    f4:6e:cd:90:cf:51:84:1a:19:cb:01:39:e7:a7:51:
                    b2:fe:a7:f9:fc:c7:b3:dc:13:bc:e9:e6:cb:a9:cb:
                    8a:92:57:ce:2f:0a:15:f8:60:26:7a:54:af:c0:60:
                    21:7b:56:d1:8c:e5:6f:6b:66:50:81:64:7c:e2:64:
                    64:50:4e:13:c7:b4:cf:6b:aa:a9:f4:d4:b2:db:51:
                    d4:e4:15:cb:39:d7:d6:99:e1:fa:e7:85:f5:43:12:
                    cb:b1:ea:05:8d:57:22:37:61:84:4b:ab:2b:ac:f4:
                    11:37:76:25:d2:22:8e:1a:fe:4d:6b:c9:1c:63:b4:
                    76:5a:f0:38:24:e9:49:d3:58:08:6d:52:a2:99:02:
                    dc:c2:75:60:b4:64:b5:2d:22:73:1d:d2:22:c4:42:
                    88:29:86:3a:6e:d4:26:2b:48:38:aa:74:75:22:c9:
                    4d:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:04:26:F9:D2:E5:F3:0A:B8:7A:82:76:7F:D8:96:EE:BA:4B:1C:57
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/394dc0-75aa-40a8-8222-ee4a4618524c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/394dc0-75aa-40a8-8222-ee4a4618524c/1/zgQm-dLl8wq4eoJ2f9iW7rpLHFc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:a0:09:4d:e2:3e:e8:45:18:37:b7:4f:60:94:37:3a:86:5b:
         f4:d8:1e:0d:12:77:5f:f3:29:05:81:35:c6:b8:e0:e3:9f:9f:
         d7:f2:bf:f2:b5:16:01:d5:95:fc:a8:40:6c:3d:a2:1d:77:03:
         0c:c2:1e:5e:01:d9:29:69:02:39:70:5a:e9:e5:34:23:72:3a:
         9e:cc:89:62:d1:58:33:3a:4c:d2:de:20:20:f8:72:8c:f2:ef:
         24:9f:e6:c4:89:85:19:24:83:58:f2:2f:c5:79:22:61:28:9c:
         c3:4c:84:da:bf:05:9d:9a:31:5a:da:8a:f3:2a:0e:b3:76:da:
         b1:2c:7e:68:83:cc:1d:03:55:12:d3:53:89:24:40:bc:10:e3:
         40:ec:9f:08:5e:31:f8:2a:aa:fe:33:05:15:9f:cc:38:c4:6b:
         4e:ff:02:e4:bf:25:b6:b5:32:b1:c0:7f:71:fc:f3:25:ee:d3:
         99:6b:9a:8a:a4:78:ea:7d:16:e9:93:64:67:71:a6:bb:63:a2:
         c0:71:e9:53:22:42:de:fa:94:89:8b:6e:23:9d:59:01:6e:0a:
         ad:af:07:09:ad:3f:32:fb:d4:dc:69:5c:54:40:4f:48:33:7d:
         53:ba:a4:1e:51:4b:e0:41:2d:d5:f7:82:51:43:5a:fd:56:b1:
         1f:9a:55:19
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQks3oIH29Gfvq48prpXNg2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDE0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTA0MjZmOWQyZTVmMzBhYjg3YTgyNzY3ZmQ4OTZlZWJhNGIxYzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHCqw39Z/nV3dDL+xghmjOGmrz5B
ncKtosNIoA834GKOpK21H883Q42MjUXo1PhbliHjNicSvFnAbnh+hCXJonki+1ZJ
2d6/Rh210qjhhQfP04asj94m8l70bs2Qz1GEGhnLATnnp1Gy/qf5/Mez3BO86ebL
qcuKklfOLwoV+GAmelSvwGAhe1bRjOVva2ZQgWR84mRkUE4Tx7TPa6qp9NSy21HU
5BXLOdfWmeH654X1QxLLseoFjVciN2GES6srrPQRN3Yl0iKOGv5Na8kcY7R2WvA4
JOlJ01gIbVKimQLcwnVgtGS1LSJzHdIixEKIKYY6btQmK0g4qnR1IslNVwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFM4EJvnS5fMKuHqCdn/Ylu66SxxXMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2UyLzM5NGRj
MC03NWFhLTQwYTgtODIyMi1lZTRhNDYxODUyNGMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvMzk0ZGMw
LTc1YWEtNDBhOC04MjIyLWVlNGE0NjE4NTI0Yy8xL3pnUW0tZExsOHdxNGVvSjJm
OWlXN3JwTEhGYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9UBMA0GCSqGSIb3DQEBCwUAA4IBAQBzoAlN
4j7oRRg3t09glDc6hlv02B4NEndf8ykFgTXGuODjn5/X8r/ytRYB1ZX8qEBsPaId
dwMMwh5eAdkpaQI5cFrp5TQjcjqezIli0VgzOkzS3iAg+HKM8u8kn+bEiYUZJINY
8i/FeSJhKJzDTITavwWdmjFa2orzKg6zdtqxLH5og8wdA1US01OJJEC8EONA7J8I
XjH4Kqr+MwUVn8w4xGtO/wLkvyW2tTKxwH9x/PMl7tOZa5qKpHjqfRbpk2Rncaa7
Y6LAcelTIkLe+pSJi24jnVkBbgqtrwcJrT8y+9TcaVxUQE9IM31TuqQeUUvgQS3V
94JRQ1r9VrEfmlUZ
-----END CERTIFICATE-----