Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f00NtehmnND-oANh6Aa8YPaMYs.cer
File:                     0f00NtehmnND-oANh6Aa8YPaMYs.cer (raw, json)
Hash identifier:          Blnj04FWdHw23KJbEb1x+B6+8CSq9Lz3QHpZuAoeS34=
Subject key identifier:   D1:FD:34:36:D7:A1:9A:73:43:FA:80:0D:87:A0:1A:F1:83:DA:31:8B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0195042AE27108034C6487A47E330BC526FF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8c/bcd5e8-5d1f-46b1-96bc-39a66cbe1e4d/1/0f00NtehmnND-oANh6Aa8YPaMYs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8c/bcd5e8-5d1f-46b1-96bc-39a66cbe1e4d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 14 Feb 2025 11:14:34 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.13.208.0/22
                          IP: 2a03:a540::/32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:04:2a:e2:71:08:03:4c:64:87:a4:7e:33:0b:c5:26:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Feb 14 11:14:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1fd3436d7a19a7343fa800d87a01af183da318b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:a5:8a:19:58:8a:c2:60:24:b9:f2:51:da:e2:
                    17:60:4a:28:e3:8e:b5:d3:04:0f:0c:0d:e6:3e:b2:
                    8d:93:f5:6d:68:e2:4f:b5:12:61:6a:a2:cd:37:72:
                    29:b2:23:b2:2f:4c:dd:a4:34:0a:b2:f1:3f:b1:5a:
                    11:7e:b9:17:49:f0:98:9a:55:1b:e6:a3:2c:15:be:
                    e1:60:42:05:8d:0d:47:1c:8e:79:c7:0a:d5:e3:81:
                    22:ff:bd:0f:bd:ac:0b:bf:de:bf:f4:54:fa:20:0e:
                    47:f9:44:2d:a3:20:4d:dc:3d:08:57:fb:d5:07:46:
                    76:78:2d:7d:ac:ea:c2:77:61:d6:05:f5:fb:59:bd:
                    2e:c1:63:99:d6:db:eb:1c:03:56:b3:be:f3:8e:00:
                    ca:e5:3e:e6:0c:ba:70:6a:bd:18:47:9b:54:7b:42:
                    fc:3c:47:08:f9:d4:4b:ea:0a:62:91:cb:16:e2:27:
                    3a:a4:83:b6:cf:0d:42:9c:30:d6:05:88:2c:66:2c:
                    27:53:07:3b:6a:a4:a1:f5:41:84:d6:43:de:fe:6b:
                    42:ca:a6:0b:c2:20:71:93:64:8d:7d:22:c0:d2:24:
                    6a:9d:98:47:53:46:68:a4:ca:29:e9:e3:87:e3:55:
                    5b:d8:23:c5:59:37:96:be:6f:f4:fe:3b:66:8a:b2:
                    c2:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:FD:34:36:D7:A1:9A:73:43:FA:80:0D:87:A0:1A:F1:83:DA:31:8B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/bcd5e8-5d1f-46b1-96bc-39a66cbe1e4d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/bcd5e8-5d1f-46b1-96bc-39a66cbe1e4d/1/0f00NtehmnND-oANh6Aa8YPaMYs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.13.208.0/22
                IPv6:
                  2a03:a540::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:0e:15:08:05:fc:84:13:fb:60:b5:4a:ec:bf:ce:17:cc:b9:
         0e:94:a1:9d:34:92:9b:1c:70:3c:87:7e:b7:18:51:24:19:08:
         90:7d:3d:a5:b9:b5:f0:29:fa:f2:1a:c3:39:e7:e5:7f:9b:b0:
         31:6b:1d:ac:b2:db:e1:c5:e7:da:6b:d9:62:b6:08:11:1f:b4:
         8f:af:d5:f8:0b:f7:81:33:57:4e:03:14:e6:96:8a:57:25:1a:
         9f:87:6f:bf:b5:ff:b1:c7:af:95:88:b6:c6:c4:37:1f:dd:78:
         5d:b8:a0:68:ec:e7:9f:8c:3c:14:26:f2:ff:74:64:ba:06:e9:
         8f:96:43:16:e1:de:88:f1:a6:26:e5:3a:40:d4:fb:f5:9f:54:
         41:35:22:b8:2a:1e:fc:53:4b:2d:ae:9e:ae:67:d0:15:5f:6b:
         6f:1e:81:ae:2b:0d:50:d7:2d:bf:a1:49:34:ef:e4:24:9f:83:
         95:e6:dd:c1:ed:a7:b9:e9:8c:c7:a5:8a:e7:82:54:00:00:09:
         84:7b:98:90:b0:f1:1b:cf:76:17:83:4e:1e:ba:87:eb:ff:2f:
         ce:ed:8c:ed:fb:50:75:cc:db:2c:e1:86:f2:ec:46:6e:50:1a:
         d4:79:05:ec:07:a5:57:1f:01:5d:c1:7f:4d:ed:6b:e9:e9:6d:
         d6:55:49:38
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZUEKuJxCANMZIekfjMLxSb/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMjE0MTExNDM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWZkMzQzNmQ3YTE5YTczNDNmYTgwMGQ4N2EwMWFmMTgzZGEzMThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqWKGViKwmAkufJR2uIXYEoo4461
0wQPDA3mPrKNk/VtaOJPtRJhaqLNN3IpsiOyL0zdpDQKsvE/sVoRfrkXSfCYmlUb
5qMsFb7hYEIFjQ1HHI55xwrV44Ei/70PvawLv96/9FT6IA5H+UQtoyBN3D0IV/vV
B0Z2eC19rOrCd2HWBfX7Wb0uwWOZ1tvrHANWs77zjgDK5T7mDLpwar0YR5tUe0L8
PEcI+dRL6gpikcsW4ic6pIO2zw1CnDDWBYgsZiwnUwc7aqSh9UGE1kPe/mtCyqYL
wiBxk2SNfSLA0iRqnZhHU0ZopMop6eOH41Vb2CPFWTeWvm/0/jtmirLC8wIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFNH9NDbXoZpzQ/qADYegGvGD2jGLMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhjL2JjZDVl
OC01ZDFmLTQ2YjEtOTZiYy0zOWE2NmNiZTFlNGQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGMvYmNkNWU4
LTVkMWYtNDZiMS05NmJjLTM5YTY2Y2JlMWU0ZC8xLzBmMDBOdGVobW5ORC1vQU5o
NkFhOFlQYU1Zcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuQ3QMA0EAgACMAcDBQAqA6VAMA0GCSqGSIb3
DQEBCwUAA4IBAQCbDhUIBfyEE/tgtUrsv84XzLkOlKGdNJKbHHA8h363GFEkGQiQ
fT2lubXwKfryGsM55+V/m7Axax2sstvhxefaa9litggRH7SPr9X4C/eBM1dOAxTm
lopXJRqfh2+/tf+xx6+ViLbGxDcf3XhduKBo7OefjDwUJvL/dGS6BumPlkMW4d6I
8aYm5TpA1Pv1n1RBNSK4Kh78U0strp6uZ9AVX2tvHoGuKw1Q1y2/oUk07+Qkn4OV
5t3B7ae56YzHpYrnglQAAAmEe5iQsPEbz3YXg04euofr/y/O7Yzt+1B1zNss4Yby
7EZuUBrUeQXsB6VXHwFdwX9N7Wvp6W3WVUk4
-----END CERTIFICATE-----