Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1-Kc4IEBntzYX7H3yGMGyVuy29vU.cer
File:                     1-Kc4IEBntzYX7H3yGMGyVuy29vU.cer (raw, json)
Hash identifier:          lf9E16gkmmMSzWyoPvpN4eYYSTCA01X5OXjgLvDTAHY=
Subject key identifier:   F8:A7:38:20:40:67:B7:36:17:EC:7D:F2:18:C1:B2:56:EC:B6:F6:F5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019686ACB27863D459A5364F97D5A43DD65E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ac/48ef82-0992-4255-9964-49bcd384ceb0/1/1-Kc4IEBntzYX7H3yGMGyVuy29vU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ac/48ef82-0992-4255-9964-49bcd384ceb0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 30 Apr 2025 12:29:46 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.153.233.0/24
                          IP: 2a10:72c0::/32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 May 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:86:ac:b2:78:63:d4:59:a5:36:4f:97:d5:a4:3d:d6:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr 30 12:29:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8a738204067b73617ec7df218c1b256ecb6f6f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:9d:fa:48:c3:db:52:56:ce:31:78:39:3b:d9:
                    ac:96:7d:a9:52:16:16:b0:07:a2:b3:22:a8:08:65:
                    fb:1a:1a:4a:9a:57:1f:f4:28:66:cf:a9:29:05:f3:
                    b1:05:d9:f8:c5:4b:33:5c:81:a2:74:d7:87:eb:72:
                    82:c0:ac:4f:de:9a:25:44:f0:d1:25:68:a1:b9:91:
                    1f:73:04:e0:a0:43:35:5a:28:51:58:ff:c1:00:1a:
                    41:87:b2:35:23:35:63:cc:b4:83:ed:09:b1:24:a7:
                    86:25:4f:51:b5:56:24:ee:27:64:93:65:ea:1b:45:
                    9b:50:79:9a:63:29:83:5f:23:71:6b:08:53:c0:7c:
                    b6:3e:04:e4:5d:b1:00:3c:56:6a:e5:2a:56:90:d6:
                    2c:e0:45:30:24:40:0f:9e:03:01:34:45:fc:86:5c:
                    30:6b:24:ab:cb:7a:75:1f:bd:0e:a0:dc:2d:ae:e0:
                    00:56:66:2b:f6:28:03:a9:62:3d:14:cb:82:1d:cc:
                    94:40:dd:79:44:85:61:c4:f6:7d:42:f5:bc:87:a4:
                    e3:16:a5:12:5e:cc:da:2b:00:9c:06:d4:46:f9:92:
                    d2:c9:d7:6d:70:32:69:a0:2a:ce:0e:19:0e:7c:c1:
                    9e:c4:57:6a:f1:0e:f5:34:57:37:8b:4e:27:7c:16:
                    d2:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:A7:38:20:40:67:B7:36:17:EC:7D:F2:18:C1:B2:56:EC:B6:F6:F5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/48ef82-0992-4255-9964-49bcd384ceb0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/48ef82-0992-4255-9964-49bcd384ceb0/1/1-Kc4IEBntzYX7H3yGMGyVuy29vU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.153.233.0/24
                IPv6:
                  2a10:72c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         30:2f:16:76:93:02:b4:6c:0b:61:4c:ff:cd:27:0e:de:ed:3e:
         2a:56:29:8b:62:6e:cb:79:84:5a:0a:de:78:90:b8:03:a2:33:
         86:ff:c4:5c:67:4b:e1:65:12:7d:c6:62:b2:df:4a:90:54:9a:
         e0:46:77:a6:40:32:c9:2d:0f:57:84:9c:67:57:bc:b6:74:ce:
         b3:59:bb:6d:d9:58:1d:44:41:28:38:8c:f1:07:f7:b3:4b:4c:
         75:34:85:0a:38:15:24:19:7c:48:78:2d:89:ed:9d:f7:4c:cb:
         0d:d3:db:16:bd:5e:27:5f:c6:59:ef:89:c3:af:eb:b8:31:ba:
         1c:ba:0a:4a:15:e7:1d:74:a4:15:10:dc:cb:48:75:d5:5c:91:
         55:d8:12:c9:87:04:72:98:4f:2d:6f:26:06:31:29:3e:76:b5:
         05:47:80:f5:57:48:ca:84:17:16:21:e9:a9:7a:f1:70:df:af:
         c1:68:2e:d5:8d:1b:8f:34:42:5e:22:d7:71:31:90:fc:db:00:
         97:79:54:66:80:b2:94:4f:26:e6:fc:f2:c4:6a:86:ae:53:da:
         61:99:f7:f5:b0:0d:0d:9a:24:06:c4:a4:c1:9a:6d:f6:15:b6:
         0e:c7:8f:a7:b7:9f:56:6d:15:f7:61:97:8b:60:0b:c0:4c:7c:
         4a:92:90:06
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgISAZaGrLJ4Y9RZpTZPl9WkPdZeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNDMwMTIyOTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGE3MzgyMDQwNjdiNzM2MTdlYzdkZjIxOGMxYjI1NmVjYjZmNmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0p36SMPbUlbOMXg5O9msln2pUhYW
sAeisyKoCGX7GhpKmlcf9Chmz6kpBfOxBdn4xUszXIGidNeH63KCwKxP3polRPDR
JWihuZEfcwTgoEM1WihRWP/BABpBh7I1IzVjzLSD7QmxJKeGJU9RtVYk7idkk2Xq
G0WbUHmaYymDXyNxawhTwHy2PgTkXbEAPFZq5SpWkNYs4EUwJEAPngMBNEX8hlww
aySry3p1H70OoNwtruAAVmYr9igDqWI9FMuCHcyUQN15RIVhxPZ9QvW8h6TjFqUS
XszaKwCcBtRG+ZLSyddtcDJpoCrODhkOfMGexFdq8Q71NFc3i04nfBbSLQIDAQAB
o4IClDCCApAwHQYDVR0OBBYEFPinOCBAZ7c2F+x98hjBslbstvb1MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEkBggrBgEFBQcBCwSCARYwggESMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2FjLzQ4ZWY4
Mi0wOTkyLTQyNTUtOTk2NC00OWJjZDM4NGNlYjAvMS8wfQYIKwYBBQUHMAqGcXJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWMvNDhlZjgy
LTA5OTItNDI1NS05OTY0LTQ5YmNkMzg0Y2ViMC8xLzEtS2M0SUVCbnR6WVg3SDN5
R01HeVZ1eTI5dlUubWZ0MDIGCCsGAQUFBzANhiZodHRwczovL3JyZHAucmlwZS5u
ZXQvbm90aWZpY2F0aW9uLnhtbDBZBgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jw
a2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhD
MlFIVlYzZDVtay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAuBggrBgEF
BQcBBwEB/wQfMB0wDAQCAAEwBgMEALmZ6TANBAIAAjAHAwUAKhBywDANBgkqhkiG
9w0BAQsFAAOCAQEAMC8WdpMCtGwLYUz/zScO3u0+KlYpi2Juy3mEWgreeJC4A6Iz
hv/EXGdL4WUSfcZist9KkFSa4EZ3pkAyyS0PV4ScZ1e8tnTOs1m7bdlYHURBKDiM
8Qf3s0tMdTSFCjgVJBl8SHgtie2d90zLDdPbFr1eJ1/GWe+Jw6/ruDG6HLoKShXn
HXSkFRDcy0h11VyRVdgSyYcEcphPLW8mBjEpPna1BUeA9VdIyoQXFiHpqXrxcN+v
wWgu1Y0bjzRCXiLXcTGQ/NsAl3lUZoCylE8m5vzyxGqGrlPaYZn39bANDZokBsSk
wZpt9hW2DsePp7efVm0V92GXi2ALwEx8SpKQBg==
-----END CERTIFICATE-----