Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1-VsnwdVDrh7-g6FBvhJETpJBj_M.cer
File:                     1-VsnwdVDrh7-g6FBvhJETpJBj_M.cer (raw, json)
Hash identifier:          /L6of/ksgC+CHJwVukyxN9lAV8d1WxOnRjDE56vMW/M=
Subject key identifier:   F9:5B:27:C1:D5:43:AE:1E:FE:83:A1:41:BE:12:44:4E:92:41:8F:F3
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019421B1FAB71A4180CC7F1C88A52AD79EAE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/cb/ae8554-744a-42d9-b518-abad1ffb811c/1/1-VsnwdVDrh7-g6FBvhJETpJBj_M.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/cb/ae8554-744a-42d9-b518-abad1ffb811c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 11:48:19 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 194.121.26.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:fa:b7:1a:41:80:cc:7f:1c:88:a5:2a:d7:9e:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 11:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f95b27c1d543ae1efe83a141be12444e92418ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:5c:5f:98:2f:28:0b:3d:90:7d:a4:6c:d9:8d:
                    0c:c8:1b:31:a1:23:7f:2a:c9:e7:0f:5d:3b:2d:c2:
                    62:a3:59:58:d6:5a:e8:34:77:ad:90:06:14:26:e4:
                    d6:23:e3:49:3d:7c:3a:1e:3b:5c:57:88:0d:bc:24:
                    73:cd:4c:c4:6d:13:28:be:a5:da:7e:ec:9b:18:7b:
                    71:3e:bd:e1:e2:f6:13:98:6d:70:1b:23:eb:d0:3c:
                    15:86:db:d0:51:a5:73:96:0b:19:12:c4:de:83:49:
                    91:81:d4:90:03:32:37:10:17:12:9b:58:f9:c8:a7:
                    31:31:6a:d0:7b:2d:46:93:e0:ff:d7:bb:35:0b:6e:
                    e4:bc:21:3c:1f:f7:a3:2e:fd:54:0b:ab:8f:9d:f2:
                    f5:0c:be:26:eb:ca:56:6b:54:cf:94:3b:5a:2c:0a:
                    de:68:22:38:a2:e2:fb:fd:2c:85:f2:1a:4c:27:bf:
                    ea:1f:97:01:a3:7f:fe:7a:3a:8f:37:67:e1:18:3b:
                    fd:3d:ce:12:c1:49:f8:f3:dc:0b:0b:cc:10:14:d0:
                    b0:be:07:ca:de:b1:9b:6d:a3:be:7e:e7:31:6a:d5:
                    c0:13:15:73:fe:bf:53:25:85:a8:d4:ed:3d:6a:e2:
                    60:3b:7f:2a:a1:20:97:06:fc:45:22:7f:b7:db:94:
                    04:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:5B:27:C1:D5:43:AE:1E:FE:83:A1:41:BE:12:44:4E:92:41:8F:F3
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/ae8554-744a-42d9-b518-abad1ffb811c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/ae8554-744a-42d9-b518-abad1ffb811c/1/1-VsnwdVDrh7-g6FBvhJETpJBj_M.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.121.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:98:68:83:9b:89:c9:d7:43:18:7d:59:04:2f:5a:db:ef:a7:
         c9:67:85:9d:ba:20:06:bc:1c:09:c3:b0:9b:fa:ab:58:2b:f9:
         ff:29:15:b9:81:18:c5:a0:b3:4b:c8:0b:24:8e:69:17:cc:d7:
         a0:8a:1e:ab:50:bb:aa:1d:00:e9:b0:37:cc:82:ea:e6:be:7a:
         26:41:ec:4a:a5:be:5a:f2:4d:da:f1:c5:a7:d2:91:b3:39:e4:
         bb:84:97:f8:56:fb:37:ec:24:0f:df:b0:43:20:86:6a:3b:fd:
         69:06:4d:79:08:51:38:c3:f2:1c:05:8d:82:57:69:ef:4f:1e:
         ca:f3:d5:2f:4e:31:d4:b5:66:a0:af:b1:8f:5c:68:0e:f3:82:
         68:f8:61:20:6b:da:2e:1a:ff:b6:61:3e:aa:fa:f6:b8:a2:b0:
         a7:49:e3:74:ad:51:75:1d:7f:72:d1:b9:ce:99:82:84:05:a6:
         5c:54:2c:64:25:54:79:f4:0f:49:6e:29:7d:a2:19:88:2b:c7:
         25:de:e8:93:0d:e7:25:14:67:17:5a:6a:6e:9c:e8:d1:42:5a:
         f2:86:c0:dd:72:8e:9a:f4:c1:0f:47:f9:74:69:1e:2f:10:cc:
         4f:ef:a4:79:d4:f0:71:cf:a3:e7:60:ad:a8:ac:31:02:d4:f7:
         03:33:84:a0
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAZQhsfq3GkGAzH8ciKUq156uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTE0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTViMjdjMWQ1NDNhZTFlZmU4M2ExNDFiZTEyNDQ0ZTkyNDE4ZmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVxfmC8oCz2QfaRs2Y0MyBsxoSN/
KsnnD107LcJio1lY1lroNHetkAYUJuTWI+NJPXw6HjtcV4gNvCRzzUzEbRMovqXa
fuybGHtxPr3h4vYTmG1wGyPr0DwVhtvQUaVzlgsZEsTeg0mRgdSQAzI3EBcSm1j5
yKcxMWrQey1Gk+D/17s1C27kvCE8H/ejLv1UC6uPnfL1DL4m68pWa1TPlDtaLAre
aCI4ouL7/SyF8hpMJ7/qH5cBo3/+ejqPN2fhGDv9Pc4SwUn489wLC8wQFNCwvgfK
3rGbbaO+fucxatXAExVz/r9TJYWo1O09auJgO38qoSCXBvxFIn+325QEywIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFPlbJ8HVQ64e/oOhQb4SRE6SQY/zMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEkBggrBgEFBQcBCwSCARYwggESMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NiL2FlODU1
NC03NDRhLTQyZDktYjUxOC1hYmFkMWZmYjgxMWMvMS8wfQYIKwYBBQUHMAqGcXJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2IvYWU4NTU0
LTc0NGEtNDJkOS1iNTE4LWFiYWQxZmZiODExYy8xLzEtVnNud2RWRHJoNy1nNkZC
dmhKRVRwSkJqX00ubWZ0MDIGCCsGAQUFBzANhiZodHRwczovL3JyZHAucmlwZS5u
ZXQvbm90aWZpY2F0aW9uLnhtbDBZBgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jw
a2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhD
MlFIVlYzZDVtay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAMJ5GjANBgkqhkiG9w0BAQsFAAOCAQEAGZho
g5uJyddDGH1ZBC9a2++nyWeFnbogBrwcCcOwm/qrWCv5/ykVuYEYxaCzS8gLJI5p
F8zXoIoeq1C7qh0A6bA3zILq5r56JkHsSqW+WvJN2vHFp9KRsznku4SX+Fb7N+wk
D9+wQyCGajv9aQZNeQhROMPyHAWNgldp708eyvPVL04x1LVmoK+xj1xoDvOCaPhh
IGvaLhr/tmE+qvr2uKKwp0njdK1RdR1/ctG5zpmChAWmXFQsZCVUefQPSW4pfaIZ
iCvHJd7okw3nJRRnF1pqbpzo0UJa8obA3XKOmvTBD0f5dGkeLxDMT++kedTwcc+j
52CtqKwxAtT3AzOEoA==
-----END CERTIFICATE-----