Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1GLs5UdXKt7KGp_wV-C6jq6MXV4.cer
File:                     1GLs5UdXKt7KGp_wV-C6jq6MXV4.cer (raw, json)
Hash identifier:          KVhGLq/kWJR5B3avd2lKOHUfUDsilUcoRn7OG0m+I7M=
Subject key identifier:   D4:62:EC:E5:47:57:2A:DE:CA:1A:9F:F0:57:E0:BA:8E:AE:8C:5D:5E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01947B016A9845738C1EB46C8F39975C4CC0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f4/8a9417-bc28-4a02-a92f-a408bba735ee/1/1GLs5UdXKt7KGp_wV-C6jq6MXV4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f4/8a9417-bc28-4a02-a92f-a408bba735ee/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sat 18 Jan 2025 20:01:17 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 2a01:f700::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:7b:01:6a:98:45:73:8c:1e:b4:6c:8f:39:97:5c:4c:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 18 20:01:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d462ece547572adeca1a9ff057e0ba8eae8c5d5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:48:d0:92:3b:1a:89:85:8b:cd:36:0b:4b:b7:
                    f8:cb:1c:90:2d:aa:c8:14:30:7e:cc:59:60:f7:0d:
                    ba:70:c2:8c:c1:f7:a9:ca:7e:1f:86:2b:12:54:24:
                    89:08:53:12:49:b0:5a:61:dd:9f:02:dd:2c:0c:0e:
                    b8:b3:44:c2:a9:77:0f:ca:53:74:d1:e7:8c:ca:f4:
                    4a:18:fe:47:43:e9:d2:9d:a3:e9:ee:50:12:c2:64:
                    12:b6:03:57:1e:ce:1d:84:32:1e:7a:87:5e:c3:9c:
                    df:ff:81:b9:a2:83:57:d9:69:7a:f9:d4:87:0d:37:
                    e1:e4:02:1d:9a:b5:31:d1:1d:52:98:39:74:eb:6f:
                    81:78:89:f0:2c:ec:fd:13:96:7b:e7:64:30:1e:7a:
                    a7:91:98:89:bc:b1:a5:b2:0a:d5:62:b9:27:b6:92:
                    cd:8d:cf:be:be:ad:06:a5:3d:aa:76:39:f7:42:f5:
                    5e:a4:52:5f:be:a9:2b:4a:91:af:fb:f7:04:48:49:
                    6d:83:90:e0:46:d2:6b:03:c6:d2:84:c9:62:57:a5:
                    fe:4d:56:6b:87:51:29:36:7c:33:7e:67:dd:e6:f3:
                    21:c9:5b:b1:94:f3:41:84:78:10:63:1e:42:cd:aa:
                    5d:ed:68:05:39:a8:ae:d7:27:bb:c5:43:a8:50:7f:
                    f5:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:62:EC:E5:47:57:2A:DE:CA:1A:9F:F0:57:E0:BA:8E:AE:8C:5D:5E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/8a9417-bc28-4a02-a92f-a408bba735ee/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/8a9417-bc28-4a02-a92f-a408bba735ee/1/1GLs5UdXKt7KGp_wV-C6jq6MXV4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f700::/29

    Signature Algorithm: sha256WithRSAEncryption
         83:83:56:22:ce:8a:61:9d:4a:07:a2:81:a3:26:08:9f:4e:c2:
         f3:26:c7:d4:a7:da:ac:98:23:b4:94:93:41:f1:5e:ce:6e:1c:
         fe:73:61:97:4c:49:32:04:9a:bd:36:37:44:35:f4:13:f1:9b:
         60:7c:35:43:33:6e:85:a7:e5:c9:42:f0:05:23:25:22:b2:7a:
         5e:39:93:d2:a1:d6:c5:06:88:5a:38:ad:a7:ed:94:d6:88:b5:
         9b:d7:79:07:d3:ca:08:4e:8c:87:e4:b2:6d:c3:cf:6e:17:b5:
         ec:b0:a9:e1:2f:fb:e9:f5:b8:18:9b:9d:7e:db:82:de:81:62:
         1d:80:f2:83:13:f1:10:60:67:c5:09:e1:a7:ba:e0:e6:2b:ae:
         c1:db:d4:72:51:c0:8c:01:27:15:fa:a3:f3:35:57:03:5e:9d:
         46:a9:d7:d0:6b:cc:61:eb:27:d6:e2:79:1d:21:c1:7a:31:17:
         48:f2:d1:57:3f:91:d5:c5:02:98:f4:d5:95:ac:9f:b8:0c:3a:
         39:a7:b6:49:1b:29:28:48:c1:89:a4:6a:cc:16:d3:43:c7:b0:
         4a:3b:c2:34:5d:9c:b4:a9:cd:dd:e1:bd:0b:83:b7:63:06:9f:
         68:3d:9b:c7:0f:8b:62:91:9f:b8:4a:98:10:0f:64:16:9a:e7:
         d8:60:86:0b
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAZR7AWqYRXOMHrRsjzmXXEzAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTE4MjAwMTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDYyZWNlNTQ3NTcyYWRlY2ExYTlmZjA1N2UwYmE4ZWFlOGM1ZDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAikjQkjsaiYWLzTYLS7f4yxyQLarI
FDB+zFlg9w26cMKMwfepyn4fhisSVCSJCFMSSbBaYd2fAt0sDA64s0TCqXcPylN0
0eeMyvRKGP5HQ+nSnaPp7lASwmQStgNXHs4dhDIeeodew5zf/4G5ooNX2Wl6+dSH
DTfh5AIdmrUx0R1SmDl062+BeInwLOz9E5Z752QwHnqnkZiJvLGlsgrVYrkntpLN
jc++vq0GpT2qdjn3QvVepFJfvqkrSpGv+/cESEltg5DgRtJrA8bShMliV6X+TVZr
h1EpNnwzfmfd5vMhyVuxlPNBhHgQYx5Czapd7WgFOaiu1ye7xUOoUH/1FQIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFNRi7OVHVyreyhqf8Ffguo6ujF1eMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y0LzhhOTQx
Ny1iYzI4LTRhMDItYTkyZi1hNDA4YmJhNzM1ZWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjQvOGE5NDE3
LWJjMjgtNGEwMi1hOTJmLWE0MDhiYmE3MzVlZS8xLzFHTHM1VWRYS3Q3S0dwX3dW
LUM2anE2TVhWNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUDKgH3ADANBgkqhkiG9w0BAQsFAAOCAQEAg4NW
Is6KYZ1KB6KBoyYIn07C8ybH1KfarJgjtJSTQfFezm4c/nNhl0xJMgSavTY3RDX0
E/GbYHw1QzNuhaflyULwBSMlIrJ6XjmT0qHWxQaIWjitp+2U1oi1m9d5B9PKCE6M
h+SybcPPbhe17LCp4S/76fW4GJudftuC3oFiHYDygxPxEGBnxQnhp7rg5iuuwdvU
clHAjAEnFfqj8zVXA16dRqnX0GvMYesn1uJ5HSHBejEXSPLRVz+R1cUCmPTVlayf
uAw6Oae2SRspKEjBiaRqzBbTQ8ewSjvCNF2ctKnN3eG9C4O3YwafaD2bxw+LYpGf
uEqYEA9kFprn2GCGCw==
-----END CERTIFICATE-----