Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1IspGxb22WyArX0xKS9WDU-q6_A.cer
File:                     1IspGxb22WyArX0xKS9WDU-q6_A.cer (raw, json)
Hash identifier:          z0x4Jghrh5PdV46yndFnqKPUaKy8mK7yz0UhInd4r/g=
Subject key identifier:   D4:8B:29:1B:16:F6:D9:6C:80:AD:7D:31:29:2F:56:0D:4F:AA:EB:F0
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420D64FDFE04AABAFDC71AF9F67687319
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b8/1083e9-b9dd-4c82-9878-7f8bfac73977/1/1IspGxb22WyArX0xKS9WDU-q6_A.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b8/1083e9-b9dd-4c82-9878-7f8bfac73977/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 07:48:23 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 51327
                          IP: 193.104.56.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 15:28:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:4f:df:e0:4a:ab:af:dc:71:af:9f:67:68:73:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d48b291b16f6d96c80ad7d31292f560d4faaebf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:31:9b:e4:28:d0:49:e0:4a:e6:9c:18:92:11:
                    87:b0:f2:ae:53:97:6a:e4:6d:97:c6:81:30:7c:22:
                    a2:e1:57:6f:6e:95:18:19:cf:39:d4:a1:8f:c3:15:
                    9e:e1:32:2c:3b:85:2b:d3:e9:26:2e:c6:97:62:e9:
                    ff:2e:70:7e:4c:ab:e2:09:e2:ff:d5:36:b7:d9:d7:
                    2d:92:53:0e:47:c0:5f:86:ac:12:f7:41:53:f2:52:
                    30:5a:d9:fe:4a:e2:ca:d5:ee:63:1f:b1:71:84:bb:
                    30:3f:09:98:fd:67:6a:60:5a:4b:22:30:6b:d1:eb:
                    20:dd:97:1c:d4:be:00:7f:f1:04:7b:06:ab:48:b9:
                    a4:ee:f5:3d:81:22:d5:ab:2d:52:a9:73:10:ba:a6:
                    52:a7:c6:bc:07:bd:99:71:66:44:40:9d:3f:cf:d4:
                    ab:79:89:f6:74:8d:aa:a5:ba:9a:7b:26:fb:73:e0:
                    21:c1:f6:1b:f2:05:12:c3:5f:b8:f1:d1:cf:50:d3:
                    36:cc:3a:d5:eb:eb:cf:74:94:36:a9:5b:40:66:b7:
                    bd:2f:63:92:8e:cd:dc:00:09:32:79:ff:07:59:54:
                    fc:53:07:07:cb:ea:c9:87:0f:d7:2c:bc:22:7c:d4:
                    85:a1:9b:37:dc:2c:5d:ae:58:f2:74:f1:5d:1f:79:
                    47:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:8B:29:1B:16:F6:D9:6C:80:AD:7D:31:29:2F:56:0D:4F:AA:EB:F0
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/1083e9-b9dd-4c82-9878-7f8bfac73977/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/1083e9-b9dd-4c82-9878-7f8bfac73977/1/1IspGxb22WyArX0xKS9WDU-q6_A.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.56.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  51327

    Signature Algorithm: sha256WithRSAEncryption
         45:4c:fd:22:e3:43:d1:16:16:c4:08:14:a7:ce:7a:4e:7a:ab:
         a7:51:19:fd:d3:c8:f5:31:17:23:be:67:cd:36:df:68:5b:94:
         63:81:8c:dc:cd:ea:11:fb:ec:04:d3:f9:13:8d:57:8f:ac:ed:
         7a:9d:e6:ee:c3:c0:e7:55:b3:69:ca:8e:71:66:63:a0:10:be:
         4c:b8:a2:ee:48:72:84:86:5c:89:9d:0f:17:d5:41:ba:5b:77:
         32:d1:b0:d9:4d:d3:46:20:c8:2b:6e:a9:fc:3a:68:a9:13:01:
         6e:3e:19:90:ee:35:f9:5b:1f:bf:f2:d9:ae:c5:28:ff:6a:3e:
         12:3e:bb:18:d5:33:7c:14:f6:a3:7e:ec:b0:50:fa:11:33:e0:
         42:e7:87:8e:bf:e2:5b:b2:25:19:da:76:f3:11:bd:c9:d0:d7:
         71:87:a0:af:df:d9:aa:08:a6:6e:33:f2:0b:34:d0:97:45:f1:
         33:67:9d:63:b6:3a:0b:26:f8:50:78:ec:10:ca:d7:56:ac:f8:
         db:57:cc:ae:35:a9:ee:c1:b0:e3:dc:97:7b:87:7b:f9:94:65:
         fb:dd:73:33:df:5e:45:f6:f6:fa:d0:a4:f0:f1:82:1f:ac:01:
         84:6a:74:18:30:78:70:a7:20:f8:a9:33:33:8a:64:d3:1c:6d:
         d7:5c:15:de
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQg1k/f4Eqrr9xxr59naHMZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDc0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDhiMjkxYjE2ZjZkOTZjODBhZDdkMzEyOTJmNTYwZDRmYWFlYmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTGb5CjQSeBK5pwYkhGHsPKuU5dq
5G2XxoEwfCKi4VdvbpUYGc851KGPwxWe4TIsO4Ur0+kmLsaXYun/LnB+TKviCeL/
1Ta32dctklMOR8BfhqwS90FT8lIwWtn+SuLK1e5jH7FxhLswPwmY/WdqYFpLIjBr
0esg3Zcc1L4Af/EEewarSLmk7vU9gSLVqy1SqXMQuqZSp8a8B72ZcWZEQJ0/z9Sr
eYn2dI2qpbqaeyb7c+AhwfYb8gUSw1+48dHPUNM2zDrV6+vPdJQ2qVtAZre9L2OS
js3cAAkyef8HWVT8UwcHy+rJhw/XLLwifNSFoZs33CxdrljydPFdH3lHjwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFNSLKRsW9tlsgK19MSkvVg1PquvwMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2I4LzEwODNl
OS1iOWRkLTRjODItOTg3OC03ZjhiZmFjNzM5NzcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjgvMTA4M2U5
LWI5ZGQtNGM4Mi05ODc4LTdmOGJmYWM3Mzk3Ny8xLzFJc3BHeGIyMld5QXJYMHhL
UzlXRFUtcTZfQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwWg4MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDIfzANBgkqhkiG9w0BAQsFAAOCAQEARUz9IuND0RYWxAgUp856Tnqrp1EZ/dPI
9TEXI75nzTbfaFuUY4GM3M3qEfvsBNP5E41Xj6ztep3m7sPA51WzacqOcWZjoBC+
TLii7khyhIZciZ0PF9VBult3MtGw2U3TRiDIK26p/DpoqRMBbj4ZkO41+Vsfv/LZ
rsUo/2o+Ej67GNUzfBT2o37ssFD6ETPgQueHjr/iW7IlGdp28xG9ydDXcYegr9/Z
qgimbjPyCzTQl0XxM2edY7Y6Cyb4UHjsEMrXVqz421fMrjWp7sGw49yXe4d7+ZRl
+91zM99eRfb2+tCk8PGCH6wBhGp0GDB4cKcg+KkzM4pk0xxt11wV3g==
-----END CERTIFICATE-----