Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1gTknpKDBavLjzLe8_78A-u83kQ.cer
File:                     1gTknpKDBavLjzLe8_78A-u83kQ.cer (raw, json)
Hash identifier:          KhwwEItUiycv0BSXosPIhbQ2qSqdemdi5Ens8lNILvI=
Subject key identifier:   D6:04:E4:9E:92:83:05:AB:CB:8F:32:DE:F3:FE:FC:03:EB:BC:DE:44
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942143ED681568D7814F9E41D85ECDA467
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/10/a830a2-0271-4de9-bc38-03c82157421a/1/1gTknpKDBavLjzLe8_78A-u83kQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/10/a830a2-0271-4de9-bc38-03c82157421a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 09:48:07 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 141.19.0.0/16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:ed:68:15:68:d7:81:4f:9e:41:d8:5e:cd:a4:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 09:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d604e49e928305abcb8f32def3fefc03ebbcde44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:b1:76:38:5b:2a:60:52:fa:2c:85:d4:07:4b:
                    20:dc:0b:1f:49:2c:a0:24:1e:a2:ce:50:47:a0:48:
                    f8:2c:74:4b:ff:c9:b9:81:11:c7:1c:2c:3c:53:a6:
                    52:16:be:34:3e:34:e6:b2:6b:1b:bd:a4:e4:30:2d:
                    5f:16:01:00:5c:8a:07:5e:40:24:9c:80:98:7e:a9:
                    69:09:fd:80:94:f8:16:a7:00:6c:53:c1:41:c8:da:
                    1a:75:ee:07:c7:53:88:70:9c:20:9f:0d:96:64:c4:
                    2c:89:ff:5e:8a:40:e5:95:21:53:a3:e4:a0:e4:00:
                    9b:c0:ef:b4:34:c4:f5:ec:76:08:f3:80:9e:0d:f1:
                    6d:54:0c:03:63:76:c2:fd:e6:9c:5d:60:a1:1d:31:
                    0f:13:19:71:98:b8:bd:43:90:5c:7a:1a:5a:6f:c5:
                    ef:dc:77:1a:bf:d9:78:b9:0e:82:35:e5:3f:fd:74:
                    85:37:3c:90:5f:24:dd:41:78:85:8b:6a:70:b0:8d:
                    ab:00:4d:d8:9e:37:3b:d3:f3:8b:41:95:24:57:54:
                    2c:11:94:39:7c:4f:6c:00:f2:fe:2f:e7:39:39:1a:
                    2b:eb:8b:a5:d2:d5:56:8c:11:64:67:02:7c:e3:ce:
                    cd:07:d0:9a:54:4c:2c:05:19:ea:1c:16:da:44:95:
                    09:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:04:E4:9E:92:83:05:AB:CB:8F:32:DE:F3:FE:FC:03:EB:BC:DE:44
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/a830a2-0271-4de9-bc38-03c82157421a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/a830a2-0271-4de9-bc38-03c82157421a/1/1gTknpKDBavLjzLe8_78A-u83kQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.19.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         08:77:66:50:4b:04:b7:6a:ae:a8:84:f6:bc:6f:4b:f7:54:cc:
         ce:a9:b3:47:bf:6b:1d:db:00:ef:b4:12:98:23:a3:47:70:e0:
         a6:2c:60:eb:1a:2f:61:ed:f4:c5:39:aa:f6:73:e4:b5:99:93:
         7e:f6:64:0c:28:71:d5:b3:b3:80:0e:01:82:3f:9e:44:ac:53:
         3e:3a:eb:65:7a:8a:ba:e6:d5:bc:ab:04:af:f2:83:50:ee:f0:
         53:33:0d:97:0e:bc:59:84:97:24:a3:d5:37:f3:72:17:fc:d2:
         47:68:89:fb:89:53:cb:f7:c3:7d:08:0f:19:76:4d:d7:fb:3e:
         c7:48:a3:57:4a:e7:63:f4:8f:0a:22:5d:05:b4:41:47:d2:fa:
         2d:ab:19:b1:2d:27:6f:12:b9:29:b2:60:33:7b:94:58:d4:c7:
         f1:62:db:92:f9:00:1b:f0:e8:9b:ff:a3:5d:c3:7b:ae:6f:70:
         6f:4a:91:95:4a:eb:96:f2:fe:74:91:1b:f4:ac:36:77:3d:90:
         f5:41:56:11:05:af:37:4e:03:17:c6:fa:93:d0:97:07:e9:c0:
         b4:df:c3:49:3b:c9:59:24:97:7c:ae:16:36:0f:f1:4c:f5:69:
         29:8e:24:2f:50:b8:c5:10:b3:ba:9c:64:89:c8:15:bc:ff:b1:
         f8:2d:7e:da
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAZQhQ+1oFWjXgU+eQdhezaRnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDk0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjA0ZTQ5ZTkyODMwNWFiY2I4ZjMyZGVmM2ZlZmMwM2ViYmNkZTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrF2OFsqYFL6LIXUB0sg3AsfSSyg
JB6izlBHoEj4LHRL/8m5gRHHHCw8U6ZSFr40PjTmsmsbvaTkMC1fFgEAXIoHXkAk
nICYfqlpCf2AlPgWpwBsU8FByNoade4Hx1OIcJwgnw2WZMQsif9eikDllSFTo+Sg
5ACbwO+0NMT17HYI84CeDfFtVAwDY3bC/eacXWChHTEPExlxmLi9Q5Bcehpab8Xv
3Hcav9l4uQ6CNeU//XSFNzyQXyTdQXiFi2pwsI2rAE3Ynjc70/OLQZUkV1QsEZQ5
fE9sAPL+L+c5ORor64ul0tVWjBFkZwJ8487NB9CaVEwsBRnqHBbaRJUJ5QIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFNYE5J6SgwWry48y3vP+/APrvN5EMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEwL2E4MzBh
Mi0wMjcxLTRkZTktYmMzOC0wM2M4MjE1NzQyMWEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTAvYTgzMGEy
LTAyNzEtNGRlOS1iYzM4LTAzYzgyMTU3NDIxYS8xLzFnVGtucEtEQmF2TGp6TGU4
Xzc4QS11ODNrUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUF
BwEHAQH/BA8wDTALBAIAATAFAwMAjRMwDQYJKoZIhvcNAQELBQADggEBAAh3ZlBL
BLdqrqiE9rxvS/dUzM6ps0e/ax3bAO+0Epgjo0dw4KYsYOsaL2Ht9MU5qvZz5LWZ
k372ZAwocdWzs4AOAYI/nkSsUz4662V6irrm1byrBK/yg1Du8FMzDZcOvFmElySj
1Tfzchf80kdoifuJU8v3w30IDxl2Tdf7PsdIo1dK52P0jwoiXQW0QUfS+i2rGbEt
J28SuSmyYDN7lFjUx/Fi25L5ABvw6Jv/o13De65vcG9KkZVK65by/nSRG/SsNnc9
kPVBVhEFrzdOAxfG+pPQlwfpwLTfw0k7yVkkl3yuFjYP8Uz1aSmOJC9QuMUQs7qc
ZInIFbz/sfgtfto=
-----END CERTIFICATE-----