Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1zZ_wk0AT3HdKu8D-ctPLj-Qhqo.cer
File:                     1zZ_wk0AT3HdKu8D-ctPLj-Qhqo.cer (raw, json)
Hash identifier:          4jxhqJHZTUfR52ibYWx6nMW9hnbrISBP1NL/EP3RMSs=
Subject key identifier:   D7:36:7F:C2:4D:00:4F:71:DD:2A:EF:03:F9:CB:4F:2E:3F:90:86:AA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194266AE913C5CD849BE4819296940B3638
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a1/d8c6b8-d14a-47d9-a054-b9c794e03cba/1/1zZ_wk0AT3HdKu8D-ctPLj-Qhqo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a1/d8c6b8-d14a-47d9-a054-b9c794e03cba/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 09:48:48 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 91.236.193.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:e9:13:c5:cd:84:9b:e4:81:92:96:94:0b:36:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 09:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7367fc24d004f71dd2aef03f9cb4f2e3f9086aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a1:f4:91:a5:9b:2e:98:fa:f4:e6:59:bb:4d:
                    0a:a2:9a:39:f9:eb:fe:06:e2:f3:0c:49:eb:83:f7:
                    7f:ac:6b:00:be:df:99:72:66:6b:f0:07:4e:b2:2f:
                    fd:17:18:68:78:38:57:6b:c0:d5:bb:92:25:f2:b7:
                    19:ed:0d:db:ee:ea:bd:29:e5:27:d2:5a:ab:66:1b:
                    c5:3c:b2:ab:05:e0:be:96:8d:0c:ed:d9:dc:33:cd:
                    51:3d:1e:d9:76:c4:72:af:8d:f7:8e:d5:4c:43:cd:
                    15:51:28:6b:de:1f:4f:19:2b:d9:3c:0b:3f:d1:83:
                    95:c0:70:36:c4:17:32:a5:f2:2c:06:33:0f:d0:74:
                    5a:dd:5b:fb:30:37:ee:95:d5:d2:05:fe:41:e0:b4:
                    c2:80:4f:8f:8b:5a:4a:9e:ff:64:bd:85:03:e0:43:
                    e3:68:10:05:10:70:1b:f1:60:23:cf:ec:c7:dc:1e:
                    e2:1c:6a:a1:ac:be:d7:ea:6c:56:bf:95:76:c9:7f:
                    5f:c8:7f:26:de:87:8a:ee:93:e3:92:21:7a:4a:2a:
                    3b:7d:34:35:09:d7:f2:b3:11:52:c7:a9:76:58:b5:
                    d7:2b:c6:0d:1c:d1:ec:92:d8:2e:52:b1:05:f3:d7:
                    98:67:d0:b6:0e:33:d2:f8:3e:2c:c4:1f:e3:35:6b:
                    9d:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:36:7F:C2:4D:00:4F:71:DD:2A:EF:03:F9:CB:4F:2E:3F:90:86:AA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/d8c6b8-d14a-47d9-a054-b9c794e03cba/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/d8c6b8-d14a-47d9-a054-b9c794e03cba/1/1zZ_wk0AT3HdKu8D-ctPLj-Qhqo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:b2:71:07:79:3d:ef:13:83:1a:5a:e0:44:bf:29:33:cb:13:
         4c:86:0e:89:a1:98:8a:b8:01:04:6c:dd:da:ef:df:d2:bb:dc:
         18:60:c5:77:97:20:b7:b1:30:66:ce:60:38:82:48:dc:b3:66:
         ed:89:c1:bb:23:c6:65:d6:1d:5a:13:91:88:86:4b:ea:0d:49:
         27:a8:53:3f:05:be:0a:2a:43:ca:f6:8b:2d:14:4f:4a:ba:4c:
         b7:3d:8f:a5:29:59:28:08:40:e7:29:db:60:61:35:c3:a4:4a:
         2e:71:26:70:e8:2d:a9:fe:03:06:7c:6e:20:84:2f:46:eb:70:
         19:dc:c7:94:00:bc:dc:38:c8:e1:24:03:b2:95:a9:fd:67:f6:
         46:0b:9e:df:f8:4b:77:a6:73:02:3b:39:d5:f7:c4:29:45:46:
         72:af:ee:ef:e1:c9:cf:42:ae:37:87:47:b0:91:2d:bd:e3:63:
         30:47:7f:b6:04:ef:39:e7:78:76:3a:78:9b:77:c9:f0:96:35:
         24:9a:08:8d:e0:2d:ad:04:c7:2c:89:9e:fd:87:46:e2:fe:f0:
         e6:23:65:78:b2:0a:87:98:9b:06:e6:4d:24:e8:fe:a5:91:ef:
         63:ca:4d:d3:df:c9:df:2b:81:6f:66:c3:0f:89:ab:68:85:fc:
         ee:da:53:ed
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQmaukTxc2Em+SBkpaUCzY4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDk0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzM2N2ZjMjRkMDA0ZjcxZGQyYWVmMDNmOWNiNGYyZTNmOTA4NmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKH0kaWbLpj69OZZu00Kopo5+ev+
BuLzDEnrg/d/rGsAvt+ZcmZr8AdOsi/9FxhoeDhXa8DVu5Il8rcZ7Q3b7uq9KeUn
0lqrZhvFPLKrBeC+lo0M7dncM81RPR7ZdsRyr433jtVMQ80VUShr3h9PGSvZPAs/
0YOVwHA2xBcypfIsBjMP0HRa3Vv7MDfuldXSBf5B4LTCgE+Pi1pKnv9kvYUD4EPj
aBAFEHAb8WAjz+zH3B7iHGqhrL7X6mxWv5V2yX9fyH8m3oeK7pPjkiF6Sio7fTQ1
CdfysxFSx6l2WLXXK8YNHNHsktguUrEF89eYZ9C2DjPS+D4sxB/jNWudewIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFNc2f8JNAE9x3SrvA/nLTy4/kIaqMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ExL2Q4YzZi
OC1kMTRhLTQ3ZDktYTA1NC1iOWM3OTRlMDNjYmEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTEvZDhjNmI4
LWQxNGEtNDdkOS1hMDU0LWI5Yzc5NGUwM2NiYS8xLzF6Wl93azBBVDNIZEt1OEQt
Y3RQTGotUWhxby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW+zBMA0GCSqGSIb3DQEBCwUAA4IBAQAQsnEH
eT3vE4MaWuBEvykzyxNMhg6JoZiKuAEEbN3a79/Su9wYYMV3lyC3sTBmzmA4gkjc
s2bticG7I8Zl1h1aE5GIhkvqDUknqFM/Bb4KKkPK9ostFE9Kuky3PY+lKVkoCEDn
KdtgYTXDpEoucSZw6C2p/gMGfG4ghC9G63AZ3MeUALzcOMjhJAOylan9Z/ZGC57f
+Et3pnMCOznV98QpRUZyr+7v4cnPQq43h0ewkS2942MwR3+2BO8553h2Onibd8nw
ljUkmgiN4C2tBMcsiZ79h0bi/vDmI2V4sgqHmJsG5k0k6P6lke9jyk3T38nfK4Fv
ZsMPiatohfzu2lPt
-----END CERTIFICATE-----