Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2Uhvf-TrbZSbgAe05BmM4ch4MC4.cer
File:                     2Uhvf-TrbZSbgAe05BmM4ch4MC4.cer (raw, json)
Hash identifier:          WHmGlOp+sz9v8YTMDq/Y7Lrv8KXxHywxAyoiUaOuW3c=
Subject key identifier:   D9:48:6F:7F:E4:EB:6D:94:9B:80:07:B4:E4:19:8C:E1:C8:78:30:2E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194252156B6BC1BBDE6138F7E1DFF6859D6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7e/d042d2-61d2-434d-8e5b-886c416b9051/1/2Uhvf-TrbZSbgAe05BmM4ch4MC4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7e/d042d2-61d2-434d-8e5b-886c416b9051/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 03:48:49 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 211592
                          IP: 185.254.166.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:56:b6:bc:1b:bd:e6:13:8f:7e:1d:ff:68:59:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 03:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9486f7fe4eb6d949b8007b4e4198ce1c878302e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:4d:94:57:4b:17:19:cf:b3:fc:58:2c:dd:a0:
                    7c:8a:e7:3e:d9:6f:9f:d4:8a:58:bc:ba:35:3f:a1:
                    f2:0f:f8:9f:24:21:88:bb:21:d7:42:04:db:8e:e5:
                    6f:14:e5:2c:6b:42:47:b9:57:a8:77:79:90:d3:6e:
                    98:b4:d8:04:2f:d4:8a:2a:96:ff:77:a2:55:25:d4:
                    78:2c:b2:0f:df:23:f4:71:2d:6e:e9:dc:f7:39:32:
                    27:a9:88:3d:4c:b3:e0:eb:e5:87:b9:1d:9b:99:7d:
                    36:b9:6d:b9:00:d7:47:68:a9:c3:1d:f5:4c:61:02:
                    7a:d9:2b:1c:b7:2f:2e:7f:53:89:84:9d:0c:86:4d:
                    ff:d6:29:18:32:2c:23:c0:99:e4:48:ae:81:3b:f6:
                    a0:45:3c:ac:34:4c:86:f8:ac:b1:5d:b6:f1:cd:a1:
                    2e:38:31:7f:07:49:39:ee:8b:dc:44:f5:a2:f3:93:
                    53:21:b8:c3:01:77:5f:0a:19:a3:ea:e4:f7:93:8c:
                    a3:8c:e1:a3:04:da:32:49:dd:ef:38:44:cf:f6:8d:
                    80:2c:5c:29:aa:89:95:b1:14:25:bf:88:b7:52:cb:
                    7f:99:31:be:7c:13:67:51:11:db:e1:a5:1d:c3:28:
                    b6:ce:2d:ff:f2:5a:da:5f:93:a9:c8:82:6f:4b:c3:
                    3f:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:48:6F:7F:E4:EB:6D:94:9B:80:07:B4:E4:19:8C:E1:C8:78:30:2E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/d042d2-61d2-434d-8e5b-886c416b9051/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/d042d2-61d2-434d-8e5b-886c416b9051/1/2Uhvf-TrbZSbgAe05BmM4ch4MC4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.166.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  211592

    Signature Algorithm: sha256WithRSAEncryption
         30:e3:43:ff:41:c1:d5:35:b9:34:49:d6:90:2d:9b:79:5a:88:
         56:55:f8:59:ab:93:75:19:c2:15:78:ca:ce:3e:36:45:23:35:
         4f:92:5b:f1:59:b6:79:2b:30:05:30:59:ea:bf:fd:c2:3c:7d:
         bc:30:d3:91:84:1e:71:2b:87:ae:0c:fb:9f:f3:07:b0:be:69:
         03:d7:c2:27:a2:34:59:2c:40:5c:db:7b:a2:3a:d7:78:f8:80:
         34:89:18:e5:f8:dd:56:ae:94:1d:f6:65:48:ff:b9:16:e7:ed:
         a8:7f:54:9f:e9:a0:eb:e3:e9:49:0d:01:ed:c7:cd:00:88:84:
         51:e1:2e:e3:8a:2a:3e:c6:26:63:4f:40:18:8d:85:f6:0e:c9:
         20:1c:61:4e:4b:f1:e4:26:35:ee:90:c9:25:95:d0:df:ab:6c:
         95:03:bb:d9:37:48:18:95:36:38:4a:d1:92:73:e5:47:ab:e2:
         d2:53:82:11:10:1f:d4:45:06:76:50:bc:a7:c1:03:cb:5e:11:
         bb:89:b4:4c:02:ae:f5:d7:08:3b:8d:d3:2a:3f:4f:65:5b:01:
         fd:63:b3:f8:85:6c:e5:ae:b7:a0:61:16:8a:98:a7:0a:00:5c:
         3b:fa:eb:14:c1:31:ea:c9:32:2f:24:b0:c8:73:cf:b3:1c:7d:
         7d:49:95:7a
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQlIVa2vBu95hOPfh3/aFnWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDM0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTQ4NmY3ZmU0ZWI2ZDk0OWI4MDA3YjRlNDE5OGNlMWM4NzgzMDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp02UV0sXGc+z/Fgs3aB8iuc+2W+f
1IpYvLo1P6HyD/ifJCGIuyHXQgTbjuVvFOUsa0JHuVeod3mQ026YtNgEL9SKKpb/
d6JVJdR4LLIP3yP0cS1u6dz3OTInqYg9TLPg6+WHuR2bmX02uW25ANdHaKnDHfVM
YQJ62Sscty8uf1OJhJ0Mhk3/1ikYMiwjwJnkSK6BO/agRTysNEyG+KyxXbbxzaEu
ODF/B0k57ovcRPWi85NTIbjDAXdfChmj6uT3k4yjjOGjBNoySd3vOETP9o2ALFwp
qomVsRQlv4i3Ust/mTG+fBNnURHb4aUdwyi2zi3/8lraX5OpyIJvS8M/RQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFNlIb3/k622Um4AHtOQZjOHIeDAuMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdlL2QwNDJk
Mi02MWQyLTQzNGQtOGU1Yi04ODZjNDE2YjkwNTEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2UvZDA0MmQy
LTYxZDItNDM0ZC04ZTViLTg4NmM0MTZiOTA1MS8xLzJVaHZmLVRyYlpTYmdBZTA1
Qm1NNGNoNE1DNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAuf6mMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwM6iDANBgkqhkiG9w0BAQsFAAOCAQEAMOND/0HB1TW5NEnWkC2beVqIVlX4WauT
dRnCFXjKzj42RSM1T5Jb8Vm2eSswBTBZ6r/9wjx9vDDTkYQecSuHrgz7n/MHsL5p
A9fCJ6I0WSxAXNt7ojrXePiANIkY5fjdVq6UHfZlSP+5FuftqH9Un+mg6+PpSQ0B
7cfNAIiEUeEu44oqPsYmY09AGI2F9g7JIBxhTkvx5CY17pDJJZXQ36tslQO72TdI
GJU2OErRknPlR6vi0lOCERAf1EUGdlC8p8EDy14Ru4m0TAKu9dcIO43TKj9PZVsB
/WOz+IVs5a63oGEWipinCgBcO/rrFMEx6skyLySwyHPPsxx9fUmVeg==
-----END CERTIFICATE-----