Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3GkXZF2dIgQ1-Rx-RsgRDPiay-Q.cer
File:                     3GkXZF2dIgQ1-Rx-RsgRDPiay-Q.cer (raw, json)
Hash identifier:          +EhCAMYKAiykIHlzgaAD+IF39zAj4gsgPEC59fGwVdc=
Subject key identifier:   DC:69:17:64:5D:9D:22:04:35:F9:1C:7E:46:C8:11:0C:F8:9A:CB:E4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019423D6C3D7DA1436536D1A0BA38D231560
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/65/3544a7-d556-4701-957a-428be9008fba/1/3GkXZF2dIgQ1-Rx-RsgRDPiay-Q.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/65/3544a7-d556-4701-957a-428be9008fba/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 21:47:44 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 204661
                          IP: 185.172.224.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:c3:d7:da:14:36:53:6d:1a:0b:a3:8d:23:15:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 21:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc6917645d9d220435f91c7e46c8110cf89acbe4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:4a:66:90:5d:a7:e0:7f:80:c1:c0:c7:23:af:
                    c4:5b:12:39:05:38:bb:e8:b8:29:29:b5:4b:5f:8f:
                    2a:59:bd:38:52:26:4c:19:12:d9:8c:c9:d2:84:0a:
                    96:60:6a:e3:51:b9:2b:a3:5b:ac:92:2a:78:89:b1:
                    1f:0e:16:6c:37:cd:91:a9:88:82:6e:46:d2:1f:92:
                    a6:71:f4:16:cd:21:51:e5:78:7a:25:a0:09:24:af:
                    a6:3c:b5:8b:86:2b:90:2c:f8:ed:e0:2f:ca:a1:99:
                    9a:72:f4:68:2d:b7:f5:4d:7d:d8:ec:7e:3d:e1:2f:
                    c3:2d:16:00:2a:20:d4:d6:7d:75:e3:ce:45:78:b9:
                    ae:0b:ac:96:ae:b7:50:23:1b:82:54:28:26:0e:f3:
                    85:5d:b3:41:a4:47:90:43:07:c4:dd:08:f4:da:bb:
                    7b:90:48:49:1a:c3:92:4d:d8:b7:ea:fe:3f:16:a1:
                    0a:24:ef:e1:0b:07:83:08:a8:ba:cd:06:39:1c:ad:
                    e9:aa:c3:83:fa:05:a6:a3:a7:0d:1f:28:f5:35:f5:
                    d4:1d:cb:bd:d7:05:20:08:62:c8:5a:03:a0:69:f6:
                    1e:a8:b6:4a:23:a1:06:6b:fc:d5:0c:af:54:98:f6:
                    0d:74:b5:83:4d:30:db:34:78:c2:d8:26:e1:b1:d0:
                    31:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:69:17:64:5D:9D:22:04:35:F9:1C:7E:46:C8:11:0C:F8:9A:CB:E4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/3544a7-d556-4701-957a-428be9008fba/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/3544a7-d556-4701-957a-428be9008fba/1/3GkXZF2dIgQ1-Rx-RsgRDPiay-Q.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.224.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  204661

    Signature Algorithm: sha256WithRSAEncryption
         5a:3a:31:9f:f2:ec:95:82:42:b6:01:80:da:66:a0:a5:a9:d4:
         d8:3d:69:58:cf:df:d0:e9:6b:34:8b:10:a4:54:6f:c9:ac:15:
         af:dd:d5:f9:af:bf:e0:67:63:f2:98:26:01:35:a0:9e:9f:14:
         35:99:1a:71:30:22:d1:e6:ce:25:a4:74:1d:18:a4:a0:51:c0:
         f4:83:cf:e6:eb:d9:db:cc:c9:fc:1c:26:d4:31:9d:11:00:ad:
         ba:46:33:c6:fe:34:64:79:0d:16:14:62:15:19:db:55:a3:7c:
         19:ee:22:13:3f:41:41:9d:a2:3e:e2:a2:55:77:ef:2e:73:3b:
         ff:70:ba:e0:ea:75:a6:0e:11:d3:56:9d:46:0f:f3:7c:12:02:
         a7:46:4e:fe:81:61:22:db:81:a7:08:c9:98:04:ec:8d:a1:58:
         ba:22:52:68:e8:43:05:55:af:e0:30:a3:47:cf:14:98:5e:78:
         e4:f1:29:59:b0:a7:23:9b:6d:91:a1:7d:4c:2e:29:bb:ca:21:
         5c:24:2e:da:86:f4:b1:ff:05:05:30:ec:ad:e3:f9:41:4a:75:
         f2:da:6b:99:2e:b7:16:f5:3e:ab:a2:aa:86:c7:b6:78:e5:45:
         23:2c:71:09:5a:91:8d:ac:2d:79:e0:b9:ff:45:be:8f:55:83:
         ff:06:f9:08
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQj1sPX2hQ2U20aC6ONIxVgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMjE0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzY5MTc2NDVkOWQyMjA0MzVmOTFjN2U0NmM4MTEwY2Y4OWFjYmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0pmkF2n4H+AwcDHI6/EWxI5BTi7
6LgpKbVLX48qWb04UiZMGRLZjMnShAqWYGrjUbkro1uskip4ibEfDhZsN82RqYiC
bkbSH5KmcfQWzSFR5Xh6JaAJJK+mPLWLhiuQLPjt4C/KoZmacvRoLbf1TX3Y7H49
4S/DLRYAKiDU1n11485FeLmuC6yWrrdQIxuCVCgmDvOFXbNBpEeQQwfE3Qj02rt7
kEhJGsOSTdi36v4/FqEKJO/hCweDCKi6zQY5HK3pqsOD+gWmo6cNHyj1NfXUHcu9
1wUgCGLIWgOgafYeqLZKI6EGa/zVDK9UmPYNdLWDTTDbNHjC2CbhsdAxvwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFNxpF2RdnSIENfkcfkbIEQz4msvkMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzY1LzM1NDRh
Ny1kNTU2LTQ3MDEtOTU3YS00MjhiZTkwMDhmYmEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjUvMzU0NGE3
LWQ1NTYtNDcwMS05NTdhLTQyOGJlOTAwOGZiYS8xLzNHa1haRjJkSWdRMS1SeC1S
c2dSRFBpYXktUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCuazgMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMfdTANBgkqhkiG9w0BAQsFAAOCAQEAWjoxn/LslYJCtgGA2magpanU2D1pWM/f
0OlrNIsQpFRvyawVr93V+a+/4Gdj8pgmATWgnp8UNZkacTAi0ebOJaR0HRikoFHA
9IPP5uvZ28zJ/Bwm1DGdEQCtukYzxv40ZHkNFhRiFRnbVaN8Ge4iEz9BQZ2iPuKi
VXfvLnM7/3C64Op1pg4R01adRg/zfBICp0ZO/oFhItuBpwjJmATsjaFYuiJSaOhD
BVWv4DCjR88UmF545PEpWbCnI5ttkaF9TC4pu8ohXCQu2ob0sf8FBTDsreP5QUp1
8tprmS63FvU+q6Kqhse2eOVFIyxxCVqRjawteeC5/0W+j1WD/wb5CA==
-----END CERTIFICATE-----