Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3uo-GspqXJ3D-Iw4J28JHrq84KQ.cer
File:                     3uo-GspqXJ3D-Iw4J28JHrq84KQ.cer (raw, json)
Hash identifier:          b8xSIA3LyI66g3j7ArNFLHRx8xv7LyJHb+miJTOkR3E=
Subject key identifier:   DE:EA:3E:1A:CA:6A:5C:9D:C3:F8:8C:38:27:6F:09:1E:BA:BC:E0:A4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0196EDB21DA39522CF94406471312ECBD379
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a5/2f5e74-bd5e-4679-852b-7bef0b4cc25e/1/3uo-GspqXJ3D-Iw4J28JHrq84KQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a5/2f5e74-bd5e-4679-852b-7bef0b4cc25e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 20 May 2025 12:36:35 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 20808
                          IP: 193.108.194.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:b2:1d:a3:95:22:cf:94:40:64:71:31:2e:cb:d3:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: May 20 12:36:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=deea3e1aca6a5c9dc3f88c38276f091ebabce0a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:89:62:4e:a2:49:16:af:ab:7a:a8:69:eb:25:
                    be:88:30:26:ec:4c:55:45:48:42:e3:3e:77:f8:39:
                    fd:23:7a:dc:9c:75:76:b0:1a:34:d2:35:2d:99:41:
                    ef:f8:4c:db:46:94:c4:84:f3:4c:20:ec:7c:e5:0a:
                    26:c4:ff:26:91:e3:77:37:57:b8:56:8c:64:33:35:
                    31:46:cb:a6:e4:15:15:54:ca:81:53:84:f8:d3:28:
                    fd:d2:f3:4c:d9:d7:e1:2e:4f:02:1e:e4:85:7b:14:
                    85:c7:12:a1:c1:83:f8:ec:0e:85:8c:10:a7:5e:02:
                    d2:f8:93:f8:17:23:5c:de:f5:de:32:e2:37:a1:46:
                    b5:bd:cd:60:12:c7:b1:78:7f:bf:f0:1a:87:9f:99:
                    05:bd:37:00:e8:64:b3:4d:0c:7c:12:b8:4e:24:4f:
                    25:4b:55:bd:1e:7e:c3:a3:28:2f:10:b6:22:a2:5f:
                    09:67:5b:0a:9f:9a:46:2b:3f:8f:2a:08:e9:b3:f3:
                    b7:65:31:cc:8e:cd:55:03:c6:b5:18:33:4d:c9:52:
                    48:2b:d4:b4:26:23:45:ec:fc:a4:2f:c0:04:eb:41:
                    ec:46:bd:67:ee:cd:59:f0:6f:ed:a5:e6:10:1a:56:
                    a2:96:f6:aa:3f:0e:e3:c5:2b:9f:55:04:e7:52:fb:
                    4c:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:EA:3E:1A:CA:6A:5C:9D:C3:F8:8C:38:27:6F:09:1E:BA:BC:E0:A4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/2f5e74-bd5e-4679-852b-7bef0b4cc25e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/2f5e74-bd5e-4679-852b-7bef0b4cc25e/1/3uo-GspqXJ3D-Iw4J28JHrq84KQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.194.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  20808

    Signature Algorithm: sha256WithRSAEncryption
         52:ec:4f:b3:b3:c2:d2:24:16:d6:f9:11:dd:07:e0:7c:97:7a:
         fe:e9:27:bf:29:0c:20:87:e2:a9:7c:ec:f2:98:48:7e:07:ff:
         1a:46:48:35:5f:1d:19:df:ed:53:42:8b:d8:50:4a:db:48:86:
         01:bb:e8:95:2c:a3:fd:ed:bf:9b:b8:f3:77:ef:d0:da:13:71:
         04:d8:82:4b:d6:f7:cd:ff:b9:15:cc:8f:19:86:4d:9d:12:87:
         25:26:78:13:ee:3a:99:35:9f:d0:5b:44:79:e1:84:30:a6:c4:
         fc:87:69:0e:9e:2c:2c:af:97:c5:b7:b2:a3:6b:1a:bf:a3:a4:
         3c:6f:7b:fa:de:48:7b:cc:3a:b4:e3:eb:5c:aa:f7:f2:3d:8a:
         75:b2:25:6c:c0:c1:5f:db:a5:93:1c:4f:9d:29:23:e1:2b:0c:
         fb:13:e2:f3:58:71:c0:8a:b6:68:90:80:18:1a:70:e1:85:6b:
         3b:37:fc:59:8e:a9:2d:7a:09:6e:ac:26:1c:d3:02:2c:f8:44:
         17:69:8c:af:40:5e:7d:5b:dd:b7:f4:70:b1:56:01:f0:08:f6:
         8b:5c:a0:45:38:50:20:de:bc:63:f7:10:e6:37:58:1c:6f:ca:
         46:59:ef:07:dc:de:27:fd:fa:75:26:c8:05:8d:69:34:82:57:
         45:99:db:58
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAZbtsh2jlSLPlEBkcTEuy9N5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNTIwMTIzNjM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWVhM2UxYWNhNmE1YzlkYzNmODhjMzgyNzZmMDkxZWJhYmNlMGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5YliTqJJFq+reqhp6yW+iDAm7ExV
RUhC4z53+Dn9I3rcnHV2sBo00jUtmUHv+EzbRpTEhPNMIOx85QomxP8mkeN3N1e4
VoxkMzUxRsum5BUVVMqBU4T40yj90vNM2dfhLk8CHuSFexSFxxKhwYP47A6FjBCn
XgLS+JP4FyNc3vXeMuI3oUa1vc1gEsexeH+/8BqHn5kFvTcA6GSzTQx8ErhOJE8l
S1W9Hn7DoygvELYiol8JZ1sKn5pGKz+PKgjps/O3ZTHMjs1VA8a1GDNNyVJIK9S0
JiNF7PykL8AE60HsRr1n7s1Z8G/tpeYQGlailvaqPw7jxSufVQTnUvtMSQIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFN7qPhrKalydw/iMOCdvCR66vOCkMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2E1LzJmNWU3
NC1iZDVlLTQ2NzktODUyYi03YmVmMGI0Y2MyNWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTUvMmY1ZTc0
LWJkNWUtNDY3OS04NTJiLTdiZWYwYjRjYzI1ZS8xLzN1by1Hc3BxWEozRC1JdzRK
MjhKSHJxODRLUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwWzCMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AlFIMA0GCSqGSIb3DQEBCwUAA4IBAQBS7E+zs8LSJBbW+RHdB+B8l3r+6Se/KQwg
h+KpfOzymEh+B/8aRkg1Xx0Z3+1TQovYUErbSIYBu+iVLKP97b+buPN379DaE3EE
2IJL1vfN/7kVzI8Zhk2dEoclJngT7jqZNZ/QW0R54YQwpsT8h2kOniwsr5fFt7Kj
axq/o6Q8b3v63kh7zDq04+tcqvfyPYp1siVswMFf26WTHE+dKSPhKwz7E+LzWHHA
irZokIAYGnDhhWs7N/xZjqkteglurCYc0wIs+EQXaYyvQF59W9239HCxVgHwCPaL
XKBFOFAg3rxj9xDmN1gcb8pGWe8H3N4n/fp1JsgFjWk0gldFmdtY
-----END CERTIFICATE-----