Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53OfCEQuIkRmIbiaV2ObNUK6NNw.cer
File:                     53OfCEQuIkRmIbiaV2ObNUK6NNw.cer (raw, json)
Hash identifier:          cvEwg4Ylppxz5GnxQGkNEwynyJKn17yTFLHIf+gFT9w=
Subject key identifier:   E7:73:9F:08:44:2E:22:44:66:21:B8:9A:57:63:9B:35:42:BA:34:DC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194252154F47CF9104C5B4DEDE219AFC4A8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/02/e20d59-4454-4ec8-9677-5f2bf22e189d/1/53OfCEQuIkRmIbiaV2ObNUK6NNw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/02/e20d59-4454-4ec8-9677-5f2bf22e189d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 03:48:49 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 194.5.62.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:54:f4:7c:f9:10:4c:5b:4d:ed:e2:19:af:c4:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 03:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7739f08442e22446621b89a57639b3542ba34dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:7e:87:59:73:62:92:55:56:fe:ac:17:8e:61:
                    91:a8:14:e5:cc:71:59:91:cc:b8:1b:c9:7b:26:52:
                    32:dc:14:7d:5d:53:49:de:77:26:8e:11:3e:f4:a8:
                    7b:e3:96:5e:69:87:70:74:be:3e:59:7d:f5:a2:4f:
                    74:11:ce:d5:ec:65:a5:5d:df:e9:9e:e9:9e:f5:a0:
                    d4:94:a7:b0:d3:0c:db:5b:02:14:14:38:6a:0d:30:
                    34:ea:44:e8:15:19:95:ef:28:71:b2:3e:e7:03:24:
                    67:73:a3:19:3d:0c:50:26:dd:62:a3:7a:ec:21:b6:
                    d0:ba:e7:b4:a7:71:06:21:33:7d:76:a2:5e:3c:a3:
                    22:f9:09:06:ba:41:8d:b3:00:a5:dc:0b:8e:ad:e7:
                    ad:36:3a:8b:6e:cd:3e:cf:82:23:f6:75:d6:00:2e:
                    c2:e1:09:de:d6:a9:d7:19:60:f4:c0:42:99:8e:ac:
                    78:24:64:29:99:a9:f8:05:81:fc:3c:c1:e6:4a:d3:
                    7f:2b:81:f2:ff:5a:9c:d5:09:38:bd:25:d2:66:7b:
                    57:79:24:d2:3c:0d:6a:b1:8b:16:5d:be:4a:a2:95:
                    68:b1:53:04:a6:50:e2:49:ba:05:ec:2e:9d:54:86:
                    7d:3d:2b:41:13:b9:17:ac:4a:f4:1b:54:50:4b:f9:
                    9c:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:73:9F:08:44:2E:22:44:66:21:B8:9A:57:63:9B:35:42:BA:34:DC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/e20d59-4454-4ec8-9677-5f2bf22e189d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/e20d59-4454-4ec8-9677-5f2bf22e189d/1/53OfCEQuIkRmIbiaV2ObNUK6NNw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:e8:f4:4a:f8:24:52:62:2a:a9:f4:d1:70:22:8e:d9:fe:ef:
         57:40:e8:a4:6f:d4:8b:f3:81:b7:14:03:8e:72:a7:5a:c0:39:
         8c:c9:46:11:37:cd:d9:a6:48:aa:52:cc:94:86:9b:1b:08:8d:
         4c:33:a7:76:37:53:f6:cf:3d:f2:36:3f:f0:79:5a:1d:ac:a0:
         98:66:2d:dd:d6:2e:03:0e:a1:1c:0e:e5:e4:b2:39:e3:fe:1b:
         ed:9b:e5:d3:c8:d9:e0:33:f2:cd:1e:d7:41:f2:3f:3c:10:e9:
         84:3c:2f:fa:e4:b4:e3:22:db:63:5d:87:7c:95:db:1b:b8:b6:
         0c:83:b0:57:06:fd:36:e8:e5:24:79:e2:aa:bc:77:2b:ad:87:
         3c:1f:1b:50:d8:b3:a1:55:a6:bd:68:35:36:fd:be:5b:dc:ae:
         8c:53:05:c5:71:76:70:80:ef:91:5f:f4:73:bf:83:25:09:ca:
         63:19:2d:63:22:1d:4f:fd:c5:ef:57:eb:f9:af:e6:c3:de:32:
         f8:33:b3:75:18:d6:58:88:f3:6c:e9:61:48:b5:e6:fd:f5:17:
         7f:b5:60:37:a7:88:16:cc:fb:8f:db:54:eb:6b:4b:96:7a:04:
         27:03:b5:20:e5:f2:ac:d0:82:5a:82:f3:6d:74:2c:c2:95:51:
         2b:08:b1:d3
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQlIVT0fPkQTFtN7eIZr8SoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDM0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzczOWYwODQ0MmUyMjQ0NjYyMWI4OWE1NzYzOWIzNTQyYmEzNGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApn6HWXNiklVW/qwXjmGRqBTlzHFZ
kcy4G8l7JlIy3BR9XVNJ3ncmjhE+9Kh745ZeaYdwdL4+WX31ok90Ec7V7GWlXd/p
nume9aDUlKew0wzbWwIUFDhqDTA06kToFRmV7yhxsj7nAyRnc6MZPQxQJt1io3rs
IbbQuue0p3EGITN9dqJePKMi+QkGukGNswCl3AuOreetNjqLbs0+z4Ij9nXWAC7C
4Qne1qnXGWD0wEKZjqx4JGQpman4BYH8PMHmStN/K4Hy/1qc1Qk4vSXSZntXeSTS
PA1qsYsWXb5KopVosVMEplDiSboF7C6dVIZ9PStBE7kXrEr0G1RQS/mc3QIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFOdznwhELiJEZiG4mldjmzVCujTcMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzAyL2UyMGQ1
OS00NDU0LTRlYzgtOTY3Ny01ZjJiZjIyZTE4OWQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDIvZTIwZDU5
LTQ0NTQtNGVjOC05Njc3LTVmMmJmMjJlMTg5ZC8xLzUzT2ZDRVF1SWtSbUliaWFW
Mk9iTlVLNk5Ody5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwgU+MA0GCSqGSIb3DQEBCwUAA4IBAQA36PRK
+CRSYiqp9NFwIo7Z/u9XQOikb9SL84G3FAOOcqdawDmMyUYRN83ZpkiqUsyUhpsb
CI1MM6d2N1P2zz3yNj/weVodrKCYZi3d1i4DDqEcDuXksjnj/hvtm+XTyNngM/LN
HtdB8j88EOmEPC/65LTjIttjXYd8ldsbuLYMg7BXBv026OUkeeKqvHcrrYc8HxtQ
2LOhVaa9aDU2/b5b3K6MUwXFcXZwgO+RX/Rzv4MlCcpjGS1jIh1P/cXvV+v5r+bD
3jL4M7N1GNZYiPNs6WFIteb99Rd/tWA3p4gWzPuP21Tra0uWegQnA7Ug5fKs0IJa
gvNtdCzClVErCLHT
-----END CERTIFICATE-----