Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5PFY7_xrOIKiWQweaQasoQjhjsI.cer
File:                     5PFY7_xrOIKiWQweaQasoQjhjsI.cer (raw, json)
Hash identifier:          Mawho6EBstr6GiYOdvu4G/7j5W5WP03W/jf1gWkpkss=
Subject key identifier:   E4:F1:58:EF:FC:6B:38:82:A2:59:0C:1E:69:06:AC:A1:08:E1:8E:C2
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942823E7AAE5C272F055AC6FDB9F8BD3C3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/5b/83c00e-f414-489d-9470-c693249651d5/1/5PFY7_xrOIKiWQweaQasoQjhjsI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/5b/83c00e-f414-489d-9470-c693249651d5/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 17:50:29 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 8405
                          IP: 193.188.154.0/23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:e7:aa:e5:c2:72:f0:55:ac:6f:db:9f:8b:d3:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 17:50:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e4f158effc6b3882a2590c1e6906aca108e18ec2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:26:cd:60:e4:a9:43:32:48:91:de:e5:23:45:
                    28:8f:05:80:7c:80:ee:19:98:8f:42:27:69:6b:33:
                    fb:58:30:c0:18:30:1d:ff:4c:95:63:c0:c1:82:f4:
                    13:41:79:e8:2c:d6:80:7d:c3:9f:2f:f9:62:eb:98:
                    63:93:45:0c:e3:14:64:65:cb:6b:df:4d:67:db:8e:
                    1d:8f:05:f4:a9:d3:cd:ad:4d:fb:28:42:a1:53:91:
                    e4:9d:65:7a:66:2d:dd:12:45:43:89:3b:d3:8b:d9:
                    ca:45:c6:72:2d:d8:ba:a6:78:db:ce:91:86:7a:d2:
                    4c:1a:24:14:d8:c9:55:f9:8e:3d:51:9a:27:33:6b:
                    08:00:08:e7:f7:6d:a8:b1:f7:97:ec:40:2a:00:b8:
                    17:d1:29:2a:24:08:c2:ca:b5:06:6f:ff:98:2d:e7:
                    d7:0b:d2:b8:ad:88:00:69:2f:04:b3:78:2a:a0:05:
                    8c:46:5f:47:28:f4:c8:f6:b0:61:c2:50:46:bd:7d:
                    55:9a:8c:81:b6:02:54:54:e0:8b:d5:e9:72:48:b6:
                    a1:37:4a:d7:fd:c5:a1:d9:9a:a7:05:44:35:cf:5f:
                    20:28:f1:7f:01:b4:95:6f:01:2f:98:9d:e1:51:98:
                    f1:e8:4b:88:9e:c1:0d:f7:7c:6b:f7:5c:8e:09:88:
                    f2:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:F1:58:EF:FC:6B:38:82:A2:59:0C:1E:69:06:AC:A1:08:E1:8E:C2
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/83c00e-f414-489d-9470-c693249651d5/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/83c00e-f414-489d-9470-c693249651d5/1/5PFY7_xrOIKiWQweaQasoQjhjsI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.188.154.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  8405

    Signature Algorithm: sha256WithRSAEncryption
         09:5d:33:55:59:8b:fb:28:5b:4c:29:3a:cd:cd:86:ba:7b:79:
         cf:43:06:47:48:32:59:0c:a4:0e:71:b5:fd:d5:0f:3c:4d:fd:
         f1:4f:fb:c3:d0:be:a9:b8:0a:13:48:02:a7:42:52:c3:b5:d1:
         4b:36:73:ce:89:bc:00:03:c6:d7:ce:fe:53:6b:95:77:ba:0b:
         ee:83:5d:b9:1b:a1:51:14:d1:6d:cd:af:05:2a:21:34:60:1f:
         62:11:43:c7:c3:95:bd:bc:47:58:c7:e5:6f:63:df:20:cf:63:
         b6:f4:4d:e1:92:b2:58:e1:8f:f1:13:16:19:bd:73:71:45:97:
         db:2a:53:91:c4:a8:c6:0f:39:53:41:0c:75:6b:02:40:99:99:
         3c:69:8c:d3:a6:94:6b:7f:7f:52:7b:f6:f5:89:9a:1b:a6:7f:
         78:c9:5e:96:7f:1a:79:98:3a:5e:9c:92:d3:df:25:bf:dd:39:
         21:d9:d2:e7:71:cd:a3:aa:2a:02:b2:60:1e:d1:d3:84:e3:fd:
         41:81:b0:53:a7:79:19:d5:ac:89:42:bb:fb:0d:35:54:6d:a1:
         4e:fd:70:89:16:7f:b5:20:a4:e2:d9:89:c2:ad:27:5a:e4:19:
         12:5a:28:66:e2:9a:89:48:fd:51:27:d4:1e:2d:37:cf:d0:53:
         93:5c:61:3f
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAZQoI+eq5cJy8FWsb9ufi9PDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTc1MDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGYxNThlZmZjNmIzODgyYTI1OTBjMWU2OTA2YWNhMTA4ZTE4ZWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwybNYOSpQzJIkd7lI0UojwWAfIDu
GZiPQidpazP7WDDAGDAd/0yVY8DBgvQTQXnoLNaAfcOfL/li65hjk0UM4xRkZctr
301n244djwX0qdPNrU37KEKhU5HknWV6Zi3dEkVDiTvTi9nKRcZyLdi6pnjbzpGG
etJMGiQU2MlV+Y49UZonM2sIAAjn922osfeX7EAqALgX0SkqJAjCyrUGb/+YLefX
C9K4rYgAaS8Es3gqoAWMRl9HKPTI9rBhwlBGvX1VmoyBtgJUVOCL1elySLahN0rX
/cWh2ZqnBUQ1z18gKPF/AbSVbwEvmJ3hUZjx6EuInsEN93xr91yOCYjytwIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFOTxWO/8aziColkMHmkGrKEI4Y7CMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzViLzgzYzAw
ZS1mNDE0LTQ4OWQtOTQ3MC1jNjkzMjQ5NjUxZDUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWIvODNjMDBl
LWY0MTQtNDg5ZC05NDcwLWM2OTMyNDk2NTFkNS8xLzVQRlk3X3hyT0lLaVdRd2Vh
UWFzb1FqaGpzSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBwbyaMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AiDVMA0GCSqGSIb3DQEBCwUAA4IBAQAJXTNVWYv7KFtMKTrNzYa6e3nPQwZHSDJZ
DKQOcbX91Q88Tf3xT/vD0L6puAoTSAKnQlLDtdFLNnPOibwAA8bXzv5Ta5V3ugvu
g125G6FRFNFtza8FKiE0YB9iEUPHw5W9vEdYx+VvY98gz2O29E3hkrJY4Y/xExYZ
vXNxRZfbKlORxKjGDzlTQQx1awJAmZk8aYzTppRrf39Se/b1iZobpn94yV6Wfxp5
mDpenJLT3yW/3Tkh2dLncc2jqioCsmAe0dOE4/1BgbBTp3kZ1ayJQrv7DTVUbaFO
/XCJFn+1IKTi2YnCrSda5BkSWihm4pqJSP1RJ9QeLTfP0FOTXGE/
-----END CERTIFICATE-----