Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5oClYQES3yA5h_MvDl4VrTXnENI.cer
File:                     5oClYQES3yA5h_MvDl4VrTXnENI.cer (raw, json)
Hash identifier:          E5U4TulFynQHRbx8mz/g0AvwGGryKV601RXSdqsRE4Y=
Subject key identifier:   E6:80:A5:61:01:12:DF:20:39:87:F3:2F:0E:5E:15:AD:35:E7:10:D2
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019424447FD49391673598242C720584CA60
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b9/b40d25-f444-4f60-b162-d1502f7cf234/1/5oClYQES3yA5h_MvDl4VrTXnENI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b9/b40d25-f444-4f60-b162-d1502f7cf234/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 23:47:36 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 213.134.2.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:7f:d4:93:91:67:35:98:24:2c:72:05:84:ca:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 23:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e680a5610112df203987f32f0e5e15ad35e710d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:aa:33:04:dd:ef:3a:f5:08:d7:4e:8b:2d:93:
                    f3:5a:0b:cf:1a:19:bd:59:84:a7:93:44:c0:f6:60:
                    3f:29:03:e7:66:6c:70:5a:41:09:a8:36:a2:da:29:
                    60:0c:6c:c7:a5:90:0b:c4:b2:bb:8c:ad:7d:d9:9c:
                    cb:64:1f:75:f2:8c:36:8e:0e:bd:e0:55:7c:33:71:
                    ae:ae:d6:89:6a:9e:1c:3b:9b:fa:3d:c5:9e:0e:bf:
                    1b:83:c7:26:9c:0e:55:dd:c8:85:04:44:ce:9e:de:
                    93:9e:70:0d:72:4d:a0:fa:3c:d8:24:3c:77:c5:b7:
                    98:6f:38:bd:7a:91:7c:b9:9a:1a:33:97:d0:f2:78:
                    eb:12:ee:66:95:fa:05:68:d1:c9:6f:73:61:d5:f6:
                    08:55:69:f1:ae:64:de:9e:87:0e:03:2e:a8:b2:8a:
                    cc:48:fd:b1:f0:6a:17:ea:d1:ca:c9:e8:44:26:5b:
                    00:8d:d6:53:3c:e1:3d:45:48:c5:85:20:9a:27:8b:
                    a4:76:1e:e4:08:68:8c:7a:96:24:69:27:bd:33:ad:
                    c9:af:e6:18:f1:9e:9a:c1:ad:4e:9f:55:76:a3:57:
                    55:97:f4:a5:fe:d8:30:ec:34:1e:1a:b1:88:8d:ac:
                    7c:a8:d1:61:47:e9:8b:9a:d5:3b:0c:71:7d:69:39:
                    94:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:80:A5:61:01:12:DF:20:39:87:F3:2F:0E:5E:15:AD:35:E7:10:D2
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/b40d25-f444-4f60-b162-d1502f7cf234/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/b40d25-f444-4f60-b162-d1502f7cf234/1/5oClYQES3yA5h_MvDl4VrTXnENI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.134.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:3e:81:0f:ca:42:ce:9a:d4:b0:29:5b:f2:23:2b:f3:5e:9a:
         59:a5:f3:21:01:83:4e:6c:34:94:e0:76:42:14:29:3c:86:2f:
         88:2c:4b:c7:46:63:ad:60:6a:77:52:68:ac:c9:07:25:e8:71:
         b7:bf:6d:6e:2d:19:df:6b:53:a0:00:60:ed:c3:95:ee:16:87:
         eb:53:cf:a6:f0:f6:f1:3e:48:f4:65:3f:ee:3f:17:01:8e:3c:
         2f:3e:74:38:21:a3:21:76:df:b1:8d:53:43:71:87:28:bf:b3:
         72:6d:57:33:1a:aa:47:c4:f7:b4:d6:14:18:f3:9f:2c:80:42:
         ac:17:7d:7e:68:dc:aa:1d:77:80:68:8d:39:d4:69:b2:6e:f8:
         b5:b0:6a:fe:55:53:7d:e9:37:57:7a:e9:d4:75:25:2c:1e:6f:
         ee:2a:62:a6:28:6f:b1:df:1e:69:f5:d8:54:4a:9d:00:e7:35:
         28:9d:4f:3e:6e:1d:37:5e:f6:41:6e:85:8c:aa:77:b8:58:f8:
         0b:3f:61:ed:fb:d5:f8:3f:da:61:b7:22:80:70:da:4c:cf:8a:
         33:38:bb:ef:d9:98:38:e4:25:ec:71:23:47:cf:73:a0:21:05:
         2f:e9:cf:1d:0d:6d:7b:fc:40:a8:87:fd:14:cf:58:35:76:b0:
         fa:5d:2f:d4
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQkRH/Uk5FnNZgkLHIFhMpgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMjM0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjgwYTU2MTAxMTJkZjIwMzk4N2YzMmYwZTVlMTVhZDM1ZTcxMGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwaozBN3vOvUI106LLZPzWgvPGhm9
WYSnk0TA9mA/KQPnZmxwWkEJqDai2ilgDGzHpZALxLK7jK192ZzLZB918ow2jg69
4FV8M3GurtaJap4cO5v6PcWeDr8bg8cmnA5V3ciFBETOnt6TnnANck2g+jzYJDx3
xbeYbzi9epF8uZoaM5fQ8njrEu5mlfoFaNHJb3Nh1fYIVWnxrmTenocOAy6osorM
SP2x8GoX6tHKyehEJlsAjdZTPOE9RUjFhSCaJ4ukdh7kCGiMepYkaSe9M63Jr+YY
8Z6awa1On1V2o1dVl/Sl/tgw7DQeGrGIjax8qNFhR+mLmtU7DHF9aTmU7wIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFOaApWEBEt8gOYfzLw5eFa015xDSMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2I5L2I0MGQy
NS1mNDQ0LTRmNjAtYjE2Mi1kMTUwMmY3Y2YyMzQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjkvYjQwZDI1
LWY0NDQtNGY2MC1iMTYyLWQxNTAyZjdjZjIzNC8xLzVvQ2xZUUVTM3lBNWhfTXZE
bDRWclRYbkVOSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQA1YYCMA0GCSqGSIb3DQEBCwUAA4IBAQBOPoEP
ykLOmtSwKVvyIyvzXppZpfMhAYNObDSU4HZCFCk8hi+ILEvHRmOtYGp3UmisyQcl
6HG3v21uLRnfa1OgAGDtw5XuFofrU8+m8PbxPkj0ZT/uPxcBjjwvPnQ4IaMhdt+x
jVNDcYcov7NybVczGqpHxPe01hQY858sgEKsF31+aNyqHXeAaI051Gmybvi1sGr+
VVN96TdXeunUdSUsHm/uKmKmKG+x3x5p9dhUSp0A5zUonU8+bh03XvZBboWMqne4
WPgLP2Ht+9X4P9phtyKAcNpMz4ozOLvv2Zg45CXscSNHz3OgIQUv6c8dDW17/ECo
h/0Uz1g1drD6XS/U
-----END CERTIFICATE-----