Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87fdVNqwL-jN6KheVp-CcIiXlBk.cer
File:                     87fdVNqwL-jN6KheVp-CcIiXlBk.cer (raw, json)
Hash identifier:          8ZdZAfv6/ljmbcEz1xgIlTp2LnyDEbbQxIHPA2JLimQ=
Subject key identifier:   F3:B7:DD:54:DA:B0:2F:E8:CD:E8:A8:5E:56:9F:82:70:88:97:94:19
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019426D961CFC48B192BA6017BBF08A15DE0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7e/840dc1-83fc-4f9d-be5e-1939883bb1f8/1/87fdVNqwL-jN6KheVp-CcIiXlBk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7e/840dc1-83fc-4f9d-be5e-1939883bb1f8/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 11:49:28 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 42791
                          IP: 91.213.131.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 02:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:61:cf:c4:8b:19:2b:a6:01:7b:bf:08:a1:5d:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 11:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f3b7dd54dab02fe8cde8a85e569f827088979419
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:13:17:95:80:08:c9:01:32:24:db:17:1a:30:
                    c3:5f:4a:94:5d:2e:97:1a:c5:f0:43:c9:29:d7:21:
                    70:58:67:d7:ba:04:45:7c:0e:f6:c3:dc:83:46:0e:
                    20:8e:46:55:40:80:17:c9:35:e7:0e:fa:91:53:a5:
                    49:7e:05:c5:ad:15:61:a3:67:f4:60:cb:14:01:8e:
                    70:57:b9:c2:89:ec:b7:db:2d:0d:49:ab:4f:fd:55:
                    38:50:bc:18:84:59:e2:9f:bb:69:b3:4d:64:85:c2:
                    71:7a:da:d4:23:84:c9:e3:6c:cd:79:c3:60:a6:4a:
                    52:1a:90:31:93:60:39:be:0d:6b:31:79:cf:62:93:
                    80:45:b7:47:f0:47:77:1c:d7:ce:e8:f6:03:42:0b:
                    6d:c1:a4:2a:39:f7:16:9c:e7:04:76:24:0d:d1:bf:
                    b0:19:95:31:60:de:07:66:78:5b:6a:4b:96:52:41:
                    ee:d1:de:6c:bb:af:ed:a3:9f:5f:4f:98:2d:f3:2a:
                    af:2e:82:c4:e6:2b:c6:f9:5f:1d:d9:d9:f9:29:e0:
                    21:e9:e5:ef:0e:45:09:7c:4b:c8:f0:36:21:83:b2:
                    50:24:65:11:26:03:74:2d:f4:a0:80:20:35:4d:98:
                    c3:1d:32:62:87:18:73:2d:ce:1d:3b:9c:55:e9:17:
                    af:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:B7:DD:54:DA:B0:2F:E8:CD:E8:A8:5E:56:9F:82:70:88:97:94:19
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/840dc1-83fc-4f9d-be5e-1939883bb1f8/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/840dc1-83fc-4f9d-be5e-1939883bb1f8/1/87fdVNqwL-jN6KheVp-CcIiXlBk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.131.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  42791

    Signature Algorithm: sha256WithRSAEncryption
         6a:d3:cb:67:fc:82:c6:54:dd:8c:bd:25:3e:21:57:1d:00:bb:
         1b:32:50:d3:f9:73:d0:5e:4e:db:07:63:65:f5:82:d6:83:73:
         5f:da:41:1e:df:06:fe:59:a5:a0:8b:86:3d:cb:75:40:49:7d:
         1b:b2:d2:c1:c8:6c:51:e8:2e:ad:8a:3d:9f:61:43:73:c3:3b:
         ab:a3:c0:b4:e1:60:36:44:34:a6:c0:09:db:09:38:8a:76:a3:
         60:85:56:d0:2e:50:95:09:4b:f0:85:de:78:4c:4b:ef:cd:b9:
         77:b0:c2:bc:4a:e4:a9:45:ef:7e:6b:96:05:5d:6f:ee:b7:93:
         05:63:0a:ad:9c:14:d7:39:bc:4b:6d:98:2f:76:b7:c8:13:c6:
         df:87:c7:e3:e3:53:26:bd:54:85:2f:54:00:75:b4:70:17:c2:
         f8:82:fe:39:b1:1a:9b:96:d3:42:1d:dc:99:54:0c:29:08:17:
         4f:e9:74:bd:8a:71:4c:27:9f:7a:0b:5d:fe:0d:c6:14:e3:01:
         fe:7f:d0:ac:65:fc:0d:58:1e:96:82:51:d8:12:0c:03:c8:05:
         98:79:f6:ce:f5:1c:6f:bd:4f:b9:cb:95:15:d7:2c:d3:f3:86:
         16:72:a0:4c:7f:e4:ec:2c:20:8f:72:cb:31:8e:85:12:7c:d0:
         c9:94:73:66
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQm2WHPxIsZK6YBe78IoV3gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTE0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2I3ZGQ1NGRhYjAyZmU4Y2RlOGE4NWU1NjlmODI3MDg4OTc5NDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5RMXlYAIyQEyJNsXGjDDX0qUXS6X
GsXwQ8kp1yFwWGfXugRFfA72w9yDRg4gjkZVQIAXyTXnDvqRU6VJfgXFrRVho2f0
YMsUAY5wV7nCiey32y0NSatP/VU4ULwYhFnin7tps01khcJxetrUI4TJ42zNecNg
pkpSGpAxk2A5vg1rMXnPYpOARbdH8Ed3HNfO6PYDQgttwaQqOfcWnOcEdiQN0b+w
GZUxYN4HZnhbakuWUkHu0d5su6/to59fT5gt8yqvLoLE5ivG+V8d2dn5KeAh6eXv
DkUJfEvI8DYhg7JQJGURJgN0LfSggCA1TZjDHTJihxhzLc4dO5xV6RevoQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFPO33VTasC/ozeioXlafgnCIl5QZMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdlLzg0MGRj
MS04M2ZjLTRmOWQtYmU1ZS0xOTM5ODgzYmIxZjgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2UvODQwZGMx
LTgzZmMtNGY5ZC1iZTVlLTE5Mzk4ODNiYjFmOC8xLzg3ZmRWTnF3TC1qTjZLaGVW
cC1DY0lpWGxCay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9WDMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCnJzANBgkqhkiG9w0BAQsFAAOCAQEAatPLZ/yCxlTdjL0lPiFXHQC7GzJQ0/lz
0F5O2wdjZfWC1oNzX9pBHt8G/lmloIuGPct1QEl9G7LSwchsUegurYo9n2FDc8M7
q6PAtOFgNkQ0psAJ2wk4inajYIVW0C5QlQlL8IXeeExL7825d7DCvErkqUXvfmuW
BV1v7reTBWMKrZwU1zm8S22YL3a3yBPG34fH4+NTJr1UhS9UAHW0cBfC+IL+ObEa
m5bTQh3cmVQMKQgXT+l0vYpxTCefegtd/g3GFOMB/n/QrGX8DVgeloJR2BIMA8gF
mHn2zvUcb71PucuVFdcs0/OGFnKgTH/k7Cwgj3LLMY6FEnzQyZRzZg==
-----END CERTIFICATE-----