Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8jJYqmuD7J-3vpZsYmqRZngcfzs.cer
File:                     8jJYqmuD7J-3vpZsYmqRZngcfzs.cer (raw, json)
Hash identifier:          91HCyVPYoiJpz2RcMqrSp3Vew50V/Sl5s3qs8suGaB4=
Subject key identifier:   F2:32:58:AA:6B:83:EC:9F:B7:BE:96:6C:62:6A:91:66:78:1C:7F:3B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019425212EC7A4E7553C23440130DEF839B7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/48/48c3a8-b954-41c9-bd23-712fcfa441e4/1/8jJYqmuD7J-3vpZsYmqRZngcfzs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/48/48c3a8-b954-41c9-bd23-712fcfa441e4/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 03:48:39 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 155.105.0.0/16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 09:37:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:2e:c7:a4:e7:55:3c:23:44:01:30:de:f8:39:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 03:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f23258aa6b83ec9fb7be966c626a9166781c7f3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:09:ec:82:b5:3a:5f:d3:1c:ec:51:5c:d9:52:
                    ce:0c:e0:67:b3:ff:3c:25:b6:13:6c:fc:54:a0:7e:
                    f6:9d:7e:69:2d:da:7a:1f:73:7c:2d:b9:33:57:0c:
                    90:03:70:fe:2c:6b:e4:af:1c:0c:fb:bf:82:a2:09:
                    c2:09:cd:58:80:21:88:70:54:90:5e:43:00:a1:c7:
                    44:63:d4:a4:46:bd:c9:71:38:0c:b8:7a:da:e1:c0:
                    0b:a5:0f:0e:ac:41:2b:28:44:a1:d7:31:be:02:6e:
                    04:43:99:c4:f8:4d:51:65:b9:de:77:6a:d2:05:8b:
                    36:02:b7:09:2e:63:80:54:97:3e:2d:3b:23:dd:b4:
                    4c:3c:d1:dd:e7:63:fb:02:f7:5e:d6:fb:10:57:b8:
                    55:cd:a2:03:f1:f6:9d:cc:12:fc:18:ad:33:c1:93:
                    ed:bf:3f:01:0b:35:6c:fe:a3:a3:1c:22:9a:2c:41:
                    2f:0c:ac:49:36:ef:8d:46:55:3f:c3:75:89:ea:8d:
                    2a:56:9d:b2:d9:75:4d:96:6e:ca:58:38:72:e8:0d:
                    78:cd:d9:4c:5e:24:ba:75:b9:17:c0:46:ab:f7:95:
                    10:60:97:09:34:0d:84:9a:94:f8:a4:db:52:8b:83:
                    13:63:cd:ee:fa:b1:4c:0a:4a:c2:f7:fa:bd:df:8b:
                    88:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:32:58:AA:6B:83:EC:9F:B7:BE:96:6C:62:6A:91:66:78:1C:7F:3B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/48c3a8-b954-41c9-bd23-712fcfa441e4/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/48c3a8-b954-41c9-bd23-712fcfa441e4/1/8jJYqmuD7J-3vpZsYmqRZngcfzs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.105.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0e:51:1d:ec:3b:07:9b:93:34:de:73:31:ca:70:28:8f:d4:21:
         24:c5:67:b4:55:81:ac:e3:5b:5d:ac:d3:4d:7d:d9:10:9d:32:
         2d:55:44:a5:9b:be:44:38:1e:22:0e:ee:f7:6b:4e:95:5d:c4:
         62:b6:7f:c9:fb:a7:0c:78:5a:bd:2d:67:36:70:b5:0d:11:45:
         dd:64:50:ae:39:fa:61:cb:78:cd:50:a9:44:42:5e:ee:07:00:
         20:4e:8f:ef:b4:9a:a3:33:f7:3a:4d:b9:68:fc:7c:1d:7e:6a:
         e8:06:73:51:00:5f:a1:de:7f:7f:13:b3:b5:05:32:b2:d0:e1:
         3c:13:e0:e1:5d:df:1d:c8:1b:ad:5a:b0:3d:80:f3:26:8f:f6:
         0a:da:20:d4:9c:f2:8c:43:81:72:ab:68:75:09:6d:1c:d9:a1:
         ef:9a:8f:18:bc:dd:f9:29:d1:7b:67:38:49:78:eb:1f:db:f1:
         a4:b7:eb:c4:a2:66:2c:ad:08:36:04:ec:0b:ed:3f:6e:b7:d8:
         7f:6f:a7:cc:8e:7f:d5:53:71:04:62:d4:f9:44:1f:7a:21:46:
         19:ef:60:84:68:30:87:e5:7a:19:aa:d5:cf:95:48:55:e1:f3:
         db:ef:f9:22:49:0c:3e:97:4d:fb:29:23:40:35:cc:f1:3b:1a:
         0f:c2:d0:22
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAZQlIS7HpOdVPCNEATDe+Dm3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDM0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjMyNThhYTZiODNlYzlmYjdiZTk2NmM2MjZhOTE2Njc4MWM3ZjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgnsgrU6X9Mc7FFc2VLODOBns/88
JbYTbPxUoH72nX5pLdp6H3N8LbkzVwyQA3D+LGvkrxwM+7+CognCCc1YgCGIcFSQ
XkMAocdEY9SkRr3JcTgMuHra4cALpQ8OrEErKESh1zG+Am4EQ5nE+E1RZbned2rS
BYs2ArcJLmOAVJc+LTsj3bRMPNHd52P7Avde1vsQV7hVzaID8fadzBL8GK0zwZPt
vz8BCzVs/qOjHCKaLEEvDKxJNu+NRlU/w3WJ6o0qVp2y2XVNlm7KWDhy6A14zdlM
XiS6dbkXwEar95UQYJcJNA2EmpT4pNtSi4MTY83u+rFMCkrC9/q934uI9wIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFPIyWKprg+yft76WbGJqkWZ4HH87MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ4LzQ4YzNh
OC1iOTU0LTQxYzktYmQyMy03MTJmY2ZhNDQxZTQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDgvNDhjM2E4
LWI5NTQtNDFjOS1iZDIzLTcxMmZjZmE0NDFlNC8xLzhqSllxbXVEN0otM3ZwWnNZ
bXFSWm5nY2Z6cy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUF
BwEHAQH/BA8wDTALBAIAATAFAwMAm2kwDQYJKoZIhvcNAQELBQADggEBAA5RHew7
B5uTNN5zMcpwKI/UISTFZ7RVgazjW12s00192RCdMi1VRKWbvkQ4HiIO7vdrTpVd
xGK2f8n7pwx4Wr0tZzZwtQ0RRd1kUK45+mHLeM1QqURCXu4HACBOj++0mqMz9zpN
uWj8fB1+augGc1EAX6Hef38Ts7UFMrLQ4TwT4OFd3x3IG61asD2A8yaP9graINSc
8oxDgXKraHUJbRzZoe+ajxi83fkp0XtnOEl46x/b8aS368SiZiytCDYE7AvtP263
2H9vp8yOf9VTcQRi1PlEH3ohRhnvYIRoMIflehmq1c+VSFXh89vv+SJJDD6XTfsp
I0A1zPE7Gg/C0CI=
-----END CERTIFICATE-----