Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/977TP_AejgncT-3NAROcDneFSq4.cer
File:                     977TP_AejgncT-3NAROcDneFSq4.cer (raw, json)
Hash identifier:          qkIPmBkBAG/JW5/FzZxdvqLHCa2pjqoymPiQAcITnt4=
Subject key identifier:   F7:BE:D3:3F:F0:1E:8E:09:DC:4F:ED:CD:01:13:9C:0E:77:85:4A:AE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941F8C70E576EC8B2A3660CAB4E424CEE2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/15/5a6d01-a375-4e11-871e-99e6141de7f1/1/977TP_AejgncT-3NAROcDneFSq4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/15/5a6d01-a375-4e11-871e-99e6141de7f1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 01:48:05 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.70.84.0/22
                          IP: 2a03:3520::/32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 15:28:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:70:e5:76:ec:8b:2a:36:60:ca:b4:e4:24:ce:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7bed33ff01e8e09dc4fedcd01139c0e77854aae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:aa:44:9d:56:c7:cf:73:2f:d9:25:fd:30:38:
                    6c:93:df:f3:ad:7d:63:3f:af:95:18:e5:cc:08:f5:
                    eb:21:98:15:62:7a:8e:bc:86:12:46:03:f3:1c:8e:
                    1d:bd:a4:c4:08:9e:a0:c0:77:d2:6f:a2:a6:2f:fb:
                    0c:d2:8e:36:88:59:72:dc:cd:bd:32:6b:68:74:55:
                    e1:7c:ae:24:d7:7f:11:6d:81:e1:f3:c8:9c:20:ec:
                    5a:70:3b:b1:cc:a0:bf:6d:a8:43:5a:4d:d9:5b:9b:
                    aa:21:64:4e:be:e5:1b:c6:39:3e:8e:0f:dc:79:5e:
                    64:2f:a8:14:95:52:4d:90:b5:52:2d:6f:1c:5d:67:
                    92:a1:75:da:77:b1:9f:95:ff:53:c6:5e:2c:47:ea:
                    8d:21:81:82:46:a5:d5:22:20:5e:96:cf:3b:0f:77:
                    f4:c2:17:fe:d2:6c:8c:b3:05:af:9e:17:9d:4c:18:
                    39:10:fe:3c:a1:b4:95:e0:c7:d8:7a:89:e9:18:4c:
                    f1:35:ca:f4:cc:52:0c:7b:d7:6b:d7:50:a3:ef:96:
                    2f:3f:9e:4c:c9:ff:d8:73:20:3a:13:ed:19:04:31:
                    41:e3:f4:9f:6c:71:7a:ab:a3:c0:2b:62:ff:5e:89:
                    23:81:d3:c9:e6:3b:45:79:1d:e6:84:7b:ed:09:c6:
                    fd:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:BE:D3:3F:F0:1E:8E:09:DC:4F:ED:CD:01:13:9C:0E:77:85:4A:AE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/5a6d01-a375-4e11-871e-99e6141de7f1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/5a6d01-a375-4e11-871e-99e6141de7f1/1/977TP_AejgncT-3NAROcDneFSq4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.70.84.0/22
                IPv6:
                  2a03:3520::/32

    Signature Algorithm: sha256WithRSAEncryption
         95:92:eb:c9:31:cb:20:2d:9b:5b:23:48:80:4d:51:3e:4e:35:
         c5:fb:53:0b:28:73:b1:96:e2:1c:e0:fa:3f:36:45:d0:0f:54:
         40:d1:aa:be:2d:53:f1:78:55:8d:14:18:f5:f0:52:aa:3e:b3:
         cf:99:4b:9b:f2:b5:66:17:09:dd:78:4a:05:91:f9:2c:f5:f1:
         07:ab:1c:83:b2:17:7c:25:f2:6b:21:1b:60:e7:4d:fb:eb:0a:
         95:c4:1f:17:67:13:87:7d:bc:a5:ad:60:d2:66:2a:0b:7d:c6:
         a5:5a:b6:bd:81:a1:e3:e9:34:7e:ba:71:4e:5a:44:c1:31:d6:
         2e:66:fd:be:0a:86:ea:f8:f8:89:e5:ae:93:f8:84:09:bd:c4:
         72:9f:91:98:cb:00:30:a7:29:86:77:2c:2e:eb:c4:7e:70:01:
         8f:f2:13:f5:d4:19:b2:ef:1d:23:41:c2:e4:14:4b:bc:4b:d6:
         ae:9d:32:dd:10:81:f2:4b:54:f0:89:95:0f:15:0a:b0:5e:dd:
         e5:24:38:21:97:22:d0:51:b1:2a:8b:f1:60:70:8e:70:77:8c:
         eb:be:e1:80:50:fc:3c:42:57:ad:7e:9c:85:b3:b6:a7:2b:03:
         7d:b8:59:0b:f2:1c:83:29:97:aa:e8:02:0e:92:b0:32:60:af:
         61:60:a2:a2
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQfjHDlduyLKjZgyrTkJM7iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDE0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2JlZDMzZmYwMWU4ZTA5ZGM0ZmVkY2QwMTEzOWMwZTc3ODU0YWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjapEnVbHz3Mv2SX9MDhsk9/zrX1j
P6+VGOXMCPXrIZgVYnqOvIYSRgPzHI4dvaTECJ6gwHfSb6KmL/sM0o42iFly3M29
MmtodFXhfK4k138RbYHh88icIOxacDuxzKC/bahDWk3ZW5uqIWROvuUbxjk+jg/c
eV5kL6gUlVJNkLVSLW8cXWeSoXXad7Gflf9Txl4sR+qNIYGCRqXVIiBels87D3f0
whf+0myMswWvnhedTBg5EP48obSV4MfYeonpGEzxNcr0zFIMe9dr11Cj75YvP55M
yf/YcyA6E+0ZBDFB4/SfbHF6q6PAK2L/XokjgdPJ5jtFeR3mhHvtCcb97QIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFPe+0z/wHo4J3E/tzQETnA53hUquMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE1LzVhNmQw
MS1hMzc1LTRlMTEtODcxZS05OWU2MTQxZGU3ZjEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTUvNWE2ZDAx
LWEzNzUtNGUxMS04NzFlLTk5ZTYxNDFkZTdmMS8xLzk3N1RQX0FlamduY1QtM05B
Uk9jRG5lRlNxNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuUZUMA0EAgACMAcDBQAqAzUgMA0GCSqGSIb3
DQEBCwUAA4IBAQCVkuvJMcsgLZtbI0iATVE+TjXF+1MLKHOxluIc4Po/NkXQD1RA
0aq+LVPxeFWNFBj18FKqPrPPmUub8rVmFwndeEoFkfks9fEHqxyDshd8JfJrIRtg
50376wqVxB8XZxOHfbylrWDSZioLfcalWra9gaHj6TR+unFOWkTBMdYuZv2+Cobq
+PiJ5a6T+IQJvcRyn5GYywAwpymGdywu68R+cAGP8hP11Bmy7x0jQcLkFEu8S9au
nTLdEIHyS1TwiZUPFQqwXt3lJDghlyLQUbEqi/FgcI5wd4zrvuGAUPw8QletfpyF
s7anKwN9uFkL8hyDKZeq6AIOkrAyYK9hYKKi
-----END CERTIFICATE-----