Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9MZJlOJNSu_cQqiDH-Dc4g1gRok.cer
File:                     9MZJlOJNSu_cQqiDH-Dc4g1gRok.cer (raw, json)
Hash identifier:          yAoqb3rBQ7sPfzhMIwPXxuulzJ2PE8Wfe6fyEn4YhKs=
Subject key identifier:   F4:C6:49:94:E2:4D:4A:EF:DC:42:A8:83:1F:E0:DC:E2:0D:60:46:89
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194258F781BD289BDB348C996128836F6C0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/33/64658d-d5eb-489b-bc15-3855698fb57f/1/9MZJlOJNSu_cQqiDH-Dc4g1gRok.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/33/64658d-d5eb-489b-bc15-3855698fb57f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 05:49:06 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 45.80.232.0/22
                          IP: 2a0e:4980::/32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 13:16:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:78:1b:d2:89:bd:b3:48:c9:96:12:88:36:f6:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 05:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f4c64994e24d4aefdc42a8831fe0dce20d604689
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d9:1e:1c:cd:55:f6:3a:c5:b7:b9:87:61:42:
                    ae:82:76:00:c8:7a:72:6c:71:32:bf:4b:5b:68:87:
                    93:64:8e:18:da:6d:4a:d0:45:f6:e2:45:24:ec:5c:
                    ea:fc:cf:ef:c3:7e:9b:a1:01:e6:a9:6e:19:f0:10:
                    9b:3f:ac:e9:3c:06:4d:06:5e:1e:02:66:12:54:76:
                    c7:e1:28:32:5f:57:65:ba:78:4b:e7:04:54:f4:d4:
                    b7:b0:a6:34:9b:04:06:06:fa:ef:5b:77:0c:9b:88:
                    4d:19:94:3a:61:65:cf:41:e4:82:a0:4b:d2:70:90:
                    0b:e6:f2:46:54:5f:8f:31:db:5d:5a:10:83:3d:13:
                    0b:1f:c6:fc:ed:3e:c5:e6:36:7f:20:7a:64:23:31:
                    a5:4a:40:f0:d1:be:98:a2:9d:a8:25:ab:dc:bd:16:
                    33:1d:21:10:6d:3b:ba:9a:63:50:9d:29:eb:2e:16:
                    62:77:da:a1:4e:c2:38:bf:9f:29:f2:9c:39:61:7d:
                    82:c1:b1:f0:ce:b5:12:4b:c7:5b:ab:e8:3b:70:78:
                    82:47:87:d1:eb:5b:ab:1c:2d:52:e5:49:c3:61:03:
                    2a:13:ac:f9:23:c8:fb:9d:4e:f6:b1:1a:32:97:2d:
                    ad:c0:81:10:39:9b:28:48:50:14:bd:c1:bd:76:e1:
                    fb:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:C6:49:94:E2:4D:4A:EF:DC:42:A8:83:1F:E0:DC:E2:0D:60:46:89
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/64658d-d5eb-489b-bc15-3855698fb57f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/64658d-d5eb-489b-bc15-3855698fb57f/1/9MZJlOJNSu_cQqiDH-Dc4g1gRok.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.232.0/22
                IPv6:
                  2a0e:4980::/32

    Signature Algorithm: sha256WithRSAEncryption
         ac:be:e8:95:d8:a0:f0:51:9b:51:e3:70:eb:5b:26:eb:c9:26:
         ab:b2:13:c8:d3:7c:49:57:97:92:00:d9:b8:67:7a:99:35:2e:
         cf:3b:61:24:00:2b:01:3a:4f:90:8e:a3:e9:8a:1e:1f:b0:56:
         8d:d4:49:db:58:cc:93:c5:99:d3:db:3d:22:60:09:93:df:2b:
         19:d7:43:7b:39:9f:be:83:f5:89:18:16:11:70:9e:54:1b:f7:
         bd:b3:bd:6e:74:dd:00:58:b7:02:3e:96:2a:e9:02:52:24:73:
         78:48:f8:71:dd:9e:b3:b3:66:1a:1b:09:f0:99:1e:22:0e:49:
         b6:21:3a:62:1b:70:35:9c:1a:bd:91:45:82:8c:8c:75:59:73:
         bd:84:0d:59:50:f9:00:bc:a9:74:d8:9a:65:44:63:a3:69:3f:
         c3:fb:96:d7:80:2a:da:21:c4:3f:08:37:ec:9a:50:44:9d:62:
         58:84:96:5f:aa:49:d0:8b:04:3b:ac:4c:a3:a3:6f:f9:8b:4f:
         1d:d8:25:a3:7e:94:06:20:97:8c:0e:05:43:d5:f5:e3:b6:5b:
         e0:fa:b7:bd:f5:3d:4b:ca:d9:44:b5:78:b9:79:3b:4b:3d:da:
         9c:29:8d:ef:72:12:b9:4b:8d:ef:cf:b6:b1:4e:ce:80:71:e5:
         64:97:76:61
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQlj3gb0om9s0jJlhKINvbAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDU0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGM2NDk5NGUyNGQ0YWVmZGM0MmE4ODMxZmUwZGNlMjBkNjA0Njg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNkeHM1V9jrFt7mHYUKugnYAyHpy
bHEyv0tbaIeTZI4Y2m1K0EX24kUk7Fzq/M/vw36boQHmqW4Z8BCbP6zpPAZNBl4e
AmYSVHbH4SgyX1dlunhL5wRU9NS3sKY0mwQGBvrvW3cMm4hNGZQ6YWXPQeSCoEvS
cJAL5vJGVF+PMdtdWhCDPRMLH8b87T7F5jZ/IHpkIzGlSkDw0b6Yop2oJavcvRYz
HSEQbTu6mmNQnSnrLhZid9qhTsI4v58p8pw5YX2CwbHwzrUSS8dbq+g7cHiCR4fR
61urHC1S5UnDYQMqE6z5I8j7nU72sRoyly2twIEQOZsoSFAUvcG9duH7EQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFPTGSZTiTUrv3EKogx/g3OINYEaJMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzLzY0NjU4
ZC1kNWViLTQ4OWItYmMxNS0zODU1Njk4ZmI1N2YvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzMvNjQ2NThk
LWQ1ZWItNDg5Yi1iYzE1LTM4NTU2OThmYjU3Zi8xLzlNWkpsT0pOU3VfY1FxaURI
LURjNGcxZ1Jvay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCLVDoMA0EAgACMAcDBQAqDkmAMA0GCSqGSIb3
DQEBCwUAA4IBAQCsvuiV2KDwUZtR43DrWybrySarshPI03xJV5eSANm4Z3qZNS7P
O2EkACsBOk+QjqPpih4fsFaN1EnbWMyTxZnT2z0iYAmT3ysZ10N7OZ++g/WJGBYR
cJ5UG/e9s71udN0AWLcCPpYq6QJSJHN4SPhx3Z6zs2YaGwnwmR4iDkm2ITpiG3A1
nBq9kUWCjIx1WXO9hA1ZUPkAvKl02JplRGOjaT/D+5bXgCraIcQ/CDfsmlBEnWJY
hJZfqknQiwQ7rEyjo2/5i08d2CWjfpQGIJeMDgVD1fXjtlvg+re99T1LytlEtXi5
eTtLPdqcKY3vchK5S43vz7axTs6AceVkl3Zh
-----END CERTIFICATE-----