Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/A2hHspcjX68HFob-0sHpEL9gBIY.cer
File:                     A2hHspcjX68HFob-0sHpEL9gBIY.cer (raw, json)
Hash identifier:          e9/zrbgSonFMeLTd4f5A02wSjpXYly8ytBQP45yDUQI=
Subject key identifier:   03:68:47:B2:97:23:5F:AF:07:16:86:FE:D2:C1:E9:10:BF:60:04:86
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942143BAD70B51536F82159494A69C7C11
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/1e/44b797-cd5b-4ded-a562-bdd7328e94cb/1/A2hHspcjX68HFob-0sHpEL9gBIY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/1e/44b797-cd5b-4ded-a562-bdd7328e94cb/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 09:47:54 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 91.240.192.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:ba:d7:0b:51:53:6f:82:15:94:94:a6:9c:7c:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 09:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=036847b297235faf071686fed2c1e910bf600486
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:53:28:06:2a:e7:c6:68:18:51:05:5c:01:29:
                    6d:42:86:7f:79:8f:17:00:ec:fc:1c:05:af:df:cf:
                    fc:e5:6e:23:04:13:77:6e:95:6d:4e:30:8e:91:35:
                    9a:e8:e4:e0:63:e9:b2:b1:1f:33:72:60:8c:42:2a:
                    87:db:98:b9:16:1a:bf:35:4b:9f:7e:07:c6:61:d2:
                    ab:d3:f4:ee:77:a2:2e:62:b3:fc:4d:01:1c:84:e3:
                    c4:01:7a:81:6e:40:29:81:73:c7:cc:bf:ae:34:74:
                    ce:8d:c6:7f:fa:0a:fb:6c:24:33:7f:63:7b:13:f0:
                    c1:fc:7b:10:fb:49:9b:ce:3b:fb:73:59:6b:f7:c8:
                    fe:38:87:2a:34:99:81:ec:52:58:d8:5d:68:a7:7c:
                    8d:4f:a6:a2:d2:c0:9a:40:d6:b0:97:97:fb:94:ff:
                    aa:03:a2:d9:88:3e:b3:01:a4:3a:e7:72:68:a6:bc:
                    9f:08:5c:d3:42:74:bc:0d:c3:be:37:a8:c9:7d:8a:
                    b6:bf:fa:19:06:9c:79:16:87:4c:c1:f6:ce:66:72:
                    26:da:bf:9e:55:e7:fa:75:e4:02:87:67:47:1b:26:
                    6c:a1:6f:54:be:de:72:78:8b:c0:46:8a:47:87:88:
                    f0:7a:75:30:db:19:54:d5:1c:23:70:ca:09:7f:b6:
                    96:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:68:47:B2:97:23:5F:AF:07:16:86:FE:D2:C1:E9:10:BF:60:04:86
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/44b797-cd5b-4ded-a562-bdd7328e94cb/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/44b797-cd5b-4ded-a562-bdd7328e94cb/1/A2hHspcjX68HFob-0sHpEL9gBIY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:fd:22:ce:bc:e8:10:0c:d2:be:f3:d9:fe:53:d1:4c:18:af:
         13:ef:73:d9:c9:f5:56:97:99:f4:41:6b:6d:75:9b:73:14:9a:
         ba:ca:8a:99:26:69:13:7f:d3:e7:a6:83:f6:17:bc:43:3c:c3:
         ba:63:cb:db:c4:29:ad:0f:5f:09:0e:51:77:12:2e:36:63:b8:
         71:dd:32:b3:b2:94:f6:2d:e1:65:da:38:02:28:3d:0e:ca:34:
         c6:8f:84:86:8d:e7:83:24:84:ab:34:ef:6e:0e:a0:22:a9:8a:
         67:86:36:58:a4:d3:95:f0:53:d3:eb:e5:b8:3d:ce:eb:f5:75:
         be:c7:1a:bd:73:48:d8:41:09:c1:05:84:2d:25:af:38:c4:4e:
         f8:20:d7:64:d6:07:fc:88:fb:69:5c:f4:ac:c6:2b:74:95:dd:
         95:bb:b5:f7:1b:4a:a2:04:b2:4a:53:d4:13:5b:96:bb:40:8b:
         71:7e:f6:3b:b2:61:3c:e3:0e:27:c5:7d:52:5c:d9:47:f4:27:
         54:20:fa:0a:fa:6f:a1:a7:e3:07:d7:a0:ae:f1:f6:cc:d0:8b:
         f3:6f:c8:7d:a2:fc:29:bd:ff:5d:38:af:23:e6:84:ce:bb:55:
         83:58:0d:a4:d6:2b:29:d7:bb:3e:27:ca:d2:a7:90:84:fd:2e:
         50:ce:fa:e6
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQhQ7rXC1FTb4IVlJSmnHwRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDk0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzY4NDdiMjk3MjM1ZmFmMDcxNjg2ZmVkMmMxZTkxMGJmNjAwNDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlMoBirnxmgYUQVcASltQoZ/eY8X
AOz8HAWv38/85W4jBBN3bpVtTjCOkTWa6OTgY+mysR8zcmCMQiqH25i5Fhq/NUuf
fgfGYdKr0/Tud6IuYrP8TQEchOPEAXqBbkApgXPHzL+uNHTOjcZ/+gr7bCQzf2N7
E/DB/HsQ+0mbzjv7c1lr98j+OIcqNJmB7FJY2F1op3yNT6ai0sCaQNawl5f7lP+q
A6LZiD6zAaQ653JopryfCFzTQnS8DcO+N6jJfYq2v/oZBpx5FodMwfbOZnIm2r+e
Vef6deQCh2dHGyZsoW9Uvt5yeIvARopHh4jwenUw2xlU1RwjcMoJf7aWXQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFANoR7KXI1+vBxaG/tLB6RC/YASGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFlLzQ0Yjc5
Ny1jZDViLTRkZWQtYTU2Mi1iZGQ3MzI4ZTk0Y2IvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWUvNDRiNzk3
LWNkNWItNGRlZC1hNTYyLWJkZDczMjhlOTRjYi8xL0EyaEhzcGNqWDY4SEZvYi0w
c0hwRUw5Z0JJWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW/DAMA0GCSqGSIb3DQEBCwUAA4IBAQAG/SLO
vOgQDNK+89n+U9FMGK8T73PZyfVWl5n0QWttdZtzFJq6yoqZJmkTf9PnpoP2F7xD
PMO6Y8vbxCmtD18JDlF3Ei42Y7hx3TKzspT2LeFl2jgCKD0OyjTGj4SGjeeDJISr
NO9uDqAiqYpnhjZYpNOV8FPT6+W4Pc7r9XW+xxq9c0jYQQnBBYQtJa84xE74INdk
1gf8iPtpXPSsxit0ld2Vu7X3G0qiBLJKU9QTW5a7QItxfvY7smE84w4nxX1SXNlH
9CdUIPoK+m+hp+MH16Cu8fbM0Ivzb8h9ovwpvf9dOK8j5oTOu1WDWA2k1isp17s+
J8rSp5CE/S5Qzvrm
-----END CERTIFICATE-----