Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/A9aopjn4iq8fQ21qILQXezjTkPw.cer
File:                     A9aopjn4iq8fQ21qILQXezjTkPw.cer (raw, json)
Hash identifier:          3sJ1TgfzdGM29xKz/KCcB7dq3OxiqlGxjTKcLX7AJGw=
Subject key identifier:   03:D6:A8:A6:39:F8:8A:AF:1F:43:6D:6A:20:B4:17:7B:38:D3:90:FC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0192B8810C9A1F347099B9DACA7D94B0363D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/0b/c18105-d90f-442f-8b1d-c20de543c0df/1/A9aopjn4iq8fQ21qILQXezjTkPw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/0b/c18105-d90f-442f-8b1d-c20de543c0df/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 23 Oct 2024 08:31:58 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 194.0.169.0/24
                          IP: 195.110.28.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b8:81:0c:9a:1f:34:70:99:b9:da:ca:7d:94:b0:36:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Oct 23 08:31:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03d6a8a639f88aaf1f436d6a20b4177b38d390fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:0a:53:36:b9:3f:76:30:0a:60:2a:67:c2:fa:
                    6e:37:ed:81:9a:94:f5:1c:39:19:db:25:4c:3d:8c:
                    f9:07:8c:1d:cf:3d:83:bb:20:ef:79:0c:21:ea:81:
                    1f:3d:e5:b4:03:a5:82:2a:e9:1f:0b:20:63:57:7c:
                    3d:07:22:02:da:2c:aa:04:db:31:f5:df:f2:11:c7:
                    ae:0c:12:56:e4:71:53:5e:c2:9a:04:90:e7:56:30:
                    46:3a:e8:90:0f:a9:63:9d:63:78:06:46:86:13:ca:
                    c8:31:d6:fa:ca:03:b6:f1:a8:69:2f:b4:4a:62:73:
                    fd:85:50:1c:f0:18:49:77:f4:c3:ff:2f:31:81:1e:
                    de:c0:68:3f:0a:54:a0:e1:ac:a5:72:c6:7c:af:1e:
                    fb:bd:ec:c3:71:10:1d:fb:4d:b7:d5:e0:0f:a6:c3:
                    60:05:f7:ef:31:9f:88:11:a5:cc:e9:d5:08:dd:8c:
                    cc:06:24:04:0b:e3:c9:56:cf:a0:20:32:0f:97:1b:
                    9f:59:7a:28:b7:f5:25:d1:6a:ea:25:34:16:02:7d:
                    85:f1:1b:13:88:86:fa:ed:1d:57:d2:42:2d:8a:af:
                    29:bc:6b:98:e0:ff:aa:ed:18:9d:7a:21:a3:e0:fc:
                    0c:64:8b:a6:8c:4c:ef:1f:5a:31:38:f0:f0:d9:21:
                    aa:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:D6:A8:A6:39:F8:8A:AF:1F:43:6D:6A:20:B4:17:7B:38:D3:90:FC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/c18105-d90f-442f-8b1d-c20de543c0df/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/c18105-d90f-442f-8b1d-c20de543c0df/1/A9aopjn4iq8fQ21qILQXezjTkPw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.169.0/24
                  195.110.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:29:0e:51:36:a7:02:8d:84:77:9f:b1:31:5c:bc:d9:fd:54:
         7c:7c:eb:d2:8d:f7:d1:f0:c8:08:89:50:84:cd:0e:83:cd:e9:
         95:9b:70:83:c6:56:da:cd:db:b6:54:02:57:18:8a:1c:bf:ca:
         72:e4:48:34:00:a9:09:fc:96:c1:de:18:41:c8:df:84:dc:19:
         46:b8:ea:73:ad:95:32:42:28:be:f9:12:a8:a7:3d:e3:f4:1d:
         25:f2:8c:f4:d7:42:a3:0f:bc:d5:b8:f8:33:53:25:f8:b2:1a:
         0e:7a:06:7e:46:33:05:4f:1f:7e:55:0e:09:28:9e:eb:1d:21:
         ab:17:e7:11:28:e5:7a:3d:b9:15:7e:de:8d:fe:56:c5:c0:4b:
         84:cd:23:23:94:a7:f7:bf:b9:5b:62:ee:31:92:af:c3:8b:a1:
         5b:a0:93:e3:6e:78:af:83:1b:64:ed:4b:8a:b4:55:d8:0e:82:
         6d:b4:06:0a:2a:b5:a8:9a:f0:36:a0:d1:68:39:9a:e7:41:73:
         95:08:a8:12:b5:a1:99:a5:37:b4:36:e3:b2:c7:83:b8:e8:35:
         6b:0c:dc:16:8f:2a:2a:33:03:3e:89:09:34:3e:40:8d:10:97:
         91:6c:ac:ea:cb:44:53:c7:6b:2c:8d:7f:4c:69:46:65:e4:8d:
         0c:52:34:36
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAZK4gQyaHzRwmbnayn2UsDY9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQxMDIzMDgzMTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2Q2YThhNjM5Zjg4YWFmMWY0MzZkNmEyMGI0MTc3YjM4ZDM5MGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ApTNrk/djAKYCpnwvpuN+2BmpT1
HDkZ2yVMPYz5B4wdzz2DuyDveQwh6oEfPeW0A6WCKukfCyBjV3w9ByIC2iyqBNsx
9d/yEceuDBJW5HFTXsKaBJDnVjBGOuiQD6ljnWN4BkaGE8rIMdb6ygO28ahpL7RK
YnP9hVAc8BhJd/TD/y8xgR7ewGg/ClSg4aylcsZ8rx77vezDcRAd+0231eAPpsNg
BffvMZ+IEaXM6dUI3YzMBiQEC+PJVs+gIDIPlxufWXoot/Ul0WrqJTQWAn2F8RsT
iIb67R1X0kItiq8pvGuY4P+q7RideiGj4PwMZIumjEzvH1oxOPDw2SGq3QIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFAPWqKY5+IqvH0NtaiC0F3s405D8MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBiL2MxODEw
NS1kOTBmLTQ0MmYtOGIxZC1jMjBkZTU0M2MwZGYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGIvYzE4MTA1
LWQ5MGYtNDQyZi04YjFkLWMyMGRlNTQzYzBkZi8xL0E5YW9wam40aXE4ZlEyMXFJ
TFFYZXpqVGtQdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQAwgCpAwQBw24cMA0GCSqGSIb3DQEBCwUAA4IB
AQCCKQ5RNqcCjYR3n7ExXLzZ/VR8fOvSjffR8MgIiVCEzQ6DzemVm3CDxlbazdu2
VAJXGIocv8py5Eg0AKkJ/JbB3hhByN+E3BlGuOpzrZUyQii++RKopz3j9B0l8oz0
10KjD7zVuPgzUyX4shoOegZ+RjMFTx9+VQ4JKJ7rHSGrF+cRKOV6PbkVft6N/lbF
wEuEzSMjlKf3v7lbYu4xkq/Di6FboJPjbnivgxtk7UuKtFXYDoJttAYKKrWomvA2
oNFoOZrnQXOVCKgStaGZpTe0NuOyx4O46DVrDNwWjyoqMwM+iQk0PkCNEJeRbKzq
y0RTx2ssjX9MaUZl5I0MUjQ2
-----END CERTIFICATE-----