Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/B7ygSC1gVYfrDgyFHDjoB3VfkBc.cer
File:                     B7ygSC1gVYfrDgyFHDjoB3VfkBc.cer (raw, json)
Hash identifier:          iwR7sGSxlbsqsR9FV9Sqm0Xhou7xgIF667ICKCoECFA=
Subject key identifier:   07:BC:A0:48:2D:60:55:87:EB:0E:0C:85:1C:38:E8:07:75:5F:90:17
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0190BB3A6F5F14433F085D802334162BFEB1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/94/766311-caa4-4399-8b35-fc79af1f6fb3/1/B7ygSC1gVYfrDgyFHDjoB3VfkBc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/94/766311-caa4-4399-8b35-fc79af1f6fb3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 16 Jul 2024 11:08:07 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 2a14:1740::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bb:3a:6f:5f:14:43:3f:08:5d:80:23:34:16:2b:fe:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jul 16 11:08:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07bca0482d605587eb0e0c851c38e807755f9017
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:38:ff:fa:13:0f:bf:d4:38:1f:1f:bf:31:c7:
                    75:63:81:2e:7b:c6:32:f5:d9:37:74:63:7e:9b:76:
                    8d:d6:18:a0:19:de:b6:ec:e7:84:24:28:5c:17:f7:
                    0a:91:e7:ee:93:7f:1b:c8:d0:9c:af:51:fb:41:2e:
                    b7:bf:f7:e7:a1:8d:68:59:e7:4e:81:5c:51:ea:b0:
                    01:08:4f:37:96:5b:ad:10:bf:d9:56:55:2d:74:15:
                    3a:08:80:a8:29:a0:f5:b2:b7:b6:fc:9a:f2:4a:fa:
                    19:de:88:6f:0b:3b:e8:d4:a0:58:02:6a:00:2c:4b:
                    13:ca:fa:8d:b8:a0:25:b4:b5:7f:12:9b:52:bd:25:
                    75:99:5f:e4:5e:ff:ed:91:d2:77:d6:d2:1f:4d:36:
                    7c:0e:0d:60:5a:3f:f0:2c:74:62:24:8f:eb:5c:d0:
                    73:27:35:80:ac:93:5a:98:4e:7d:08:da:a2:85:74:
                    87:05:6c:3b:d3:81:93:9e:01:02:eb:83:4e:42:aa:
                    3a:d2:d8:41:1e:6c:dc:2c:b0:0f:33:ec:05:68:ad:
                    99:a5:ac:48:88:c7:8e:fb:7e:1c:2a:39:e4:2e:33:
                    59:13:b4:20:0c:63:a1:0c:d9:d7:28:dd:76:31:02:
                    5e:63:93:ca:5a:e0:87:19:98:7f:f4:00:23:a4:71:
                    21:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:BC:A0:48:2D:60:55:87:EB:0E:0C:85:1C:38:E8:07:75:5F:90:17
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/766311-caa4-4399-8b35-fc79af1f6fb3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/766311-caa4-4399-8b35-fc79af1f6fb3/1/B7ygSC1gVYfrDgyFHDjoB3VfkBc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:1740::/29

    Signature Algorithm: sha256WithRSAEncryption
         98:02:4c:35:13:1f:47:6a:27:fa:4f:1b:78:9f:d8:3f:c7:27:
         d0:d8:3a:54:05:af:b2:a3:8a:ed:14:6f:7e:99:b4:d4:42:5d:
         14:3e:85:9b:5d:aa:16:62:95:5d:91:32:27:9b:0f:17:e0:ba:
         e3:56:8d:b3:e0:13:e3:53:f2:6a:6c:a6:68:f8:9b:70:fb:eb:
         97:7d:8a:9e:0f:4f:68:6c:1a:c5:30:ee:1c:f9:4f:ea:95:3e:
         8f:cd:16:b6:1a:d2:f2:ed:ce:57:43:4e:6e:3a:c6:3d:84:9b:
         e2:eb:f0:cf:fe:ef:09:2a:16:4f:4f:a6:b1:5f:fb:7d:07:f3:
         2d:53:b3:92:49:81:23:f6:55:8e:71:20:b9:88:07:cb:76:89:
         e7:da:81:9f:39:f9:83:8d:c4:ff:58:01:40:4f:44:76:5d:79:
         0d:89:05:8d:f8:c6:f4:bc:7d:d0:7f:5e:a1:73:f3:98:39:87:
         e0:43:2e:31:09:3d:34:8f:14:6f:df:17:66:13:6f:bf:4f:3c:
         6d:58:99:bc:b5:51:5b:10:33:d3:2b:c7:23:ed:24:ce:16:02:
         ba:25:a9:5b:00:00:ca:47:e8:7c:e1:ba:0e:3d:b1:8c:9d:0d:
         df:8b:0b:91:12:bc:f7:2a:64:ea:93:bd:6a:4d:b5:6f:3f:fb:
         3f:27:9b:61
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAZC7Om9fFEM/CF2AIzQWK/6xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNzE2MTEwODA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2JjYTA0ODJkNjA1NTg3ZWIwZTBjODUxYzM4ZTgwNzc1NWY5MDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujj/+hMPv9Q4Hx+/Mcd1Y4Eue8Yy
9dk3dGN+m3aN1higGd627OeEJChcF/cKkefuk38byNCcr1H7QS63v/fnoY1oWedO
gVxR6rABCE83llutEL/ZVlUtdBU6CICoKaD1sre2/JrySvoZ3ohvCzvo1KBYAmoA
LEsTyvqNuKAltLV/EptSvSV1mV/kXv/tkdJ31tIfTTZ8Dg1gWj/wLHRiJI/rXNBz
JzWArJNamE59CNqihXSHBWw704GTngEC64NOQqo60thBHmzcLLAPM+wFaK2ZpaxI
iMeO+34cKjnkLjNZE7QgDGOhDNnXKN12MQJeY5PKWuCHGZh/9AAjpHEh4QIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFAe8oEgtYFWH6w4MhRw46Ad1X5AXMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk0Lzc2NjMx
MS1jYWE0LTQzOTktOGIzNS1mYzc5YWYxZjZmYjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTQvNzY2MzEx
LWNhYTQtNDM5OS04YjM1LWZjNzlhZjFmNmZiMy8xL0I3eWdTQzFnVllmckRneUZI
RGpvQjNWZmtCYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUDKhQXQDANBgkqhkiG9w0BAQsFAAOCAQEAmAJM
NRMfR2on+k8beJ/YP8cn0Ng6VAWvsqOK7RRvfpm01EJdFD6Fm12qFmKVXZEyJ5sP
F+C641aNs+AT41PyamymaPibcPvrl32Kng9PaGwaxTDuHPlP6pU+j80WthrS8u3O
V0NObjrGPYSb4uvwz/7vCSoWT0+msV/7fQfzLVOzkkmBI/ZVjnEguYgHy3aJ59qB
nzn5g43E/1gBQE9Edl15DYkFjfjG9Lx90H9eoXPzmDmH4EMuMQk9NI8Ub98XZhNv
v088bViZvLVRWxAz0yvHI+0kzhYCuiWpWwAAykfofOG6Dj2xjJ0N34sLkRK89ypk
6pO9ak21bz/7PyebYQ==
-----END CERTIFICATE-----