Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/BfIh9fBM-dlt3qRCUbK4I_cRRmM.cer
File:                     BfIh9fBM-dlt3qRCUbK4I_cRRmM.cer (raw, json)
Hash identifier:          rUIFYeC6Ptnf612Ejl4d5O9f07HWXR15EMQxRQPDCGI=
Subject key identifier:   05:F2:21:F5:F0:4C:F9:D9:6D:DE:A4:42:51:B2:B8:23:F7:11:46:63
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941FFA6BE97BE4101C7329A8A710E53EC6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/63/b7d1b5-7cb8-46aa-ad58-cbf2a3b6a284/1/BfIh9fBM-dlt3qRCUbK4I_cRRmM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/63/b7d1b5-7cb8-46aa-ad58-cbf2a3b6a284/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 03:48:12 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 192.54.122.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:6b:e9:7b:e4:10:1c:73:29:a8:a7:10:e5:3e:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 03:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=05f221f5f04cf9d96ddea44251b2b823f7114663
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:18:eb:0a:7a:42:54:aa:ad:58:1e:18:cf:e6:
                    cd:bf:45:79:c5:55:78:84:ea:64:28:10:22:dd:58:
                    59:b5:5c:85:ed:47:1b:e1:d4:8b:54:5f:c8:af:f6:
                    77:03:52:2f:02:07:1e:6d:95:c0:cb:7b:5c:01:54:
                    73:99:dd:28:91:29:9c:f9:94:43:d4:85:0c:d6:ac:
                    b9:09:d2:16:09:79:f6:03:96:e3:9f:10:e8:cb:d8:
                    88:76:cd:93:76:52:41:5e:11:fd:f4:47:d5:11:d0:
                    18:10:4b:9a:7e:3f:9c:7c:32:73:28:a1:5b:28:b4:
                    26:3e:9f:87:47:f7:8a:6a:de:6e:e7:5f:91:28:4f:
                    8e:e3:57:f8:4f:23:72:3e:33:94:fd:e5:33:61:0c:
                    d6:d9:d5:47:12:43:ce:9d:de:7e:ee:ef:54:24:85:
                    1b:b1:72:06:15:4e:79:69:2f:58:e3:22:ff:e9:b0:
                    c2:04:fb:50:02:0b:3d:45:24:18:1b:93:87:d7:27:
                    7c:28:36:ee:fc:ac:5d:78:2a:96:70:2c:9f:0e:2e:
                    75:a0:ef:14:e4:f7:7a:5c:7c:6e:b5:fc:e5:0d:3d:
                    85:c7:85:13:cd:e1:f7:43:64:7d:08:83:19:99:c4:
                    1d:73:79:56:53:6f:99:9b:1c:02:a3:2e:c5:4e:0d:
                    ed:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:F2:21:F5:F0:4C:F9:D9:6D:DE:A4:42:51:B2:B8:23:F7:11:46:63
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/b7d1b5-7cb8-46aa-ad58-cbf2a3b6a284/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/b7d1b5-7cb8-46aa-ad58-cbf2a3b6a284/1/BfIh9fBM-dlt3qRCUbK4I_cRRmM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.54.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:cd:2a:95:90:6b:80:eb:9b:df:72:38:b2:fd:a8:d4:6f:1b:
         79:7e:46:b1:25:7c:b1:ae:06:05:b4:97:91:17:75:ac:11:84:
         21:f9:30:7e:53:5e:37:59:45:65:5b:7f:02:66:9a:5f:4c:1f:
         aa:7e:d4:f8:55:f8:a5:6e:da:e9:2a:79:f2:e1:c0:74:7d:e6:
         8f:bc:f6:c8:81:8e:94:1e:b5:22:18:84:33:4a:20:0e:74:6e:
         2d:b6:bb:eb:86:6f:98:95:4e:8a:41:bf:56:06:ac:a7:9b:6c:
         dc:76:37:e8:5c:b3:0a:f8:cc:6c:05:42:c6:48:3e:90:b1:14:
         d1:8c:f5:41:43:e4:c5:30:54:60:77:a3:2b:e5:41:67:4a:1c:
         b1:98:dc:06:92:f0:a7:62:a2:e3:30:2d:89:2c:ef:1d:1d:60:
         24:6d:82:3c:b6:46:d0:4d:66:87:3f:27:2b:5f:60:64:1a:f7:
         bd:1a:6a:1c:ce:86:9d:c8:cf:0f:04:a7:e6:fe:62:29:4e:ea:
         d3:b8:07:3c:97:28:bb:7f:1c:cd:a7:64:f0:7e:e0:27:6e:35:
         b2:9b:90:f6:68:1b:c5:1c:04:9b:c2:2e:4e:79:e0:51:ae:c1:
         cc:c6:9e:85:e8:59:59:64:c7:06:0e:06:dd:86:15:8d:01:8a:
         e5:1d:77:ef
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQf+mvpe+QQHHMpqKcQ5T7GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDM0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWYyMjFmNWYwNGNmOWQ5NmRkZWE0NDI1MWIyYjgyM2Y3MTE0NjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hjrCnpCVKqtWB4Yz+bNv0V5xVV4
hOpkKBAi3VhZtVyF7Ucb4dSLVF/Ir/Z3A1IvAgcebZXAy3tcAVRzmd0okSmc+ZRD
1IUM1qy5CdIWCXn2A5bjnxDoy9iIds2TdlJBXhH99EfVEdAYEEuafj+cfDJzKKFb
KLQmPp+HR/eKat5u51+RKE+O41f4TyNyPjOU/eUzYQzW2dVHEkPOnd5+7u9UJIUb
sXIGFU55aS9Y4yL/6bDCBPtQAgs9RSQYG5OH1yd8KDbu/KxdeCqWcCyfDi51oO8U
5Pd6XHxutfzlDT2Fx4UTzeH3Q2R9CIMZmcQdc3lWU2+ZmxwCoy7FTg3tCwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFAXyIfXwTPnZbd6kQlGyuCP3EUZjMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzYzL2I3ZDFi
NS03Y2I4LTQ2YWEtYWQ1OC1jYmYyYTNiNmEyODQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjMvYjdkMWI1
LTdjYjgtNDZhYS1hZDU4LWNiZjJhM2I2YTI4NC8xL0JmSWg5ZkJNLWRsdDNxUkNV
Yks0SV9jUlJtTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwDZ6MA0GCSqGSIb3DQEBCwUAA4IBAQAMzSqV
kGuA65vfcjiy/ajUbxt5fkaxJXyxrgYFtJeRF3WsEYQh+TB+U143WUVlW38CZppf
TB+qftT4VfilbtrpKnny4cB0feaPvPbIgY6UHrUiGIQzSiAOdG4ttrvrhm+YlU6K
Qb9WBqynm2zcdjfoXLMK+MxsBULGSD6QsRTRjPVBQ+TFMFRgd6Mr5UFnShyxmNwG
kvCnYqLjMC2JLO8dHWAkbYI8tkbQTWaHPycrX2BkGve9GmoczoadyM8PBKfm/mIp
TurTuAc8lyi7fxzNp2TwfuAnbjWym5D2aBvFHASbwi5OeeBRrsHMxp6F6FlZZMcG
DgbdhhWNAYrlHXfv
-----END CERTIFICATE-----