Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/CBg0SlIKOZknm7gkfheeiEBuNXg.cer
File:                     CBg0SlIKOZknm7gkfheeiEBuNXg.cer (raw, json)
Hash identifier:          NzOEz58MfpW6NiXXnLubFTlMb/9h6VO3WfAJEDzITwk=
Subject key identifier:   08:18:34:4A:52:0A:39:99:27:9B:B8:24:7E:17:9E:88:40:6E:35:78
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019422FC16495E7174F82C228AD14F0F775F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/31/56b818-9ee1-4a06-a8ec-851ea65cb98b/1/CBg0SlIKOZknm7gkfheeiEBuNXg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/31/56b818-9ee1-4a06-a8ec-851ea65cb98b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 17:48:53 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 31.131.188.0/23
                          IP: 91.232.248.0/24
                          IP: 195.69.224.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:16:49:5e:71:74:f8:2c:22:8a:d1:4f:0f:77:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 17:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0818344a520a3999279bb8247e179e88406e3578
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:6e:33:dd:b3:dd:14:c6:9b:38:e2:f9:8a:88:
                    39:ce:da:0f:4f:46:3e:13:f1:0a:7c:7c:f4:8e:04:
                    cc:b5:14:64:ac:83:7c:82:b4:84:f2:7c:87:59:ce:
                    03:4f:db:fc:8f:51:00:d9:a8:70:dd:b2:50:1c:f5:
                    93:66:c9:a0:b5:cd:30:42:5c:54:bc:19:42:75:2e:
                    e4:ad:ba:a2:e1:0b:c9:40:70:9e:e1:2b:6a:2f:d3:
                    cb:85:fc:cf:8d:bf:dc:d2:9b:c0:ec:d2:b4:33:57:
                    0e:e9:b0:60:26:d3:37:da:65:70:87:a8:d3:cb:6b:
                    40:bc:17:ae:d9:33:53:a5:63:ab:56:c1:27:f4:f9:
                    d8:7a:bb:0f:af:2d:58:33:61:a6:e5:f6:ad:72:7e:
                    78:ba:f1:4b:cf:4e:b8:a9:55:74:b3:db:73:39:52:
                    53:6d:77:77:64:f4:12:d4:25:9f:61:92:90:b6:ec:
                    23:81:5d:35:bb:70:aa:9b:50:2a:06:ba:1e:dc:a3:
                    a4:d7:32:16:df:17:51:96:26:e6:de:a8:2a:91:95:
                    6b:08:89:54:7c:9c:36:0e:9c:0e:62:2c:39:92:ff:
                    90:6c:ad:b7:92:57:90:9e:8a:be:97:e0:9c:98:b8:
                    c0:41:74:27:4d:74:d4:36:45:a2:e5:8a:f0:bf:3d:
                    fc:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:18:34:4A:52:0A:39:99:27:9B:B8:24:7E:17:9E:88:40:6E:35:78
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/56b818-9ee1-4a06-a8ec-851ea65cb98b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/56b818-9ee1-4a06-a8ec-851ea65cb98b/1/CBg0SlIKOZknm7gkfheeiEBuNXg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.131.188.0/23
                  91.232.248.0/24
                  195.69.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:04:b2:9c:88:4d:5e:8d:93:c2:78:a9:65:f1:fb:d3:9f:6f:
         0d:9e:a1:5a:94:f7:98:c5:c7:a7:79:21:93:ac:42:77:ac:a6:
         e0:aa:ee:e0:04:20:f9:9b:99:20:19:22:c5:f2:bd:b6:eb:4b:
         6d:ba:52:d6:a0:b7:2f:ec:9c:b7:70:71:14:97:17:48:95:24:
         30:6e:90:46:d0:8d:01:1d:d3:96:4a:0a:98:7b:11:2e:31:13:
         9f:18:af:f2:ce:ca:15:2f:2d:92:cd:d7:a0:9b:54:28:7e:5f:
         b8:92:47:d0:89:fb:62:b4:ac:ff:01:d9:6e:21:2d:f7:a3:12:
         26:cb:0f:fd:58:29:c8:77:7b:2f:35:7c:2e:9e:57:4a:ab:d1:
         dc:42:7e:ba:e8:45:82:e3:ed:21:bf:71:4b:0f:9c:8c:a0:63:
         41:a4:7e:f0:f3:00:3f:3c:5a:ed:40:9c:75:ff:9a:78:86:15:
         13:a0:09:c5:64:c6:26:a1:df:64:81:6b:c3:93:42:e8:34:0d:
         3c:d5:5f:69:e7:14:d8:0d:eb:c1:41:5c:a6:58:48:99:0f:5b:
         ed:f1:c8:7f:67:2b:aa:ac:2c:e0:32:33:6a:d7:49:e0:ab:18:
         1a:6e:03:87:85:56:10:51:79:47:c1:7d:17:b0:1f:24:07:9e:
         f2:eb:24:fd
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgISAZQi/BZJXnF0+CwiitFPD3dfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTc0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODE4MzQ0YTUyMGEzOTk5Mjc5YmI4MjQ3ZTE3OWU4ODQwNmUzNTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3G4z3bPdFMabOOL5iog5ztoPT0Y+
E/EKfHz0jgTMtRRkrIN8grSE8nyHWc4DT9v8j1EA2ahw3bJQHPWTZsmgtc0wQlxU
vBlCdS7krbqi4QvJQHCe4StqL9PLhfzPjb/c0pvA7NK0M1cO6bBgJtM32mVwh6jT
y2tAvBeu2TNTpWOrVsEn9PnYersPry1YM2Gm5fatcn54uvFLz064qVV0s9tzOVJT
bXd3ZPQS1CWfYZKQtuwjgV01u3Cqm1AqBroe3KOk1zIW3xdRlibm3qgqkZVrCIlU
fJw2DpwOYiw5kv+QbK23kleQnoq+l+CcmLjAQXQnTXTUNkWi5Yrwvz38SQIDAQAB
o4ICkDCCAowwHQYDVR0OBBYEFAgYNEpSCjmZJ5u4JH4XnohAbjV4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMxLzU2Yjgx
OC05ZWUxLTRhMDYtYThlYy04NTFlYTY1Y2I5OGIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzEvNTZiODE4
LTllZTEtNGEwNi1hOGVjLTg1MWVhNjVjYjk4Yi8xL0NCZzBTbElLT1prbm03Z2tm
aGVlaUVCdU5YZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUF
BwEHAQH/BBwwGjAYBAIAATASAwQBH4O8AwQAW+j4AwQAw0XgMA0GCSqGSIb3DQEB
CwUAA4IBAQA5BLKciE1ejZPCeKll8fvTn28NnqFalPeYxceneSGTrEJ3rKbgqu7g
BCD5m5kgGSLF8r2260ttulLWoLcv7Jy3cHEUlxdIlSQwbpBG0I0BHdOWSgqYexEu
MROfGK/yzsoVLy2Szdegm1Qofl+4kkfQiftitKz/AdluIS33oxImyw/9WCnId3sv
NXwunldKq9HcQn666EWC4+0hv3FLD5yMoGNBpH7w8wA/PFrtQJx1/5p4hhUToAnF
ZMYmod9kgWvDk0LoNA081V9p5xTYDevBQVymWEiZD1vt8ch/ZyuqrCzgMjNq10ng
qxgabgOHhVYQUXlHwX0XsB8kB57y6yT9
-----END CERTIFICATE-----