Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/DKqIQOU7uWW-UZLIW3QDReegZSw.cer
File:                     DKqIQOU7uWW-UZLIW3QDReegZSw.cer (raw, json)
Hash identifier:          kZB+9DkWZliGFX3assOlBRWWZkPuI1EsDp8tAnrh4T4=
Subject key identifier:   0C:AA:88:40:E5:3B:B9:65:BE:51:92:C8:5B:74:03:45:E7:A0:65:2C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942369A9C8ADC4A72C4CFAD4C61AC25FAF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/61/c67c3e-45c6-4c81-9738-c44ddffa69ab/1/DKqIQOU7uWW-UZLIW3QDReegZSw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/61/c67c3e-45c6-4c81-9738-c44ddffa69ab/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 19:48:34 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 193.107.46.0/24
                          IP: 2a13:7f00::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:a9:c8:ad:c4:a7:2c:4c:fa:d4:c6:1a:c2:5f:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 19:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0caa8840e53bb965be5192c85b740345e7a0652c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:20:d9:82:ff:1e:b5:96:34:a9:b8:93:e0:4e:
                    40:a1:a1:2d:35:b3:fc:75:b3:7e:82:a3:40:04:3a:
                    79:fe:22:4b:b6:28:fe:bf:e7:8d:ad:6e:9c:5f:7b:
                    12:2e:ca:0c:12:dc:c0:07:e4:79:f6:c7:3e:52:71:
                    2b:82:7f:21:ee:15:87:70:58:4c:47:50:88:f1:90:
                    02:fe:00:35:7a:b2:1a:a6:84:40:eb:10:10:eb:6b:
                    8b:02:3a:c7:6a:30:f5:59:84:22:be:3f:77:4d:d0:
                    68:ab:1e:9b:ee:54:63:33:5c:89:b8:b9:49:b2:01:
                    b0:61:92:12:bb:98:2a:c8:6c:40:a4:99:c5:1d:0b:
                    9e:10:c3:3e:d1:b6:a2:10:6c:db:44:a7:4d:05:37:
                    7a:9e:fc:e7:98:79:dd:32:37:e3:7f:89:2a:59:fe:
                    5f:b4:84:dd:52:7a:f0:b4:cc:9a:24:8d:26:36:67:
                    51:00:3e:04:4d:59:27:fb:fc:ac:15:51:2d:4c:bb:
                    97:14:9d:39:b7:1a:6d:2b:d9:30:71:00:38:84:e8:
                    ec:41:99:6e:90:25:fc:bf:38:88:08:dd:1a:5e:05:
                    b1:46:0f:82:c2:55:c6:8c:6e:a8:a9:87:1d:f8:4b:
                    02:ce:d4:4c:5d:00:ca:e1:56:27:ac:5c:23:c3:06:
                    c0:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:AA:88:40:E5:3B:B9:65:BE:51:92:C8:5B:74:03:45:E7:A0:65:2C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/c67c3e-45c6-4c81-9738-c44ddffa69ab/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/c67c3e-45c6-4c81-9738-c44ddffa69ab/1/DKqIQOU7uWW-UZLIW3QDReegZSw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.107.46.0/24
                IPv6:
                  2a13:7f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         87:cf:d1:72:58:80:a4:e5:73:b5:7b:c3:40:e8:c4:2b:31:66:
         97:8c:3f:65:8a:a3:4c:b3:9b:6d:a7:a2:c2:e2:97:dc:af:84:
         b9:ae:b0:0b:aa:3d:fd:cc:c3:71:3f:3a:ef:4d:2f:a3:88:72:
         a8:17:f6:c9:ef:a5:50:10:d8:c4:f1:9d:67:b1:50:62:f0:c7:
         33:d0:0a:74:0c:c6:2b:fe:5f:94:b4:41:b4:9a:47:f9:52:4c:
         2e:83:2b:5c:bc:35:15:d9:6f:52:c0:2b:ab:94:c5:87:b9:8d:
         1f:99:04:8e:87:c0:31:fa:7a:b2:52:00:0b:0b:96:b7:19:82:
         1f:6e:07:85:50:95:04:f1:ef:4d:92:c2:cc:62:92:af:6a:4c:
         75:e0:66:92:45:52:77:66:ff:f5:e3:a0:bd:92:34:65:8e:b6:
         e2:a1:6a:96:26:6d:da:5b:ca:81:52:97:93:99:cf:f5:33:cd:
         19:b2:05:37:1c:12:33:91:ce:ce:75:7a:d1:b7:65:90:53:6d:
         94:66:a3:79:0a:c9:c3:e5:20:6e:e8:2e:73:4d:57:7d:0b:39:
         4a:fe:61:4e:56:22:c6:b7:36:de:23:54:4e:32:6b:b0:c4:65:
         5b:8d:1b:da:48:e7:2f:94:bc:17:05:95:a5:91:e6:21:ac:27:
         5e:25:85:42
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQjaanIrcSnLEz61MYawl+vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTk0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2FhODg0MGU1M2JiOTY1YmU1MTkyYzg1Yjc0MDM0NWU3YTA2NTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSDZgv8etZY0qbiT4E5AoaEtNbP8
dbN+gqNABDp5/iJLtij+v+eNrW6cX3sSLsoMEtzAB+R59sc+UnErgn8h7hWHcFhM
R1CI8ZAC/gA1erIapoRA6xAQ62uLAjrHajD1WYQivj93TdBoqx6b7lRjM1yJuLlJ
sgGwYZISu5gqyGxApJnFHQueEMM+0baiEGzbRKdNBTd6nvznmHndMjfjf4kqWf5f
tITdUnrwtMyaJI0mNmdRAD4ETVkn+/ysFVEtTLuXFJ05txptK9kwcQA4hOjsQZlu
kCX8vziICN0aXgWxRg+CwlXGjG6oqYcd+EsCztRMXQDK4VYnrFwjwwbACQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFAyqiEDlO7llvlGSyFt0A0XnoGUsMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzYxL2M2N2Mz
ZS00NWM2LTRjODEtOTczOC1jNDRkZGZmYTY5YWIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjEvYzY3YzNl
LTQ1YzYtNGM4MS05NzM4LWM0NGRkZmZhNjlhYi8xL0RLcUlRT1U3dVdXLVVaTElX
M1FEUmVlZ1pTdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAwWsuMA0EAgACMAcDBQMqE38AMA0GCSqGSIb3
DQEBCwUAA4IBAQCHz9FyWICk5XO1e8NA6MQrMWaXjD9liqNMs5ttp6LC4pfcr4S5
rrALqj39zMNxPzrvTS+jiHKoF/bJ76VQENjE8Z1nsVBi8Mcz0Ap0DMYr/l+UtEG0
mkf5UkwugytcvDUV2W9SwCurlMWHuY0fmQSOh8Ax+nqyUgALC5a3GYIfbgeFUJUE
8e9NksLMYpKvakx14GaSRVJ3Zv/146C9kjRljrbioWqWJm3aW8qBUpeTmc/1M80Z
sgU3HBIzkc7OdXrRt2WQU22UZqN5CsnD5SBu6C5zTVd9CzlK/mFOViLGtzbeI1RO
MmuwxGVbjRvaSOcvlLwXBZWlkeYhrCdeJYVC
-----END CERTIFICATE-----