Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/EJU-YHZw_3OO7mprV32MiygE4eE.cer
File:                     EJU-YHZw_3OO7mprV32MiygE4eE.cer (raw, json)
Hash identifier:          3KqQhIn5ppYl6v6OfnadvIMYhPmgQXecksljtqOtkI8=
Subject key identifier:   10:95:3E:60:76:70:FF:73:8E:EE:6A:6B:57:7D:8C:8B:28:04:E1:E1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942067F776BD97AE300C65BD496EB07210
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/42/a99355-2d01-4da5-8e73-1bc552c00dd7/1/EJU-YHZw_3OO7mprV32MiygE4eE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/42/a99355-2d01-4da5-8e73-1bc552c00dd7/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 05:47:52 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 176.124.224.0/23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:f7:76:bd:97:ae:30:0c:65:bd:49:6e:b0:72:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=10953e607670ff738eee6a6b577d8c8b2804e1e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ce:99:5b:f9:fb:75:2e:db:10:be:8e:08:55:
                    50:b0:29:74:12:c9:85:b3:33:f2:b3:65:e5:df:5a:
                    a0:a3:a1:68:7e:01:4d:af:dd:94:16:e2:9a:61:20:
                    d4:7f:e3:5a:57:de:f3:81:db:38:61:7a:e4:46:4f:
                    e8:35:ac:7a:96:23:17:bb:5b:05:75:8f:68:e5:38:
                    b3:64:37:5d:91:6c:2a:f0:b4:1a:2c:9b:a2:5d:e5:
                    ef:c1:ef:eb:0b:3f:c5:56:0d:e5:a0:26:ff:d0:f0:
                    34:49:0a:a9:76:c5:19:b6:f6:29:cf:77:28:27:8a:
                    d2:5a:27:d3:9f:4a:0c:bd:2d:51:de:f4:d0:31:b9:
                    62:f6:e1:60:d6:12:34:80:3c:2e:bc:43:1c:a9:de:
                    21:a6:1e:c8:89:8d:7d:ab:1d:ee:06:80:e4:a3:ca:
                    f3:e1:e6:a0:5f:23:fc:46:ca:98:2c:f7:c4:3e:e3:
                    d1:3e:19:64:53:09:8b:38:8f:23:77:f7:13:41:70:
                    6c:d0:4a:9e:af:24:3f:9d:78:ee:62:41:2a:12:8a:
                    db:4e:cc:8a:5d:01:f2:0c:35:4f:de:ae:9b:59:11:
                    08:77:fd:65:f0:50:d4:fb:ba:82:88:2b:72:77:cb:
                    dd:dd:00:f3:f5:18:1d:26:dc:a4:7e:10:66:ce:5e:
                    d3:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:95:3E:60:76:70:FF:73:8E:EE:6A:6B:57:7D:8C:8B:28:04:E1:E1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/a99355-2d01-4da5-8e73-1bc552c00dd7/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/a99355-2d01-4da5-8e73-1bc552c00dd7/1/EJU-YHZw_3OO7mprV32MiygE4eE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.124.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ae:a0:b1:45:15:52:d7:e3:f4:e9:88:4b:0f:15:2a:28:bd:90:
         a6:72:09:8e:e1:16:d8:ae:1c:09:bc:55:d5:d1:6f:53:34:b7:
         9f:81:b2:71:33:4a:65:62:14:18:74:d1:a5:1f:13:a1:8a:98:
         c5:ea:4e:8c:ae:bc:de:4c:74:70:24:d1:83:2c:ca:b1:06:be:
         23:c8:1c:33:9b:6a:71:48:e9:25:61:3a:41:10:a1:68:ba:42:
         71:2a:9f:c6:e8:22:87:7f:10:6b:9f:c7:04:2c:83:73:2a:c4:
         64:bd:10:18:a2:ae:0c:5b:40:13:31:22:cb:1f:7a:50:11:92:
         23:3f:8d:75:a5:02:ad:72:ed:8d:5a:a2:db:af:04:48:72:b0:
         ce:9b:c9:b2:cd:55:82:28:80:e2:65:30:4d:1c:b3:ca:4d:cd:
         f8:e3:29:19:f3:16:2e:19:08:88:fe:e4:39:92:1f:fc:65:79:
         21:af:43:5c:0c:5e:a6:c0:18:c5:02:4c:67:6a:3a:3a:81:7c:
         7d:2e:d4:24:1a:57:64:65:51:1b:58:77:b9:2d:3f:1a:4a:1d:
         09:ec:fb:78:47:08:3d:89:3e:03:63:b0:e1:4d:52:c2:c2:60:
         0c:4a:26:e8:c2:50:81:a4:9f:30:4f:90:40:53:41:2c:9a:20:
         d5:c9:cd:5a
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQgZ/d2vZeuMAxlvUlusHIQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDU0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDk1M2U2MDc2NzBmZjczOGVlZTZhNmI1NzdkOGM4YjI4MDRlMWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqM6ZW/n7dS7bEL6OCFVQsCl0EsmF
szPys2Xl31qgo6FofgFNr92UFuKaYSDUf+NaV97zgds4YXrkRk/oNax6liMXu1sF
dY9o5TizZDddkWwq8LQaLJuiXeXvwe/rCz/FVg3loCb/0PA0SQqpdsUZtvYpz3co
J4rSWifTn0oMvS1R3vTQMbli9uFg1hI0gDwuvEMcqd4hph7IiY19qx3uBoDko8rz
4eagXyP8RsqYLPfEPuPRPhlkUwmLOI8jd/cTQXBs0EqeryQ/nXjuYkEqEorbTsyK
XQHyDDVP3q6bWREId/1l8FDU+7qCiCtyd8vd3QDz9RgdJtykfhBmzl7ThQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFBCVPmB2cP9zju5qa1d9jIsoBOHhMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQyL2E5OTM1
NS0yZDAxLTRkYTUtOGU3My0xYmM1NTJjMDBkZDcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDIvYTk5MzU1
LTJkMDEtNGRhNS04ZTczLTFiYzU1MmMwMGRkNy8xL0VKVS1ZSFp3XzNPTzdtcHJW
MzJNaXlnRTRlRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBsHzgMA0GCSqGSIb3DQEBCwUAA4IBAQCuoLFF
FVLX4/TpiEsPFSoovZCmcgmO4RbYrhwJvFXV0W9TNLefgbJxM0plYhQYdNGlHxOh
ipjF6k6MrrzeTHRwJNGDLMqxBr4jyBwzm2pxSOklYTpBEKFoukJxKp/G6CKHfxBr
n8cELINzKsRkvRAYoq4MW0ATMSLLH3pQEZIjP411pQKtcu2NWqLbrwRIcrDOm8my
zVWCKIDiZTBNHLPKTc344ykZ8xYuGQiI/uQ5kh/8ZXkhr0NcDF6mwBjFAkxnajo6
gXx9LtQkGldkZVEbWHe5LT8aSh0J7Pt4Rwg9iT4DY7DhTVLCwmAMSibowlCBpJ8w
T5BAU0EsmiDVyc1a
-----END CERTIFICATE-----