Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/FdaRyV0UuLzeZpKgMgzA4odWsFk.cer
File:                     FdaRyV0UuLzeZpKgMgzA4odWsFk.cer (raw, json)
Hash identifier:          K/RdeTjTgAtpU4yboBsyX8MsgkQhd8wGxdheUX6dlLA=
Subject key identifier:   15:D6:91:C9:5D:14:B8:BC:DE:66:92:A0:32:0C:C0:E2:87:56:B0:59
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01903968C2FB742B3CD1E6DC0C0BABE134C4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7c/5d6e29-942f-4caf-98a8-fd5d55b61ec4/1/FdaRyV0UuLzeZpKgMgzA4odWsFk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7c/5d6e29-942f-4caf-98a8-fd5d55b61ec4/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 21 Jun 2024 06:08:05 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 2a13:a1c0::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:39:68:c2:fb:74:2b:3c:d1:e6:dc:0c:0b:ab:e1:34:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jun 21 06:08:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15d691c95d14b8bcde6692a0320cc0e28756b059
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:4c:d8:7b:58:45:58:0a:95:14:b6:a4:eb:1f:
                    43:61:39:0d:13:d9:88:30:c0:54:33:5d:67:df:0f:
                    a6:a2:5a:9e:81:53:75:33:30:18:a9:bf:b4:92:ee:
                    a2:30:63:fc:5d:36:c0:09:45:f5:ca:c8:24:c1:82:
                    e9:ee:81:3b:34:5d:1e:9b:5c:23:fa:ab:56:d4:1c:
                    9b:b8:dd:c8:20:c3:3d:b1:e8:4a:fb:f2:82:e8:bf:
                    7b:56:a1:b6:47:44:83:b0:13:a7:52:f5:41:63:0a:
                    f8:4a:e1:1b:1e:c1:ab:5f:22:ec:66:b0:11:d2:82:
                    cf:72:43:73:c9:49:d5:23:eb:2d:bf:ed:f8:65:b4:
                    84:0b:03:04:f2:b5:2f:3a:a4:f2:29:b8:d8:70:f6:
                    ef:77:1a:50:6c:7b:d2:49:3f:4f:90:be:59:4c:52:
                    9e:e4:35:22:7e:0e:5f:bd:59:eb:8d:f1:5c:0e:5d:
                    30:75:ab:9b:21:61:e4:0e:be:a0:a1:20:27:5c:74:
                    5d:9d:b4:af:5a:08:82:4d:46:87:17:8d:16:3f:91:
                    1a:1a:af:20:22:d4:02:62:42:af:29:a7:51:1e:06:
                    03:f7:3f:fd:24:8e:0d:95:e5:36:89:57:07:37:d4:
                    e2:28:c0:7b:cf:ce:d5:49:bb:e3:7a:6e:14:11:bf:
                    dc:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:D6:91:C9:5D:14:B8:BC:DE:66:92:A0:32:0C:C0:E2:87:56:B0:59
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/5d6e29-942f-4caf-98a8-fd5d55b61ec4/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/5d6e29-942f-4caf-98a8-fd5d55b61ec4/1/FdaRyV0UuLzeZpKgMgzA4odWsFk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a1c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         20:9c:eb:d3:9a:03:54:2e:65:10:4f:8b:f8:fa:55:fa:d7:c3:
         c4:e3:0b:69:43:d6:12:af:7e:5d:e9:b4:e5:30:0a:ed:a1:bf:
         5c:13:bb:86:c7:a6:df:ef:5f:72:28:87:9f:8b:61:d4:78:a3:
         2e:ed:1b:d7:01:9f:70:84:01:5c:32:27:75:81:bc:a9:cc:41:
         38:56:9f:01:26:84:09:af:c7:2f:bf:7e:64:3b:09:93:56:4f:
         0d:12:03:49:1d:e8:77:63:be:d6:68:46:06:6d:7f:cc:10:95:
         46:7b:4f:51:06:b6:b2:e9:cc:34:e2:67:03:d9:e2:33:fc:02:
         8a:80:72:44:84:83:b4:0d:1e:dc:6b:11:d2:23:ed:8c:12:4f:
         70:b4:26:7c:66:bb:80:67:9e:4f:29:ee:6e:b8:9d:14:4d:77:
         eb:d5:f2:5f:f6:f5:8d:ce:ca:b3:e7:cb:1d:f6:54:ff:d0:19:
         3a:1c:0f:43:5f:57:d2:1f:74:ac:12:9f:c9:f3:92:4c:6b:e9:
         a5:b7:30:0e:8e:8a:fb:aa:a4:91:fd:c6:81:53:fc:e6:22:2c:
         6a:c6:f4:a6:69:c4:15:01:fd:6f:cc:ea:c2:96:09:01:57:9f:
         e3:83:41:37:29:be:8c:a7:8a:e6:34:4d:11:f2:a1:1a:14:e7:
         b6:0d:42:12
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAZA5aML7dCs80ebcDAur4TTEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNjIxMDYwODA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWQ2OTFjOTVkMTRiOGJjZGU2NjkyYTAzMjBjYzBlMjg3NTZiMDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00zYe1hFWAqVFLak6x9DYTkNE9mI
MMBUM11n3w+molqegVN1MzAYqb+0ku6iMGP8XTbACUX1ysgkwYLp7oE7NF0em1wj
+qtW1BybuN3IIMM9sehK+/KC6L97VqG2R0SDsBOnUvVBYwr4SuEbHsGrXyLsZrAR
0oLPckNzyUnVI+stv+34ZbSECwME8rUvOqTyKbjYcPbvdxpQbHvSST9PkL5ZTFKe
5DUifg5fvVnrjfFcDl0wdaubIWHkDr6goSAnXHRdnbSvWgiCTUaHF40WP5EaGq8g
ItQCYkKvKadRHgYD9z/9JI4NleU2iVcHN9TiKMB7z87VSbvjem4UEb/c1wIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFBXWkcldFLi83maSoDIMwOKHVrBZMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdjLzVkNmUy
OS05NDJmLTRjYWYtOThhOC1mZDVkNTViNjFlYzQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2MvNWQ2ZTI5
LTk0MmYtNGNhZi05OGE4LWZkNWQ1NWI2MWVjNC8xL0ZkYVJ5VjBVdUx6ZVpwS2dN
Z3pBNG9kV3NGay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUAKhOhwDANBgkqhkiG9w0BAQsFAAOCAQEAIJzr
05oDVC5lEE+L+PpV+tfDxOMLaUPWEq9+Xem05TAK7aG/XBO7hsem3+9fciiHn4th
1HijLu0b1wGfcIQBXDIndYG8qcxBOFafASaECa/HL79+ZDsJk1ZPDRIDSR3od2O+
1mhGBm1/zBCVRntPUQa2sunMNOJnA9niM/wCioByRISDtA0e3GsR0iPtjBJPcLQm
fGa7gGeeTynubridFE1369XyX/b1jc7Ks+fLHfZU/9AZOhwPQ19X0h90rBKfyfOS
TGvppbcwDo6K+6qkkf3GgVP85iIsasb0pmnEFQH9b8zqwpYJAVef44NBNym+jKeK
5jRNEfKhGhTntg1CEg==
-----END CERTIFICATE-----