Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Fm9ncLp34DLn59HXMtl1AkHhGfk.cer
File:                     Fm9ncLp34DLn59HXMtl1AkHhGfk.cer (raw, json)
Hash identifier:          Clz+yYaN/xbh6Dsb6hJk4NE6SGHSLwlMa0qw3HiFqfs=
Subject key identifier:   16:6F:67:70:BA:77:E0:32:E7:E7:D1:D7:32:D9:75:02:41:E1:19:F9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942521F8E1D39679CFACF878AE3860125A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/13/7bdc41-1875-4e50-b3d4-069c10dafb07/1/Fm9ncLp34DLn59HXMtl1AkHhGfk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/13/7bdc41-1875-4e50-b3d4-069c10dafb07/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 03:49:30 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 193.164.155.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 21:03:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:f8:e1:d3:96:79:cf:ac:f8:78:ae:38:60:12:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 03:49:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=166f6770ba77e032e7e7d1d732d9750241e119f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:60:bd:21:a1:32:93:36:ed:1c:73:7b:a0:9d:
                    bf:29:73:55:c4:13:f4:45:93:fa:d4:98:cd:fe:3a:
                    03:e2:97:3b:af:e4:7e:fa:7a:9d:27:a0:c4:3c:9c:
                    ef:de:1d:33:1e:01:f9:ab:e0:f6:85:65:9b:d0:92:
                    d6:79:b5:10:66:98:3c:04:dd:86:0a:75:cc:88:a1:
                    13:f2:91:0b:7c:7d:05:fe:f2:62:63:78:53:86:33:
                    a2:14:ab:11:09:e4:78:4b:1c:d8:9d:c1:46:27:ed:
                    49:73:3d:e0:be:11:84:fd:3d:62:12:c4:e2:7b:47:
                    ed:24:2a:8f:51:7a:d8:63:4c:71:b0:64:e7:6a:06:
                    f7:ba:8a:a3:6e:cf:cf:13:cb:b2:09:ae:a1:7d:64:
                    e1:41:f0:39:cb:11:83:36:cd:31:f6:9c:c6:09:b1:
                    06:ce:69:66:bb:ec:36:73:d5:26:4a:d3:9e:f9:c3:
                    31:37:83:c4:62:06:92:8d:51:4a:31:3e:1f:53:1d:
                    a4:ca:c1:f8:5e:bf:4d:ca:9d:b8:1e:02:d3:b8:4b:
                    af:21:a3:0f:1c:48:a2:f8:a3:f0:30:16:a6:63:41:
                    53:32:48:c7:57:20:14:4e:68:85:13:eb:8b:f4:d4:
                    51:74:41:da:ff:9e:43:8d:05:81:7a:83:7a:56:f1:
                    c2:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:6F:67:70:BA:77:E0:32:E7:E7:D1:D7:32:D9:75:02:41:E1:19:F9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/7bdc41-1875-4e50-b3d4-069c10dafb07/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/7bdc41-1875-4e50-b3d4-069c10dafb07/1/Fm9ncLp34DLn59HXMtl1AkHhGfk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.164.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:27:76:dd:79:64:e4:16:32:84:3c:24:f3:c8:06:16:9f:8c:
         e2:61:c5:02:4a:2b:0e:42:95:3d:1e:24:8d:49:3e:19:1d:f1:
         cd:37:f3:51:dd:a0:8a:2c:37:d4:06:45:f6:7a:71:4d:2c:c3:
         6a:b8:b5:5e:14:67:ba:d0:c8:9d:e0:2d:42:fc:f2:80:bd:23:
         38:e0:4b:aa:29:e4:43:63:64:f1:f9:6e:db:8c:a0:15:61:1e:
         33:68:93:91:83:08:59:58:9b:69:a5:d1:88:42:7c:f2:7f:41:
         6c:13:3e:d1:3d:63:e8:a8:d5:02:9e:f4:c4:1a:a0:60:9b:b1:
         1a:18:21:f7:2e:19:22:10:b0:5f:61:74:4f:e3:ce:22:e6:35:
         73:03:45:8b:3d:46:48:1f:cb:57:bb:8d:5c:24:3a:95:49:81:
         63:ad:64:98:88:4c:12:3a:40:4c:13:e8:7a:c9:03:84:d2:b4:
         81:7d:44:c8:e3:b7:87:3b:04:b1:bb:a2:bc:c1:31:4d:5f:9f:
         ee:af:e4:58:ea:f6:f7:1b:14:9a:e4:9e:30:3b:4d:3c:4a:00:
         db:fd:18:1e:5e:91:2e:20:be:d5:cd:2a:e6:ad:bd:3b:9d:8b:
         f4:44:f8:3a:fb:2f:56:cb:55:bc:32:23:2b:3f:fc:68:9b:b1:
         cf:80:5b:1d
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQlIfjh05Z5z6z4eK44YBJaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDM0OTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjZmNjc3MGJhNzdlMDMyZTdlN2QxZDczMmQ5NzUwMjQxZTExOWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1WC9IaEykzbtHHN7oJ2/KXNVxBP0
RZP61JjN/joD4pc7r+R++nqdJ6DEPJzv3h0zHgH5q+D2hWWb0JLWebUQZpg8BN2G
CnXMiKET8pELfH0F/vJiY3hThjOiFKsRCeR4SxzYncFGJ+1Jcz3gvhGE/T1iEsTi
e0ftJCqPUXrYY0xxsGTnagb3uoqjbs/PE8uyCa6hfWThQfA5yxGDNs0x9pzGCbEG
zmlmu+w2c9UmStOe+cMxN4PEYgaSjVFKMT4fUx2kysH4Xr9Nyp24HgLTuEuvIaMP
HEii+KPwMBamY0FTMkjHVyAUTmiFE+uL9NRRdEHa/55DjQWBeoN6VvHC6wIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFBZvZ3C6d+Ay5+fR1zLZdQJB4Rn5MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEzLzdiZGM0
MS0xODc1LTRlNTAtYjNkNC0wNjljMTBkYWZiMDcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTMvN2JkYzQx
LTE4NzUtNGU1MC1iM2Q0LTA2OWMxMGRhZmIwNy8xL0ZtOW5jTHAzNERMbjU5SFhN
dGwxQWtIaEdmay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwaSbMA0GCSqGSIb3DQEBCwUAA4IBAQBYJ3bd
eWTkFjKEPCTzyAYWn4ziYcUCSisOQpU9HiSNST4ZHfHNN/NR3aCKLDfUBkX2enFN
LMNquLVeFGe60Mid4C1C/PKAvSM44EuqKeRDY2Tx+W7bjKAVYR4zaJORgwhZWJtp
pdGIQnzyf0FsEz7RPWPoqNUCnvTEGqBgm7EaGCH3LhkiELBfYXRP484i5jVzA0WL
PUZIH8tXu41cJDqVSYFjrWSYiEwSOkBME+h6yQOE0rSBfUTI47eHOwSxu6K8wTFN
X5/ur+RY6vb3GxSa5J4wO008SgDb/RgeXpEuIL7VzSrmrb07nYv0RPg6+y9Wy1W8
MiMrP/xom7HPgFsd
-----END CERTIFICATE-----