Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/GNtfz9wY74Qh4mUfGybBZaAdU_E.cer
File:                     GNtfz9wY74Qh4mUfGybBZaAdU_E.cer (raw, json)
Hash identifier:          dp6TStF123amhcCjWoTIzmEMjP8QZqhYlS9YS7gCV8Q=
Subject key identifier:   18:DB:5F:CF:DC:18:EF:84:21:E2:65:1F:1B:26:C1:65:A0:1D:53:F1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019427B62164DDD4C3036610F29F28440A6C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/04/6c3cd4-5896-425e-95db-ffed50baa0da/1/GNtfz9wY74Qh4mUfGybBZaAdU_E.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/04/6c3cd4-5896-425e-95db-ffed50baa0da/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 15:50:35 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 56919
                          IP: 176.32.40.0/21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:21:64:dd:d4:c3:03:66:10:f2:9f:28:44:0a:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 15:50:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18db5fcfdc18ef8421e2651f1b26c165a01d53f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:99:60:41:7d:d2:f8:80:71:58:a1:73:47:60:
                    93:ea:99:c6:49:da:70:13:60:29:dc:1d:32:74:d0:
                    7b:7f:29:19:ac:90:85:3f:1f:e5:b1:1c:16:3e:bc:
                    d1:fb:07:d3:91:aa:12:4a:ea:ab:a7:c0:79:48:af:
                    79:7e:98:11:f0:af:16:27:3e:29:b4:bd:46:6c:2b:
                    f2:ad:11:25:82:c4:e1:dd:68:a5:76:cb:a6:3a:cb:
                    c2:66:7f:4a:31:5f:34:db:d0:f9:f7:e9:92:05:37:
                    f9:e0:58:5b:ca:e8:74:de:ba:3c:4a:08:01:d4:dc:
                    b7:81:6d:23:93:ce:a5:2a:ee:92:d8:cc:e0:33:05:
                    24:a2:61:d3:5e:3b:e6:2e:18:80:d7:27:d5:96:6f:
                    8c:a1:f6:17:5e:16:29:c2:af:31:9a:5d:fd:4b:28:
                    12:ef:48:e3:87:b7:fa:67:17:12:b6:32:41:d6:03:
                    8a:fd:07:cb:a1:34:c5:b8:f4:ab:eb:bc:3b:72:0b:
                    76:fc:2e:fa:50:be:61:7f:72:91:d9:c0:27:b2:ea:
                    26:88:65:74:9c:f4:82:ba:22:a9:72:f4:4d:d9:f6:
                    62:b6:f7:3d:50:b8:40:0c:e9:a3:d7:c2:04:f4:e6:
                    bf:5a:1c:a5:67:d6:15:f9:4c:01:31:f2:f3:d2:b0:
                    10:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:DB:5F:CF:DC:18:EF:84:21:E2:65:1F:1B:26:C1:65:A0:1D:53:F1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/6c3cd4-5896-425e-95db-ffed50baa0da/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/6c3cd4-5896-425e-95db-ffed50baa0da/1/GNtfz9wY74Qh4mUfGybBZaAdU_E.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.32.40.0/21

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  56919

    Signature Algorithm: sha256WithRSAEncryption
         a6:3d:e1:2d:f1:72:95:81:ca:53:8f:73:ec:69:29:e3:06:f7:
         d9:0e:5e:ee:e5:00:d3:cf:c7:d5:60:26:29:d6:d9:b2:4e:f0:
         29:51:1c:e2:44:55:cb:1b:2f:f1:4d:7a:97:b0:e6:b0:50:b8:
         a7:cf:75:07:40:af:d3:96:a1:18:ff:7d:5e:87:b0:2d:69:f8:
         02:8c:95:ed:3b:5c:7d:69:0b:56:97:0b:79:7c:d1:2e:de:b6:
         14:58:ea:9a:2d:aa:08:1a:1b:6d:32:74:7b:20:74:c1:20:ea:
         8b:92:d2:9d:95:5c:5d:db:5c:d3:00:dd:21:1d:73:ca:37:8f:
         cc:cf:6a:9b:c1:43:51:37:1d:5b:0e:12:ec:63:44:55:70:d5:
         29:c5:c7:d2:34:4e:a6:6e:92:44:a8:85:56:33:4a:da:48:3a:
         fe:44:db:20:82:e2:40:6a:17:99:65:fd:4b:3a:a7:ef:5c:fc:
         49:38:b9:1c:b8:f9:95:68:f1:b7:50:8f:32:de:33:ba:48:f8:
         b1:49:2c:21:e5:e3:d1:79:c3:2c:c8:97:91:c1:a0:7d:d6:51:
         3a:da:9f:bc:09:e1:e6:1e:d7:b5:c3:e2:e7:ee:64:b8:1b:d1:
         0d:4e:e1:d7:80:ac:32:56:fb:54:7e:e2:95:57:84:90:4a:fa:
         40:9d:a9:44
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQntiFk3dTDA2YQ8p8oRApsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTU1MDM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGRiNWZjZmRjMThlZjg0MjFlMjY1MWYxYjI2YzE2NWEwMWQ1M2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJlgQX3S+IBxWKFzR2CT6pnGSdpw
E2Ap3B0ydNB7fykZrJCFPx/lsRwWPrzR+wfTkaoSSuqrp8B5SK95fpgR8K8WJz4p
tL1GbCvyrRElgsTh3WildsumOsvCZn9KMV8029D59+mSBTf54Fhbyuh03ro8SggB
1Ny3gW0jk86lKu6S2MzgMwUkomHTXjvmLhiA1yfVlm+MofYXXhYpwq8xml39SygS
70jjh7f6ZxcStjJB1gOK/QfLoTTFuPSr67w7cgt2/C76UL5hf3KR2cAnsuomiGV0
nPSCuiKpcvRN2fZitvc9ULhADOmj18IE9Oa/WhylZ9YV+UwBMfLz0rAQRQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFBjbX8/cGO+EIeJlHxsmwWWgHVPxMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzA0LzZjM2Nk
NC01ODk2LTQyNWUtOTVkYi1mZmVkNTBiYWEwZGEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDQvNmMzY2Q0
LTU4OTYtNDI1ZS05NWRiLWZmZWQ1MGJhYTBkYS8xL0dOdGZ6OXdZNzRRaDRtVWZH
eWJCWmFBZFVfRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQDsCAoMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDeVzANBgkqhkiG9w0BAQsFAAOCAQEApj3hLfFylYHKU49z7Gkp4wb32Q5e7uUA
08/H1WAmKdbZsk7wKVEc4kRVyxsv8U16l7DmsFC4p891B0Cv05ahGP99XoewLWn4
AoyV7TtcfWkLVpcLeXzRLt62FFjqmi2qCBobbTJ0eyB0wSDqi5LSnZVcXdtc0wDd
IR1zyjePzM9qm8FDUTcdWw4S7GNEVXDVKcXH0jROpm6SRKiFVjNK2kg6/kTbIILi
QGoXmWX9Szqn71z8STi5HLj5lWjxt1CPMt4zukj4sUksIeXj0XnDLMiXkcGgfdZR
OtqfvAnh5h7XtcPi5+5kuBvRDU7h14CsMlb7VH7ilVeEkEr6QJ2pRA==
-----END CERTIFICATE-----