Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/GzApY06o7VRoG6hNFJkLALhk3bg.cer
File:                     GzApY06o7VRoG6hNFJkLALhk3bg.cer (raw, json)
Hash identifier:          RWb2PUuXCAXGrwC7L/xuqse9IFBw5C6RYLXSGlvtvTY=
Subject key identifier:   1B:30:29:63:4E:A8:ED:54:68:1B:A8:4D:14:99:0B:00:B8:64:DD:B8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942143D80489F549E504D757EE1A27113C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9d/a3bfe9-dc56-4c1f-97a7-6b31a7360f0f/1/GzApY06o7VRoG6hNFJkLALhk3bg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9d/a3bfe9-dc56-4c1f-97a7-6b31a7360f0f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 09:48:01 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 91.199.175.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:d8:04:89:f5:49:e5:04:d7:57:ee:1a:27:11:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 09:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b3029634ea8ed54681ba84d14990b00b864ddb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:5d:95:62:80:d1:ee:cb:83:c1:77:7c:f9:30:
                    e3:78:c6:3d:eb:dd:a5:a9:9f:b0:cd:96:79:57:f9:
                    76:85:f7:67:b1:a0:6e:04:6e:95:c9:d4:06:0f:b1:
                    be:9b:35:00:fb:74:b3:e3:d6:3f:68:06:9e:60:20:
                    92:2f:0c:86:ec:a5:ff:88:ee:8b:96:37:bc:8f:32:
                    89:f6:c1:7c:1f:3f:52:fd:5d:f3:eb:6b:fa:2c:d9:
                    9f:6f:66:95:80:8d:69:ac:06:94:68:ed:34:12:93:
                    7c:47:9f:f5:f3:c8:31:7a:5e:d1:ce:7d:63:b5:0d:
                    78:96:79:05:dd:cd:a4:f0:8c:5c:bb:5e:f1:40:ea:
                    77:c9:28:22:ea:b8:b8:78:4d:00:ca:7e:fa:d2:4e:
                    c6:54:10:76:6e:65:bd:1a:b6:28:ea:6a:bd:bc:51:
                    3a:30:ac:0a:2d:93:bd:d5:d1:f0:72:d9:ec:fc:23:
                    1f:fa:10:4a:52:22:ff:78:46:46:d9:ed:d4:37:f6:
                    41:98:1f:8a:03:d3:b6:f8:55:c4:b4:ce:cc:94:14:
                    23:67:6d:b1:28:db:ab:b0:36:8b:52:a4:6d:0f:2b:
                    7f:ed:af:45:7f:df:62:18:57:79:28:7f:00:aa:f3:
                    23:0b:90:42:8e:7b:33:38:22:31:25:03:28:f7:a8:
                    0a:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:30:29:63:4E:A8:ED:54:68:1B:A8:4D:14:99:0B:00:B8:64:DD:B8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/a3bfe9-dc56-4c1f-97a7-6b31a7360f0f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/a3bfe9-dc56-4c1f-97a7-6b31a7360f0f/1/GzApY06o7VRoG6hNFJkLALhk3bg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:33:39:ac:ab:3d:9d:35:dd:20:e5:55:4d:98:bb:a8:93:35:
         8c:c2:2b:87:c6:cf:8a:14:f8:16:16:94:74:53:10:83:ee:0b:
         46:3b:23:76:07:fa:a1:a1:cf:ce:d6:eb:ba:57:48:3a:83:c9:
         6c:8d:5a:42:fa:6b:e1:e0:ab:3c:95:08:fa:66:13:89:aa:5c:
         1f:a3:25:bd:6f:29:ff:64:65:59:f3:b5:ef:31:75:fe:61:50:
         40:d6:fc:8c:aa:b6:5a:3c:40:79:6a:e2:e4:03:2a:c1:6d:4f:
         3a:88:ae:f4:4e:bf:3f:04:84:5b:98:aa:4b:e1:00:c2:ca:a3:
         f9:67:2e:5c:31:79:e7:e6:46:37:e5:7d:d1:01:f2:d4:df:e0:
         6e:a4:f9:65:93:ed:89:e8:5e:ef:00:f0:04:29:6e:37:8c:91:
         15:ef:dc:84:69:13:8f:ae:59:9f:b4:5e:61:d2:61:6c:34:89:
         a0:3b:98:90:f2:d1:72:64:53:c3:41:31:35:13:9c:18:75:76:
         31:2c:73:b2:8e:0d:f5:bc:bf:9a:78:79:04:54:f0:f3:ac:bf:
         c4:b7:8a:63:23:8b:25:ba:97:41:ed:6f:d6:a3:46:b9:4e:12:
         8e:2c:11:95:3a:10:eb:86:e7:a2:fd:5e:a1:24:a6:36:e1:00:
         c6:f8:af:93
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQhQ9gEifVJ5QTXV+4aJxE8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDk0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjMwMjk2MzRlYThlZDU0NjgxYmE4NGQxNDk5MGIwMGI4NjRkZGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs12VYoDR7suDwXd8+TDjeMY9692l
qZ+wzZZ5V/l2hfdnsaBuBG6VydQGD7G+mzUA+3Sz49Y/aAaeYCCSLwyG7KX/iO6L
lje8jzKJ9sF8Hz9S/V3z62v6LNmfb2aVgI1prAaUaO00EpN8R5/188gxel7Rzn1j
tQ14lnkF3c2k8Ixcu17xQOp3ySgi6ri4eE0Ayn760k7GVBB2bmW9GrYo6mq9vFE6
MKwKLZO91dHwctns/CMf+hBKUiL/eEZG2e3UN/ZBmB+KA9O2+FXEtM7MlBQjZ22x
KNursDaLUqRtDyt/7a9Ff99iGFd5KH8AqvMjC5BCjnszOCIxJQMo96gKhQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFBswKWNOqO1UaBuoTRSZCwC4ZN24MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzlkL2EzYmZl
OS1kYzU2LTRjMWYtOTdhNy02YjMxYTczNjBmMGYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWQvYTNiZmU5
LWRjNTYtNGMxZi05N2E3LTZiMzFhNzM2MGYwZi8xL0d6QXBZMDZvN1ZSb0c2aE5G
SmtMQUxoazNiZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW8evMA0GCSqGSIb3DQEBCwUAA4IBAQCsMzms
qz2dNd0g5VVNmLuokzWMwiuHxs+KFPgWFpR0UxCD7gtGOyN2B/qhoc/O1uu6V0g6
g8lsjVpC+mvh4Ks8lQj6ZhOJqlwfoyW9byn/ZGVZ87XvMXX+YVBA1vyMqrZaPEB5
auLkAyrBbU86iK70Tr8/BIRbmKpL4QDCyqP5Zy5cMXnn5kY35X3RAfLU3+BupPll
k+2J6F7vAPAEKW43jJEV79yEaROPrlmftF5h0mFsNImgO5iQ8tFyZFPDQTE1E5wY
dXYxLHOyjg31vL+aeHkEVPDzrL/Et4pjI4slupdB7W/Wo0a5ThKOLBGVOhDrhuei
/V6hJKY24QDG+K+T
-----END CERTIFICATE-----