Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/HzvyN1bG59ZNaCL1l7HVgEm9SPE.cer
File:                     HzvyN1bG59ZNaCL1l7HVgEm9SPE.cer (raw, json)
Hash identifier:          4gKEo8RbI8WSul7eparv5KPqRUc2RKw+5BZI8O/q9Vs=
Subject key identifier:   1F:3B:F2:37:56:C6:E7:D6:4D:68:22:F5:97:B1:D5:80:49:BD:48:F1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194228E18D99A5F9FD54DDEE132AC517C44
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/84/d1bce2-f6d8-48aa-9632-43dc2dbcab77/1/HzvyN1bG59ZNaCL1l7HVgEm9SPE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/84/d1bce2-f6d8-48aa-9632-43dc2dbcab77/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 15:48:45 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 213888
                          IP: 2a0e:380::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:18:d9:9a:5f:9f:d5:4d:de:e1:32:ac:51:7c:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 15:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f3bf23756c6e7d64d6822f597b1d58049bd48f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6e:2e:48:90:1d:9a:b3:99:7b:a8:0d:3d:58:
                    c4:96:ae:89:63:a6:3c:7d:23:b0:5d:8d:bd:d3:24:
                    a1:13:db:55:7e:7a:d4:24:d7:97:eb:f9:f6:88:bf:
                    11:07:49:ed:5f:82:6b:8e:ca:aa:e4:88:d0:a7:3c:
                    86:ee:2d:0d:ca:49:86:70:f9:8f:19:ab:ea:b3:cf:
                    3c:16:90:dd:aa:a4:6a:5f:79:90:21:f3:14:05:89:
                    fb:b9:a7:b9:ef:36:fc:7a:21:5b:25:11:07:82:24:
                    3d:11:b0:1d:fe:7d:22:0b:7d:36:67:e1:2f:cc:19:
                    1f:b8:fb:b4:70:7b:bb:c9:1d:b7:27:18:4d:34:e1:
                    bd:29:95:46:44:a9:7b:55:7a:48:8e:f2:8e:5c:bf:
                    e8:9c:38:f4:9d:69:59:a9:24:c0:db:d7:b3:e0:e2:
                    8e:89:8b:4e:10:4f:da:04:f8:5f:05:a2:6d:8f:97:
                    a9:3f:ca:a1:84:87:89:0f:94:82:fd:3c:8d:be:08:
                    37:6f:ed:fa:e1:bc:4f:23:81:c1:06:f6:ec:b2:7b:
                    41:e4:6c:1f:5a:8b:1c:ad:63:f8:59:77:a9:2c:67:
                    7e:69:4e:69:33:ae:59:7b:f2:5b:73:1b:ed:b8:7a:
                    10:55:6a:eb:d5:7d:de:9b:9e:be:21:46:dc:ff:6e:
                    56:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:3B:F2:37:56:C6:E7:D6:4D:68:22:F5:97:B1:D5:80:49:BD:48:F1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/d1bce2-f6d8-48aa-9632-43dc2dbcab77/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/d1bce2-f6d8-48aa-9632-43dc2dbcab77/1/HzvyN1bG59ZNaCL1l7HVgEm9SPE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:380::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213888

    Signature Algorithm: sha256WithRSAEncryption
         3e:a1:f7:29:f6:66:36:94:bf:0f:18:c2:d4:e5:f6:7e:8b:53:
         7e:c3:f7:78:af:31:fd:54:0f:4e:51:86:8a:d1:5f:48:74:c5:
         52:82:22:47:a9:02:86:bc:e8:98:e1:2c:b3:cb:b5:4c:ea:12:
         c6:41:87:0f:e2:72:92:d1:30:53:fd:b0:18:f1:d0:db:b4:0c:
         dc:5c:c8:66:8c:81:2e:36:da:5d:1f:ea:66:c2:af:ee:c7:fd:
         22:1a:d9:0b:cf:a7:a2:3a:57:91:cd:06:ed:05:92:8a:f9:64:
         d4:f2:bc:6d:ab:49:d3:95:5b:8b:63:91:94:a7:ab:73:04:78:
         92:6e:fc:ef:5c:2a:30:64:19:3b:16:6f:ee:e2:92:75:b3:6c:
         66:14:18:9f:d4:3d:c3:16:79:9a:f3:e2:92:d6:6a:02:01:e9:
         d3:0a:b8:cc:e0:6c:ac:6a:c6:47:41:2d:9d:e6:f1:7c:3a:68:
         a7:94:f5:73:a6:92:4e:3e:cc:82:a2:b5:40:4d:73:49:2b:af:
         3d:f2:1d:8e:5c:23:dd:fb:61:10:9b:ad:4b:63:41:17:4a:71:
         15:e6:da:58:6b:f5:b8:54:6b:ab:37:f5:cf:8d:15:4a:ce:2a:
         c9:85:66:13:98:f9:f5:92:f9:f2:d6:f9:46:f5:1d:03:f9:45:
         e7:72:61:5a
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAZQijhjZml+f1U3e4TKsUXxEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTU0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjNiZjIzNzU2YzZlN2Q2NGQ2ODIyZjU5N2IxZDU4MDQ5YmQ0OGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtm4uSJAdmrOZe6gNPVjElq6JY6Y8
fSOwXY290yShE9tVfnrUJNeX6/n2iL8RB0ntX4Jrjsqq5IjQpzyG7i0NykmGcPmP
Gavqs888FpDdqqRqX3mQIfMUBYn7uae57zb8eiFbJREHgiQ9EbAd/n0iC302Z+Ev
zBkfuPu0cHu7yR23JxhNNOG9KZVGRKl7VXpIjvKOXL/onDj0nWlZqSTA29ez4OKO
iYtOEE/aBPhfBaJtj5epP8qhhIeJD5SC/TyNvgg3b+364bxPI4HBBvbssntB5Gwf
WoscrWP4WXepLGd+aU5pM65Ze/JbcxvtuHoQVWrr1X3em56+IUbc/25WHQIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFB878jdWxufWTWgi9Zex1YBJvUjxMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg0L2QxYmNl
Mi1mNmQ4LTQ4YWEtOTYzMi00M2RjMmRiY2FiNzcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODQvZDFiY2Uy
LWY2ZDgtNDhhYS05NjMyLTQzZGMyZGJjYWI3Ny8xL0h6dnlOMWJHNTlaTmFDTDFs
N0hWZ0VtOVNQRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUDKg4DgDAaBggrBgEFBQcBCAEB/wQLMAmgBzAF
AgMDQ4AwDQYJKoZIhvcNAQELBQADggEBAD6h9yn2ZjaUvw8YwtTl9n6LU37D93iv
Mf1UD05RhorRX0h0xVKCIkepAoa86JjhLLPLtUzqEsZBhw/icpLRMFP9sBjx0Nu0
DNxcyGaMgS422l0f6mbCr+7H/SIa2QvPp6I6V5HNBu0Fkor5ZNTyvG2rSdOVW4tj
kZSnq3MEeJJu/O9cKjBkGTsWb+7iknWzbGYUGJ/UPcMWeZrz4pLWagIB6dMKuMzg
bKxqxkdBLZ3m8Xw6aKeU9XOmkk4+zIKitUBNc0krrz3yHY5cI937YRCbrUtjQRdK
cRXm2lhr9bhUa6s39c+NFUrOKsmFZhOY+fWS+fLW+Ub1HQP5RedyYVo=
-----END CERTIFICATE-----