Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/I0AYtVE7d50uHjrBqGpZO92XTKc.cer
File:                     I0AYtVE7d50uHjrBqGpZO92XTKc.cer (raw, json)
Hash identifier:          boaeR8dUCHctkNsLuF/R0bqxAYqxUupm2D1bibIHb74=
Subject key identifier:   23:40:18:B5:51:3B:77:9D:2E:1E:3A:C1:A8:6A:59:3B:DD:97:4C:A7
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194A90CB6F51600C474AD006E23CAEF9E89
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/1e/b18080-e3c9-4114-a174-c3d6c7c8ba8a/1/I0AYtVE7d50uHjrBqGpZO92XTKc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/1e/b18080-e3c9-4114-a174-c3d6c7c8ba8a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 27 Jan 2025 18:36:10 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 213519
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:a9:0c:b6:f5:16:00:c4:74:ad:00:6e:23:ca:ef:9e:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 27 18:36:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=234018b5513b779d2e1e3ac1a86a593bdd974ca7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:c8:c8:e5:e7:b2:3b:22:78:97:5e:5e:22:63:
                    8f:08:4e:b7:9a:ad:29:af:a1:a9:29:4d:60:38:b1:
                    f7:d3:f2:49:07:67:83:2a:58:a9:9b:6a:9a:7d:86:
                    ec:41:bd:d3:ed:99:01:5c:82:08:f4:4a:d1:5c:a6:
                    ea:f3:28:df:ff:98:66:78:87:46:f7:dc:5b:4b:95:
                    99:30:bf:36:cf:17:d6:fe:c0:ae:77:32:b6:eb:a6:
                    c7:56:f8:5a:5c:8a:e8:1d:24:b6:c7:73:ce:78:64:
                    29:9f:90:05:17:b5:da:ac:7f:f6:59:1a:46:f7:d2:
                    24:7d:db:04:ed:e5:0e:3a:65:f3:1b:12:1c:ee:35:
                    fc:6d:c0:a7:4d:73:2d:12:d2:b7:5b:1b:f8:24:96:
                    97:35:c7:3a:cb:e2:7e:70:43:c3:ac:90:8f:88:ca:
                    67:27:d1:05:1d:3a:c6:d1:ee:c1:95:44:11:37:84:
                    02:e8:06:f2:0e:a6:78:07:45:9b:7e:59:d6:45:04:
                    f6:30:49:9b:44:76:88:8b:e9:c9:90:04:50:e8:c4:
                    50:fd:99:7d:35:84:ac:38:0a:e5:70:93:74:40:75:
                    9d:ec:19:de:ce:57:58:f4:b0:e2:fd:3d:64:bb:2d:
                    90:4e:ee:14:1f:91:3e:37:7b:7f:c8:37:11:fb:d5:
                    f1:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:40:18:B5:51:3B:77:9D:2E:1E:3A:C1:A8:6A:59:3B:DD:97:4C:A7
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/b18080-e3c9-4114-a174-c3d6c7c8ba8a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/b18080-e3c9-4114-a174-c3d6c7c8ba8a/1/I0AYtVE7d50uHjrBqGpZO92XTKc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213519

    Signature Algorithm: sha256WithRSAEncryption
         a4:13:c4:64:9c:02:1c:93:1a:27:59:14:4d:65:a3:ba:44:7e:
         c0:a4:31:71:f7:ab:bf:03:b0:15:63:07:4e:0e:f4:f6:23:63:
         aa:ad:5c:a3:7e:5a:c3:f2:81:fc:14:d5:0a:9c:51:28:31:de:
         7d:6c:9f:08:0d:52:88:14:e8:3b:13:3b:74:82:23:61:8b:51:
         51:21:ef:9c:62:a2:5a:b3:73:bf:33:cc:aa:49:bf:93:df:28:
         db:58:e2:bf:a8:f0:b2:e3:6e:3f:66:9d:86:4c:7b:14:e0:97:
         bf:39:e9:37:b3:4c:01:0f:7b:33:97:55:05:1d:3c:b4:5b:64:
         7c:81:27:bf:3d:15:65:85:21:55:70:b1:27:9c:dd:9d:45:f8:
         f9:a0:2f:5a:9a:b4:38:62:8f:90:d7:62:5c:82:d9:5f:2a:65:
         a2:ae:2c:ee:27:5f:0c:76:21:12:63:09:f2:99:22:15:b1:f0:
         e6:b8:3f:0f:65:5b:8e:2e:54:66:b8:99:75:a2:f1:09:00:6a:
         10:2c:8b:77:e0:81:e3:71:32:d4:4c:17:85:5c:37:1e:0d:f0:
         e2:9d:96:43:0f:28:b4:9f:f5:7c:97:5b:08:4d:03:3e:27:a6:
         a8:74:25:25:a4:38:be:71:62:07:c2:e0:ac:58:12:09:7b:f4:
         a9:0c:cb:2b
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZSpDLb1FgDEdK0AbiPK756JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTI3MTgzNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzQwMThiNTUxM2I3NzlkMmUxZTNhYzFhODZhNTkzYmRkOTc0Y2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlsjI5eeyOyJ4l15eImOPCE63mq0p
r6GpKU1gOLH30/JJB2eDKlipm2qafYbsQb3T7ZkBXIII9ErRXKbq8yjf/5hmeIdG
99xbS5WZML82zxfW/sCudzK266bHVvhaXIroHSS2x3POeGQpn5AFF7XarH/2WRpG
99IkfdsE7eUOOmXzGxIc7jX8bcCnTXMtEtK3Wxv4JJaXNcc6y+J+cEPDrJCPiMpn
J9EFHTrG0e7BlUQRN4QC6AbyDqZ4B0WbflnWRQT2MEmbRHaIi+nJkARQ6MRQ/Zl9
NYSsOArlcJN0QHWd7BnezldY9LDi/T1kuy2QTu4UH5E+N3t/yDcR+9XxrQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFCNAGLVRO3edLh46wahqWTvdl0ynMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFlL2IxODA4
MC1lM2M5LTQxMTQtYTE3NC1jM2Q2YzdjOGJhOGEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWUvYjE4MDgw
LWUzYzktNDExNC1hMTc0LWMzZDZjN2M4YmE4YS8xL0kwQVl0VkU3ZDUwdUhqckJx
R3BaTzkyWFRLYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNCDzANBgkqhkiG9w0BAQsFAAOCAQEApBPEZJwCHJMa
J1kUTWWjukR+wKQxcfervwOwFWMHTg709iNjqq1co35aw/KB/BTVCpxRKDHefWyf
CA1SiBToOxM7dIIjYYtRUSHvnGKiWrNzvzPMqkm/k98o21jiv6jwsuNuP2adhkx7
FOCXvznpN7NMAQ97M5dVBR08tFtkfIEnvz0VZYUhVXCxJ5zdnUX4+aAvWpq0OGKP
kNdiXILZXyploq4s7idfDHYhEmMJ8pkiFbHw5rg/D2Vbji5UZriZdaLxCQBqECyL
d+CB43Ey1EwXhVw3Hg3w4p2WQw8otJ/1fJdbCE0DPiemqHQlJaQ4vnFiB8LgrFgS
CXv0qQzLKw==
-----END CERTIFICATE-----