Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/I8Aq9PWPETIK8xlpRuH86dBQyQY.cer
File:                     I8Aq9PWPETIK8xlpRuH86dBQyQY.cer (raw, json)
Hash identifier:          RCxH31ShSFrBwrFCcBRDK4S7vL0QhVUDpe7u8WvX/9c=
Subject key identifier:   23:C0:2A:F4:F5:8F:11:32:0A:F3:19:69:46:E1:FC:E9:D0:50:C9:06
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194258F75A4543DA4BF528ECD9CBA4A56EB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b3/81068c-aed7-4127-88e4-62cb8aca9618/1/I8Aq9PWPETIK8xlpRuH86dBQyQY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b3/81068c-aed7-4127-88e4-62cb8aca9618/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 05:49:06 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.85.144.0/22
                          IP: 2a05:ae80::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:75:a4:54:3d:a4:bf:52:8e:cd:9c:ba:4a:56:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 05:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23c02af4f58f11320af3196946e1fce9d050c906
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e2:3b:94:ee:d2:d7:64:48:dc:7a:43:d4:c5:
                    6f:85:f4:d1:b5:be:d1:67:8d:b8:2a:83:04:88:6f:
                    ca:0d:5a:ae:a7:87:5e:4a:ca:f8:82:20:eb:00:ce:
                    15:76:d0:89:4b:3e:11:6f:2c:8a:a6:b7:73:f9:92:
                    27:3b:ad:4d:16:0f:ad:fa:a7:32:85:ea:77:d6:df:
                    0f:38:67:9f:f4:0d:d5:3d:19:eb:c9:09:1a:db:dd:
                    c8:33:48:ef:bd:96:e7:71:ec:18:3e:19:9c:34:55:
                    89:14:8d:5c:c4:0e:c5:41:a5:0a:5e:3a:35:8c:24:
                    ab:eb:80:7d:01:ed:be:bc:65:e4:0d:40:ed:64:08:
                    d6:19:d1:13:7a:9a:c4:72:c9:c7:fc:3f:ec:1c:3f:
                    4f:1e:24:18:5d:05:87:30:4f:fc:a9:ac:a3:b8:d2:
                    59:17:28:14:c7:78:34:03:99:41:11:f1:22:da:42:
                    f4:1c:c9:cd:01:b6:80:13:7d:52:7e:c1:30:72:7a:
                    4c:73:3c:28:37:74:f2:e6:40:15:4c:4d:85:08:f1:
                    65:6a:b1:27:2d:b8:e8:52:95:17:39:3e:6c:69:ad:
                    d5:18:57:d6:d0:90:33:7c:af:5f:96:2e:82:54:94:
                    97:af:7d:68:89:19:48:e5:ee:c4:81:38:98:3b:28:
                    b2:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:C0:2A:F4:F5:8F:11:32:0A:F3:19:69:46:E1:FC:E9:D0:50:C9:06
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/81068c-aed7-4127-88e4-62cb8aca9618/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/81068c-aed7-4127-88e4-62cb8aca9618/1/I8Aq9PWPETIK8xlpRuH86dBQyQY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.85.144.0/22
                IPv6:
                  2a05:ae80::/29

    Signature Algorithm: sha256WithRSAEncryption
         3a:ef:dd:3c:6c:13:4e:02:0c:1d:26:de:2c:ea:02:61:31:d9:
         75:e1:6b:d4:0e:a9:dc:d4:0b:9f:34:4d:d0:cb:42:2e:a8:68:
         46:ff:12:82:8b:17:65:08:c1:c7:39:5a:38:db:f0:b9:0d:e5:
         61:8e:41:60:e3:fd:bb:76:bd:3a:92:d8:9b:c5:68:5b:b1:39:
         22:58:b3:1d:5f:5e:b9:cc:02:a4:b6:ff:ec:2a:b1:aa:10:4d:
         90:f3:34:0a:ca:ee:d6:ca:fe:cc:7e:51:ca:73:d6:f2:4b:56:
         ed:84:26:13:41:1f:65:29:24:01:b7:b0:db:c1:d7:4c:92:64:
         28:2e:60:3a:13:78:3f:13:94:30:1a:da:2d:e0:88:1d:ed:96:
         7e:e6:87:22:e5:93:07:e8:54:1c:1d:92:eb:58:9e:0b:bc:d3:
         c2:57:e6:ce:7b:bb:6c:46:f0:62:7c:d0:d2:26:5c:69:7e:45:
         5e:c9:56:6b:64:2c:91:5d:24:a4:d7:f1:ca:e5:b9:f4:a6:cc:
         b0:1f:69:23:71:77:39:7c:89:ca:0d:01:63:19:28:f7:d3:71:
         c4:46:88:85:2a:2b:58:86:a0:f5:03:36:12:aa:76:24:00:71:
         ab:41:73:ef:c5:e7:b4:38:df:e0:cc:63:d7:a6:ae:1d:01:f6:
         ff:67:58:28
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQlj3WkVD2kv1KOzZy6SlbrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDU0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2MwMmFmNGY1OGYxMTMyMGFmMzE5Njk0NmUxZmNlOWQwNTBjOTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqeI7lO7S12RI3HpD1MVvhfTRtb7R
Z424KoMEiG/KDVqup4deSsr4giDrAM4VdtCJSz4RbyyKprdz+ZInO61NFg+t+qcy
hep31t8POGef9A3VPRnryQka293IM0jvvZbncewYPhmcNFWJFI1cxA7FQaUKXjo1
jCSr64B9Ae2+vGXkDUDtZAjWGdETeprEcsnH/D/sHD9PHiQYXQWHME/8qayjuNJZ
FygUx3g0A5lBEfEi2kL0HMnNAbaAE31SfsEwcnpMczwoN3Ty5kAVTE2FCPFlarEn
LbjoUpUXOT5saa3VGFfW0JAzfK9fli6CVJSXr31oiRlI5e7EgTiYOyiyAQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFCPAKvT1jxEyCvMZaUbh/OnQUMkGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2IzLzgxMDY4
Yy1hZWQ3LTQxMjctODhlNC02MmNiOGFjYTk2MTgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjMvODEwNjhj
LWFlZDctNDEyNy04OGU0LTYyY2I4YWNhOTYxOC8xL0k4QXE5UFdQRVRJSzh4bHBS
dUg4NmRCUXlRWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuVWQMA0EAgACMAcDBQMqBa6AMA0GCSqGSIb3
DQEBCwUAA4IBAQA67908bBNOAgwdJt4s6gJhMdl14WvUDqnc1AufNE3Qy0IuqGhG
/xKCixdlCMHHOVo42/C5DeVhjkFg4/27dr06ktibxWhbsTkiWLMdX165zAKktv/s
KrGqEE2Q8zQKyu7Wyv7MflHKc9byS1bthCYTQR9lKSQBt7DbwddMkmQoLmA6E3g/
E5QwGtot4Igd7ZZ+5oci5ZMH6FQcHZLrWJ4LvNPCV+bOe7tsRvBifNDSJlxpfkVe
yVZrZCyRXSSk1/HK5bn0psywH2kjcXc5fInKDQFjGSj303HERoiFKitYhqD1AzYS
qnYkAHGrQXPvxee0ON/gzGPXpq4dAfb/Z1go
-----END CERTIFICATE-----