Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Iv0bWdXKr3UGvA1cNPMMIVmwQ5g.cer
File:                     Iv0bWdXKr3UGvA1cNPMMIVmwQ5g.cer (raw, json)
Hash identifier:          V5QVFucC2jX+ZREFJWGRrde4p9BDsq5HfUdSxXY/YSY=
Subject key identifier:   22:FD:1B:59:D5:CA:AF:75:06:BC:0D:5C:34:F3:0C:21:59:B0:43:98
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019427B519080E26FB3A31A479168260CD77
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/20/850e96-191f-4dcb-9edb-cd58fa2014dd/1/Iv0bWdXKr3UGvA1cNPMMIVmwQ5g.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/20/850e96-191f-4dcb-9edb-cd58fa2014dd/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 15:49:27 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 33946
                          IP: 193.26.7.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:19:08:0e:26:fb:3a:31:a4:79:16:82:60:cd:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 15:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22fd1b59d5caaf7506bc0d5c34f30c2159b04398
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:4d:2f:8a:50:65:b9:54:e9:fe:e9:17:98:5f:
                    0f:bc:19:90:e9:02:c0:be:34:20:05:ad:64:3d:24:
                    8e:3a:25:d3:6f:a6:16:86:c9:3e:6b:66:23:08:b5:
                    f8:11:7f:11:89:cd:9b:fc:cf:fe:e3:64:69:85:34:
                    2b:f4:59:2c:0a:f5:b2:ab:d7:cc:c3:10:2f:88:a6:
                    f7:3a:ff:72:32:0d:9c:66:2c:44:3f:29:54:2c:2e:
                    56:77:96:c8:e2:0d:70:ad:63:50:a6:8b:12:eb:c5:
                    23:65:00:98:4a:0e:65:07:3e:ba:10:fd:ad:bf:b8:
                    1f:e1:9e:4f:60:10:dd:45:6c:a5:ee:3f:c2:d6:6b:
                    b7:bc:41:95:1d:ac:56:c8:4b:56:ad:78:db:54:ca:
                    e9:4d:12:ab:44:dd:f0:54:6a:31:13:01:02:b9:2a:
                    8c:96:07:a8:72:bb:8c:f8:00:55:75:67:e7:06:03:
                    ed:ae:80:38:fe:56:06:d0:38:77:84:8d:f8:13:18:
                    52:da:4e:57:24:c2:cc:ce:df:d9:43:ce:5e:7c:7c:
                    0c:2e:00:b0:3c:f2:e5:48:38:a5:cf:23:f3:fe:50:
                    48:97:11:8d:f3:ae:dd:4c:28:bc:52:9a:92:7a:fd:
                    16:c4:c4:a4:16:c2:78:b5:62:88:07:d0:0b:21:b1:
                    0e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:FD:1B:59:D5:CA:AF:75:06:BC:0D:5C:34:F3:0C:21:59:B0:43:98
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/850e96-191f-4dcb-9edb-cd58fa2014dd/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/850e96-191f-4dcb-9edb-cd58fa2014dd/1/Iv0bWdXKr3UGvA1cNPMMIVmwQ5g.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.7.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  33946

    Signature Algorithm: sha256WithRSAEncryption
         13:57:0c:e6:de:2c:6b:2f:e3:a6:cc:ae:6a:a7:e1:3e:de:ae:
         77:ca:7c:9c:0d:bb:5f:12:5d:65:da:e5:ab:13:ed:1a:1d:9f:
         4b:28:e5:1f:45:3f:0e:98:67:64:28:7a:be:50:87:5e:5f:97:
         dc:1a:e0:3b:f1:88:e8:d8:85:53:0f:32:a5:bd:6a:cd:08:e1:
         3f:64:88:2a:f6:74:30:74:5e:61:ac:d4:11:fc:7c:d2:f0:ca:
         f8:54:3b:ab:a9:1c:5c:0d:06:e3:25:c7:37:d2:89:ba:48:9f:
         54:b3:2f:df:d8:88:6d:e9:a6:a7:a3:37:12:b6:b3:d4:43:93:
         4b:4d:7d:3e:08:16:a0:86:5e:f4:dd:9d:b5:81:47:c6:6e:e1:
         09:4a:9c:82:1d:83:99:e8:cf:e0:4e:a2:e1:31:bd:fe:6f:89:
         64:75:e7:18:c9:78:9f:81:3a:01:9e:d1:5f:5c:f1:09:95:3c:
         40:14:2b:36:64:09:8b:91:da:bb:ac:20:3e:07:73:e8:72:a9:
         f6:9b:ce:93:17:be:93:77:04:4b:fe:12:27:4f:b5:6a:de:c4:
         8b:67:92:22:7d:a6:70:a5:7e:45:86:93:82:06:06:8e:e0:d2:
         73:c4:32:fe:ed:b9:93:06:56:58:64:db:0f:31:71:f4:43:8c:
         f3:97:99:42
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQntRkIDib7OjGkeRaCYM13MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTU0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmZkMWI1OWQ1Y2FhZjc1MDZiYzBkNWMzNGYzMGMyMTU5YjA0Mzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1k0vilBluVTp/ukXmF8PvBmQ6QLA
vjQgBa1kPSSOOiXTb6YWhsk+a2YjCLX4EX8Ric2b/M/+42RphTQr9FksCvWyq9fM
wxAviKb3Ov9yMg2cZixEPylULC5Wd5bI4g1wrWNQposS68UjZQCYSg5lBz66EP2t
v7gf4Z5PYBDdRWyl7j/C1mu3vEGVHaxWyEtWrXjbVMrpTRKrRN3wVGoxEwECuSqM
lgeocruM+ABVdWfnBgPtroA4/lYG0Dh3hI34ExhS2k5XJMLMzt/ZQ85efHwMLgCw
PPLlSDilzyPz/lBIlxGN867dTCi8UpqSev0WxMSkFsJ4tWKIB9ALIbEOtQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFCL9G1nVyq91BrwNXDTzDCFZsEOYMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzIwLzg1MGU5
Ni0xOTFmLTRkY2ItOWVkYi1jZDU4ZmEyMDE0ZGQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjAvODUwZTk2
LTE5MWYtNGRjYi05ZWRiLWNkNThmYTIwMTRkZC8xL0l2MGJXZFhLcjNVR3ZBMWNO
UE1NSVZtd1E1Zy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwRoHMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCEmjANBgkqhkiG9w0BAQsFAAOCAQEAE1cM5t4say/jpsyuaqfhPt6ud8p8nA27
XxJdZdrlqxPtGh2fSyjlH0U/DphnZCh6vlCHXl+X3BrgO/GI6NiFUw8ypb1qzQjh
P2SIKvZ0MHReYazUEfx80vDK+FQ7q6kcXA0G4yXHN9KJukifVLMv39iIbemmp6M3
Eraz1EOTS019PggWoIZe9N2dtYFHxm7hCUqcgh2DmejP4E6i4TG9/m+JZHXnGMl4
n4E6AZ7RX1zxCZU8QBQrNmQJi5Hau6wgPgdz6HKp9pvOkxe+k3cES/4SJ0+1at7E
i2eSIn2mcKV+RYaTggYGjuDSc8Qy/u25kwZWWGTbDzFx9EOM85eZQg==
-----END CERTIFICATE-----