Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/JuP8ebY4sSMZHa-k6IbTpaytSH8.cer
File:                     JuP8ebY4sSMZHa-k6IbTpaytSH8.cer (raw, json)
Hash identifier:          kJbRmiWhDFclb0rFeFAG8NKBIO9wpatjH6T8FFS9phs=
Subject key identifier:   26:E3:FC:79:B6:38:B1:23:19:1D:AF:A4:E8:86:D3:A5:AC:AD:48:7F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0191035A4724DADB378D73351D7BC9F4654E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/36/53b013-5912-42b0-b026-a55b0dcc2946/1/JuP8ebY4sSMZHa-k6IbTpaytSH8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/36/53b013-5912-42b0-b026-a55b0dcc2946/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 30 Jul 2024 11:15:33 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 211087
                          IP: 2a13:7f40::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:03:5a:47:24:da:db:37:8d:73:35:1d:7b:c9:f4:65:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jul 30 11:15:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26e3fc79b638b123191dafa4e886d3a5acad487f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:7d:e3:4c:2f:04:17:dc:7c:09:45:57:81:ad:
                    a8:c4:1b:04:ab:2a:e0:f9:7d:cd:53:5a:31:59:56:
                    0d:20:ee:f9:ba:e9:c4:c3:94:75:8b:37:e4:a7:d9:
                    32:4d:d8:19:b5:6c:98:0d:f9:24:98:3a:61:64:31:
                    d5:7f:9c:88:01:3b:e1:11:42:e7:36:35:59:d6:cc:
                    11:f6:a7:41:0a:4c:cd:d2:09:db:43:cf:00:56:ea:
                    78:8c:a2:dc:7c:80:69:e9:f9:3b:22:47:31:15:a5:
                    5c:68:68:2c:7b:f4:44:4b:26:cf:c2:14:10:41:13:
                    b0:0b:bf:89:3d:8b:67:36:51:54:35:70:ba:09:48:
                    93:e3:3f:3b:1f:2b:4a:65:7a:cf:f7:bf:fa:c0:7d:
                    9c:01:f5:04:d7:95:26:5f:a6:04:0a:e2:a8:20:da:
                    9e:b7:93:74:c4:b4:08:5f:cf:e0:0d:20:10:59:4a:
                    e6:35:79:1a:e8:0c:37:e9:02:f8:34:82:13:e8:ed:
                    fb:bc:5c:e1:0e:fb:d9:58:03:84:d6:03:57:2a:11:
                    63:1d:43:b1:85:25:17:5e:3a:34:5c:9e:94:f2:1a:
                    a5:6e:aa:3c:03:9a:44:70:37:2d:56:e9:ac:c3:22:
                    56:57:05:6f:19:87:c8:5a:be:80:25:93:9c:3d:a5:
                    ec:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:E3:FC:79:B6:38:B1:23:19:1D:AF:A4:E8:86:D3:A5:AC:AD:48:7F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/53b013-5912-42b0-b026-a55b0dcc2946/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/53b013-5912-42b0-b026-a55b0dcc2946/1/JuP8ebY4sSMZHa-k6IbTpaytSH8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:7f40::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  211087

    Signature Algorithm: sha256WithRSAEncryption
         10:fc:9b:e0:cf:3c:61:30:b3:2d:8b:7b:1f:0a:84:da:38:56:
         d1:46:7a:da:72:df:04:dc:07:2b:61:5e:8c:a2:e5:52:20:6e:
         e0:0e:a3:c3:7e:9e:7d:19:ce:b3:59:c3:af:a0:e5:80:be:f7:
         e9:d9:db:1d:74:8b:42:5b:28:56:92:62:13:46:5e:b3:f4:a9:
         fe:20:43:b8:32:cd:45:55:16:a3:42:11:48:3a:e5:d8:af:ee:
         f2:a2:43:77:01:79:b2:18:3e:30:dc:f9:e8:f8:2a:77:83:61:
         fe:ee:70:fe:a7:02:53:65:2c:b4:ac:9c:48:6c:b1:b3:96:a5:
         83:df:39:67:20:a5:f4:c2:d9:05:83:57:d4:62:d5:24:83:75:
         d6:24:13:8d:ba:a8:6f:78:30:2c:cf:04:0f:2f:98:8c:99:d3:
         61:15:af:6e:81:46:98:77:33:c4:c0:a2:be:3e:ff:48:1a:f6:
         bb:49:5e:15:0e:db:dd:03:41:8f:ed:f7:b7:70:bf:a8:ed:a4:
         cf:3f:5a:4c:3b:e4:33:c7:81:89:e6:7a:46:17:a3:89:8b:08:
         8e:d5:1c:76:ca:5b:c4:d1:c2:37:ce:18:a0:c2:c0:93:37:65:
         51:ba:65:be:2e:bc:52:82:92:27:a2:20:b8:95:62:ad:a4:13:
         70:b4:20:ac
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAZEDWkck2ts3jXM1HXvJ9GVOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNzMwMTExNTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmUzZmM3OWI2MzhiMTIzMTkxZGFmYTRlODg2ZDNhNWFjYWQ0ODdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtH3jTC8EF9x8CUVXga2oxBsEqyrg
+X3NU1oxWVYNIO75uunEw5R1izfkp9kyTdgZtWyYDfkkmDphZDHVf5yIATvhEULn
NjVZ1swR9qdBCkzN0gnbQ88AVup4jKLcfIBp6fk7IkcxFaVcaGgse/RESybPwhQQ
QROwC7+JPYtnNlFUNXC6CUiT4z87HytKZXrP97/6wH2cAfUE15UmX6YECuKoINqe
t5N0xLQIX8/gDSAQWUrmNXka6Aw36QL4NIIT6O37vFzhDvvZWAOE1gNXKhFjHUOx
hSUXXjo0XJ6U8hqlbqo8A5pEcDctVumswyJWVwVvGYfIWr6AJZOcPaXsqQIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFCbj/Hm2OLEjGR2vpOiG06WsrUh/MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM2LzUzYjAx
My01OTEyLTQyYjAtYjAyNi1hNTViMGRjYzI5NDYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzYvNTNiMDEz
LTU5MTItNDJiMC1iMDI2LWE1NWIwZGNjMjk0Ni8xL0p1UDhlYlk0c1NNWkhhLWs2
SWJUcGF5dFNIOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUDKhN/QDAaBggrBgEFBQcBCAEB/wQLMAmgBzAF
AgMDOI8wDQYJKoZIhvcNAQELBQADggEBABD8m+DPPGEwsy2Lex8KhNo4VtFGetpy
3wTcBythXoyi5VIgbuAOo8N+nn0ZzrNZw6+g5YC+9+nZ2x10i0JbKFaSYhNGXrP0
qf4gQ7gyzUVVFqNCEUg65div7vKiQ3cBebIYPjDc+ej4KneDYf7ucP6nAlNlLLSs
nEhssbOWpYPfOWcgpfTC2QWDV9Ri1SSDddYkE426qG94MCzPBA8vmIyZ02EVr26B
Rph3M8TAor4+/0ga9rtJXhUO290DQY/t97dwv6jtpM8/Wkw75DPHgYnmekYXo4mL
CI7VHHbKW8TRwjfOGKDCwJM3ZVG6Zb4uvFKCkieiILiVYq2kE3C0IKw=
-----END CERTIFICATE-----