Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/K76x-Fza0UW9L5et3QlB0y11jec.cer
File:                     K76x-Fza0UW9L5et3QlB0y11jec.cer (raw, json)
Hash identifier:          QkAygs9HhUBgXLNnJecuTWRbhPYgqOkbNG7/lomAQL0=
Subject key identifier:   2B:BE:B1:F8:5C:DA:D1:45:BD:2F:97:AD:DD:09:41:D3:2D:75:8D:E7
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019421B1ABA5C8059A05AFA5FCBE5896682A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/34/a5f2ba-326d-4845-b7a3-02fd8e99bfe1/1/K76x-Fza0UW9L5et3QlB0y11jec.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/34/a5f2ba-326d-4845-b7a3-02fd8e99bfe1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 11:47:59 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 193.33.158.0/23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:ab:a5:c8:05:9a:05:af:a5:fc:be:58:96:68:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 11:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2bbeb1f85cdad145bd2f97addd0941d32d758de7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:c2:00:4f:89:9b:36:27:e0:59:67:fe:c3:86:
                    b8:11:42:77:0b:2f:f4:42:bd:02:a9:8b:ff:ee:09:
                    61:90:d8:54:59:49:47:36:0c:44:f9:47:a6:2f:dc:
                    e1:e6:6c:f5:d9:e1:1d:2a:b6:51:ea:31:3d:aa:56:
                    fc:1d:7d:aa:5e:75:46:0f:41:0c:fd:fd:37:7d:84:
                    57:6d:2d:9a:fd:86:ef:24:9c:a5:87:e7:87:ce:a1:
                    b8:eb:8b:62:e9:50:a1:cd:5d:4d:ed:42:61:6c:01:
                    2f:d7:91:4d:c8:23:20:ee:87:c4:67:9d:00:f7:93:
                    ff:0c:53:0a:e2:01:e2:66:60:a2:9e:de:89:df:ad:
                    8c:f4:01:d3:1b:2c:ab:9c:c3:ab:3b:53:2d:49:7e:
                    60:39:28:ed:9f:ae:29:67:ac:e1:be:33:6c:4e:aa:
                    e6:09:76:84:0c:85:21:88:99:e3:4d:59:3b:a8:9e:
                    e5:fe:5d:cd:5c:d5:f9:21:b8:cc:6a:69:50:1c:cf:
                    67:ea:db:e0:ba:e8:1f:a5:a5:25:49:b1:7b:62:b4:
                    2e:b7:45:2d:4c:6c:05:6f:fd:b9:b9:d1:86:3e:c4:
                    c2:e2:c4:4c:e4:c0:92:04:0a:cf:91:f3:65:62:50:
                    c9:f5:43:e8:38:6f:33:84:2c:ce:fd:cf:4c:74:5c:
                    97:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:BE:B1:F8:5C:DA:D1:45:BD:2F:97:AD:DD:09:41:D3:2D:75:8D:E7
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/a5f2ba-326d-4845-b7a3-02fd8e99bfe1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/a5f2ba-326d-4845-b7a3-02fd8e99bfe1/1/K76x-Fza0UW9L5et3QlB0y11jec.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:d9:70:64:b1:2a:c9:c5:c8:01:56:e4:ef:cc:8a:58:9b:68:
         68:0e:29:9c:bc:4a:cf:5a:3d:c0:4f:1a:24:bb:b2:fd:e1:59:
         70:2d:8d:3d:ba:b9:93:8e:14:23:34:4c:05:43:ae:c9:6b:08:
         c7:12:60:c2:b0:d4:67:b6:45:8f:b0:a7:22:e5:7a:69:b7:99:
         21:e2:b3:92:8e:49:0e:f7:c5:d7:fb:3f:03:2d:e6:3d:e5:29:
         c0:7b:e4:6f:b8:81:07:fa:44:0e:3d:ce:74:ee:9d:40:fe:9a:
         ad:6d:c0:80:04:7e:eb:f7:10:be:57:58:6d:85:40:21:5e:dc:
         ef:32:16:2a:e1:78:5e:e8:5a:a6:1c:9d:bd:1d:57:6f:bb:d8:
         2c:ee:94:d7:da:4c:80:42:20:6a:de:3e:d6:39:94:7e:99:3c:
         a7:e9:0e:1b:6e:ba:63:6b:e2:42:1a:3a:1f:f7:e1:1e:f4:9f:
         da:32:6f:da:ec:ae:a5:96:3a:81:78:01:96:b8:c2:08:d0:80:
         cb:9a:f3:fd:ec:58:53:28:95:af:86:35:cb:92:e8:8c:e6:2f:
         b5:10:0f:78:fc:f5:1f:ce:76:89:b7:20:32:0f:69:51:e7:b9:
         8c:a4:e7:0d:5c:b1:36:22:9f:7d:45:de:ea:aa:7c:1e:ad:66:
         c7:10:6d:83
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQhsaulyAWaBa+l/L5YlmgqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTE0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmJlYjFmODVjZGFkMTQ1YmQyZjk3YWRkZDA5NDFkMzJkNzU4ZGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA08IAT4mbNifgWWf+w4a4EUJ3Cy/0
Qr0CqYv/7glhkNhUWUlHNgxE+UemL9zh5mz12eEdKrZR6jE9qlb8HX2qXnVGD0EM
/f03fYRXbS2a/YbvJJylh+eHzqG464ti6VChzV1N7UJhbAEv15FNyCMg7ofEZ50A
95P/DFMK4gHiZmCint6J362M9AHTGyyrnMOrO1MtSX5gOSjtn64pZ6zhvjNsTqrm
CXaEDIUhiJnjTVk7qJ7l/l3NXNX5IbjMamlQHM9n6tvguugfpaUlSbF7YrQut0Ut
TGwFb/25udGGPsTC4sRM5MCSBArPkfNlYlDJ9UPoOG8zhCzO/c9MdFyXSQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFCu+sfhc2tFFvS+Xrd0JQdMtdY3nMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM0L2E1ZjJi
YS0zMjZkLTQ4NDUtYjdhMy0wMmZkOGU5OWJmZTEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQvYTVmMmJh
LTMyNmQtNDg0NS1iN2EzLTAyZmQ4ZTk5YmZlMS8xL0s3NngtRnphMFVXOUw1ZXQz
UWxCMHkxMWplYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBwSGeMA0GCSqGSIb3DQEBCwUAA4IBAQAF2XBk
sSrJxcgBVuTvzIpYm2hoDimcvErPWj3ATxoku7L94VlwLY09urmTjhQjNEwFQ67J
awjHEmDCsNRntkWPsKci5Xppt5kh4rOSjkkO98XX+z8DLeY95SnAe+RvuIEH+kQO
Pc507p1A/pqtbcCABH7r9xC+V1hthUAhXtzvMhYq4Xhe6FqmHJ29HVdvu9gs7pTX
2kyAQiBq3j7WOZR+mTyn6Q4bbrpja+JCGjof9+Ee9J/aMm/a7K6lljqBeAGWuMII
0IDLmvP97FhTKJWvhjXLkuiM5i+1EA94/PUfznaJtyAyD2lR57mMpOcNXLE2Ip99
Rd7qqnwerWbHEG2D
-----END CERTIFICATE-----