Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/KbEhDskQXHF9CY-fDQDZ3qIyJTk.cer
File:                     KbEhDskQXHF9CY-fDQDZ3qIyJTk.cer (raw, json)
Hash identifier:          DqoxhJibRvAQDXvhyBbBABQ8NYBN2PT0VBV0OCDLZTc=
Subject key identifier:   29:B1:21:0E:C9:10:5C:71:7D:09:8F:9F:0D:00:D9:DE:A2:32:25:39
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019421B227BFC5B4731653494E584B634E90
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/07/a00c61-2d87-4620-913f-0e464ca39e75/1/KbEhDskQXHF9CY-fDQDZ3qIyJTk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/07/a00c61-2d87-4620-913f-0e464ca39e75/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 11:48:31 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 205957
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:27:bf:c5:b4:73:16:53:49:4e:58:4b:63:4e:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 11:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29b1210ec9105c717d098f9f0d00d9dea2322539
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:01:03:d9:7c:87:55:05:85:43:d8:70:0b:10:
                    90:ae:83:26:86:a1:cd:d8:32:b8:8b:8a:14:89:09:
                    01:8b:24:e0:88:66:b2:d2:6a:82:b2:57:23:6e:de:
                    d6:55:f0:24:d5:1f:68:c4:75:26:86:34:96:37:44:
                    4f:fc:22:2b:32:72:65:47:08:be:7d:90:d6:30:5d:
                    89:fa:ea:e4:64:0d:ca:31:f3:04:73:43:6f:54:d7:
                    57:44:22:c8:4d:b1:bb:8d:d3:83:cc:27:a0:de:dd:
                    79:29:ab:86:36:cd:32:27:19:35:df:bb:51:a5:1b:
                    ba:30:11:82:06:86:0f:f0:b9:96:a4:55:dc:9b:57:
                    11:e2:c6:83:ea:6e:b8:0b:48:a8:ec:08:23:4e:b7:
                    d7:1f:7d:5f:6a:24:cd:6f:e5:42:ca:3d:c2:6a:8c:
                    f9:11:cf:63:80:06:b7:8c:4b:df:f5:6a:ce:1d:33:
                    5f:9a:58:80:1b:38:30:54:08:39:89:22:90:df:54:
                    ee:ee:74:ac:f5:64:29:98:bd:0a:68:c9:1c:fb:a1:
                    cc:09:6e:90:bb:d2:e2:e6:ed:5c:ce:29:ac:d2:a7:
                    1d:71:13:a5:05:7a:f0:b5:49:a1:cf:22:64:2b:3c:
                    72:44:ef:39:a3:aa:e1:c2:22:31:3f:52:b2:c0:02:
                    ad:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:B1:21:0E:C9:10:5C:71:7D:09:8F:9F:0D:00:D9:DE:A2:32:25:39
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/a00c61-2d87-4620-913f-0e464ca39e75/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/a00c61-2d87-4620-913f-0e464ca39e75/1/KbEhDskQXHF9CY-fDQDZ3qIyJTk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  205957

    Signature Algorithm: sha256WithRSAEncryption
         49:55:93:1f:a9:47:c1:b8:e8:ca:3c:dd:81:4f:be:d0:c3:4f:
         25:41:d4:f1:c4:14:c1:39:02:55:0a:a6:0d:5a:b2:99:95:85:
         b8:7b:71:dd:48:c8:2c:fc:5b:c9:8b:39:9a:a2:1b:08:51:f3:
         37:77:1a:8c:67:1d:0a:65:88:3a:c8:f8:ff:96:b4:78:ab:6d:
         5a:25:59:d3:16:0b:b4:7f:25:bd:fe:cc:80:0f:5d:ac:2d:2e:
         3e:31:7e:f9:15:40:38:34:d9:df:30:bc:b5:75:28:c2:16:13:
         0c:6b:6b:bd:52:b3:da:dc:d0:85:14:3d:2c:5e:c6:b7:15:2e:
         df:47:4b:5c:95:29:69:e9:a2:47:65:94:4c:39:f3:aa:5c:9f:
         b9:12:89:11:06:57:07:8a:01:e9:21:26:c8:a7:fe:11:a8:e5:
         e7:4a:0c:ff:f4:9f:60:05:69:43:bb:d2:c7:2f:31:4f:76:1f:
         b3:3a:2c:04:4a:da:f5:b2:b0:0a:3f:97:af:f9:e4:3f:6b:5f:
         35:ce:16:1e:3a:63:ae:c7:a8:9f:4f:09:df:2d:c2:93:6c:e1:
         c3:aa:1f:69:a7:f8:f8:f5:60:38:5d:f2:48:af:3c:31:c9:48:
         46:15:b8:ee:ce:09:f4:7f:8b:b0:d9:24:ed:35:13:84:13:54:
         7a:d7:fb:b6
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQhsie/xbRzFlNJTlhLY06QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTE0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWIxMjEwZWM5MTA1YzcxN2QwOThmOWYwZDAwZDlkZWEyMzIyNTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogED2XyHVQWFQ9hwCxCQroMmhqHN
2DK4i4oUiQkBiyTgiGay0mqCslcjbt7WVfAk1R9oxHUmhjSWN0RP/CIrMnJlRwi+
fZDWMF2J+urkZA3KMfMEc0NvVNdXRCLITbG7jdODzCeg3t15KauGNs0yJxk137tR
pRu6MBGCBoYP8LmWpFXcm1cR4saD6m64C0io7AgjTrfXH31faiTNb+VCyj3Caoz5
Ec9jgAa3jEvf9WrOHTNfmliAGzgwVAg5iSKQ31Tu7nSs9WQpmL0KaMkc+6HMCW6Q
u9Li5u1czims0qcdcROlBXrwtUmhzyJkKzxyRO85o6rhwiIxP1KywAKtNwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFCmxIQ7JEFxxfQmPnw0A2d6iMiU5MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzA3L2EwMGM2
MS0yZDg3LTQ2MjAtOTEzZi0wZTQ2NGNhMzllNzUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDcvYTAwYzYx
LTJkODctNDYyMC05MTNmLTBlNDY0Y2EzOWU3NS8xL0tiRWhEc2tRWEhGOUNZLWZE
UURaM3FJeUpUay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMkhTANBgkqhkiG9w0BAQsFAAOCAQEASVWTH6lHwbjo
yjzdgU++0MNPJUHU8cQUwTkCVQqmDVqymZWFuHtx3UjILPxbyYs5mqIbCFHzN3ca
jGcdCmWIOsj4/5a0eKttWiVZ0xYLtH8lvf7MgA9drC0uPjF++RVAODTZ3zC8tXUo
whYTDGtrvVKz2tzQhRQ9LF7GtxUu30dLXJUpaemiR2WUTDnzqlyfuRKJEQZXB4oB
6SEmyKf+Eajl50oM//SfYAVpQ7vSxy8xT3YfszosBEra9bKwCj+Xr/nkP2tfNc4W
Hjpjrseon08J3y3Ck2zhw6ofaaf4+PVgOF3ySK88MclIRhW47s4J9H+LsNkk7TUT
hBNUetf7tg==
-----END CERTIFICATE-----