Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/KcFw2YteNdfVFTdnHGBApRUYhLw.cer
File:                     KcFw2YteNdfVFTdnHGBApRUYhLw.cer (raw, json)
Hash identifier:          V989BfEGNphh221fRo6Xmv08uh+Wz6QNLQE9dEuHih4=
Subject key identifier:   29:C1:70:D9:8B:5E:35:D7:D5:15:37:67:1C:60:40:A5:15:18:84:BC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019425FDD3F3730E6FD47BB9A7E2C7CC5D83
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6b/e25a3c-def6-4228-a10b-c45e949e9cd6/1/KcFw2YteNdfVFTdnHGBApRUYhLw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6b/e25a3c-def6-4228-a10b-c45e949e9cd6/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 07:49:39 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 212.72.224.0/21
                          IP: 2a02:968::/32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 23:34:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:d3:f3:73:0e:6f:d4:7b:b9:a7:e2:c7:cc:5d:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 07:49:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29c170d98b5e35d7d51537671c6040a5151884bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d3:22:fe:23:e1:68:3e:1a:44:f8:54:e9:6d:
                    83:7f:6e:33:a1:48:32:7d:7f:97:3a:bc:9c:ef:89:
                    ee:4a:c9:3d:e8:06:5c:78:78:6a:a2:4b:d3:d0:d9:
                    6c:fb:56:e4:f4:d1:ca:22:6a:ad:2a:71:3c:07:db:
                    0f:ca:a2:dc:09:1d:d3:88:06:a6:bf:a9:0a:c5:c8:
                    43:75:66:52:89:32:5d:d0:ed:5b:48:77:1f:fc:7e:
                    86:24:a9:4d:ee:03:7b:ce:28:29:38:76:c6:27:4c:
                    c7:e9:90:d0:8c:24:84:43:54:e2:c8:10:cc:f0:f9:
                    aa:0d:a0:1d:01:41:68:cd:f7:ab:b2:4b:4b:cf:f7:
                    64:21:b8:89:a1:e3:e1:35:4a:72:48:1e:3c:54:f1:
                    5b:88:98:d3:86:5f:a3:ca:56:7e:9f:ce:c1:3b:d9:
                    7b:28:ff:36:4b:05:2d:52:00:d5:f6:10:8d:8c:51:
                    f2:a3:03:78:66:ea:19:81:92:e7:83:61:17:b4:7c:
                    a1:cb:6b:22:15:21:88:54:45:11:3e:90:cf:78:f7:
                    36:89:b6:df:13:44:af:82:91:22:17:74:d5:a2:36:
                    b6:b0:dd:d5:81:41:cb:5d:c4:29:d5:fc:42:4b:23:
                    98:d5:77:80:c9:1b:52:38:98:74:c5:79:df:d1:b6:
                    9f:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:C1:70:D9:8B:5E:35:D7:D5:15:37:67:1C:60:40:A5:15:18:84:BC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/e25a3c-def6-4228-a10b-c45e949e9cd6/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/e25a3c-def6-4228-a10b-c45e949e9cd6/1/KcFw2YteNdfVFTdnHGBApRUYhLw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.72.224.0/21
                IPv6:
                  2a02:968::/32

    Signature Algorithm: sha256WithRSAEncryption
         2e:b8:ee:3e:b4:99:45:8a:14:c2:e6:68:5b:33:c7:19:b8:55:
         97:06:0a:3c:d9:12:45:d8:76:f3:23:63:f7:38:2f:fb:f3:d1:
         4c:1e:4a:57:60:fd:5f:1f:5b:d7:d3:1f:68:80:ee:eb:8a:8a:
         06:36:bb:fd:ef:aa:74:35:ee:05:bc:b9:6c:d2:bb:e2:63:e9:
         75:ff:33:78:84:4d:e3:0a:9b:ad:f5:ec:34:a5:25:64:68:46:
         0b:2f:e1:d6:e3:82:74:b6:7d:91:79:1b:ac:25:e5:11:a8:e4:
         cc:f2:df:a8:8e:56:ce:5b:f9:72:40:78:7b:d1:2c:44:07:26:
         dd:93:4e:2c:fb:82:76:9b:a6:0d:af:41:8b:1a:49:22:40:49:
         9f:ea:74:56:6c:12:4d:2b:5b:79:1c:c6:56:99:35:eb:d0:86:
         2e:b1:b5:97:96:4b:0b:2b:cc:bd:0c:29:5e:c8:1f:e6:69:59:
         b2:0b:15:c2:7f:db:20:00:5b:c6:49:fc:0b:8a:6b:b8:cb:f4:
         b0:6c:d9:a7:f0:6d:cb:b5:ae:5b:e6:54:a8:ce:95:61:87:b3:
         58:fb:fe:fd:39:19:80:3d:85:b9:a4:54:db:f5:20:d3:39:32:
         42:1b:f4:35:b6:33:08:b6:d5:b4:0d:5e:2c:da:e5:1e:b6:78:
         d4:6f:da:ab
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQl/dPzcw5v1Hu5p+LHzF2DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDc0OTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWMxNzBkOThiNWUzNWQ3ZDUxNTM3NjcxYzYwNDBhNTE1MTg4NGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttMi/iPhaD4aRPhU6W2Df24zoUgy
fX+XOryc74nuSsk96AZceHhqokvT0Nls+1bk9NHKImqtKnE8B9sPyqLcCR3TiAam
v6kKxchDdWZSiTJd0O1bSHcf/H6GJKlN7gN7zigpOHbGJ0zH6ZDQjCSEQ1TiyBDM
8PmqDaAdAUFozfersktLz/dkIbiJoePhNUpySB48VPFbiJjThl+jylZ+n87BO9l7
KP82SwUtUgDV9hCNjFHyowN4ZuoZgZLng2EXtHyhy2siFSGIVEURPpDPePc2ibbf
E0SvgpEiF3TVoja2sN3VgUHLXcQp1fxCSyOY1XeAyRtSOJh0xXnf0bafRQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFCnBcNmLXjXX1RU3ZxxgQKUVGIS8MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZiL2UyNWEz
Yy1kZWY2LTQyMjgtYTEwYi1jNDVlOTQ5ZTljZDYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmIvZTI1YTNj
LWRlZjYtNDIyOC1hMTBiLWM0NWU5NDllOWNkNi8xL0tjRncyWXRlTmRmVkZUZG5I
R0JBcFJVWWhMdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQD1EjgMA0EAgACMAcDBQAqAgloMA0GCSqGSIb3
DQEBCwUAA4IBAQAuuO4+tJlFihTC5mhbM8cZuFWXBgo82RJF2HbzI2P3OC/789FM
HkpXYP1fH1vX0x9ogO7riooGNrv976p0Ne4FvLls0rviY+l1/zN4hE3jCput9ew0
pSVkaEYLL+HW44J0tn2ReRusJeURqOTM8t+ojlbOW/lyQHh70SxEBybdk04s+4J2
m6YNr0GLGkkiQEmf6nRWbBJNK1t5HMZWmTXr0IYusbWXlksLK8y9DCleyB/maVmy
CxXCf9sgAFvGSfwLimu4y/SwbNmn8G3Lta5b5lSozpVhh7NY+/79ORmAPYW5pFTb
9SDTOTJCG/Q1tjMIttW0DV4s2uUetnjUb9qr
-----END CERTIFICATE-----