Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/KcFw2YteNdfVFTdnHGBApRUYhLw.cer
File:                     KcFw2YteNdfVFTdnHGBApRUYhLw.cer (raw, json)
Hash identifier:          qTLj8ux8mfaxYV7ySNsK+M0FynV8oU5Svf3rCUagZRg=
Subject key identifier:   29:C1:70:D9:8B:5E:35:D7:D5:15:37:67:1C:60:40:A5:15:18:84:BC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019233BF26959F3236C816AAB2E1272AA266
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6b/e25a3c-def6-4228-a10b-c45e949e9cd6/1/KcFw2YteNdfVFTdnHGBApRUYhLw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6b/e25a3c-def6-4228-a10b-c45e949e9cd6/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 27 Sep 2024 13:50:18 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 212.72.224.0/21
                          IP: 2a02:968::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:33:bf:26:95:9f:32:36:c8:16:aa:b2:e1:27:2a:a2:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Sep 27 13:50:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29c170d98b5e35d7d51537671c6040a5151884bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d3:22:fe:23:e1:68:3e:1a:44:f8:54:e9:6d:
                    83:7f:6e:33:a1:48:32:7d:7f:97:3a:bc:9c:ef:89:
                    ee:4a:c9:3d:e8:06:5c:78:78:6a:a2:4b:d3:d0:d9:
                    6c:fb:56:e4:f4:d1:ca:22:6a:ad:2a:71:3c:07:db:
                    0f:ca:a2:dc:09:1d:d3:88:06:a6:bf:a9:0a:c5:c8:
                    43:75:66:52:89:32:5d:d0:ed:5b:48:77:1f:fc:7e:
                    86:24:a9:4d:ee:03:7b:ce:28:29:38:76:c6:27:4c:
                    c7:e9:90:d0:8c:24:84:43:54:e2:c8:10:cc:f0:f9:
                    aa:0d:a0:1d:01:41:68:cd:f7:ab:b2:4b:4b:cf:f7:
                    64:21:b8:89:a1:e3:e1:35:4a:72:48:1e:3c:54:f1:
                    5b:88:98:d3:86:5f:a3:ca:56:7e:9f:ce:c1:3b:d9:
                    7b:28:ff:36:4b:05:2d:52:00:d5:f6:10:8d:8c:51:
                    f2:a3:03:78:66:ea:19:81:92:e7:83:61:17:b4:7c:
                    a1:cb:6b:22:15:21:88:54:45:11:3e:90:cf:78:f7:
                    36:89:b6:df:13:44:af:82:91:22:17:74:d5:a2:36:
                    b6:b0:dd:d5:81:41:cb:5d:c4:29:d5:fc:42:4b:23:
                    98:d5:77:80:c9:1b:52:38:98:74:c5:79:df:d1:b6:
                    9f:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:C1:70:D9:8B:5E:35:D7:D5:15:37:67:1C:60:40:A5:15:18:84:BC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/e25a3c-def6-4228-a10b-c45e949e9cd6/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/e25a3c-def6-4228-a10b-c45e949e9cd6/1/KcFw2YteNdfVFTdnHGBApRUYhLw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.72.224.0/21
                IPv6:
                  2a02:968::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:ee:4d:ec:09:80:fe:9a:97:45:d4:50:07:c6:71:b4:db:46:
         6b:f0:1f:9b:b6:a4:fa:38:14:13:6e:6c:fc:64:76:06:9b:65:
         86:32:88:62:26:be:d8:6b:0f:70:4d:07:47:f2:a6:e8:34:80:
         11:ed:3e:6f:d6:c1:bd:19:de:5e:36:44:fb:8f:76:c6:e5:ba:
         85:8a:db:70:c9:8a:be:91:43:0a:71:fe:15:2c:08:8d:a4:cc:
         79:b9:62:ce:47:e3:f8:95:37:2c:0f:16:f4:af:c4:b9:69:57:
         ad:b6:3f:ac:70:a4:08:9c:37:ac:eb:65:a1:35:5b:05:a2:71:
         0f:d9:6d:1b:ec:79:29:d0:73:7c:f6:35:e7:d6:a3:93:d8:aa:
         42:96:fe:21:f4:37:90:24:ac:dc:35:d6:3a:b2:cd:d3:b5:71:
         2e:1f:26:d8:aa:2f:39:39:86:20:4c:fb:ac:84:16:24:00:81:
         16:34:16:6a:4f:95:27:aa:2c:0c:77:be:ab:37:59:7a:a3:a7:
         2a:55:71:bd:c8:d7:92:b7:29:bc:af:c0:6c:d2:86:59:4c:ff:
         14:5b:d0:15:56:a0:34:38:f1:b5:5b:d2:c2:52:8f:8a:b1:39:
         e8:f2:6f:f2:9f:cc:6d:bc:59:ef:5e:b3:76:3d:01:8d:a8:b7:
         a1:e8:ff:83
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZIzvyaVnzI2yBaqsuEnKqJmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwOTI3MTM1MDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWMxNzBkOThiNWUzNWQ3ZDUxNTM3NjcxYzYwNDBhNTE1MTg4NGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttMi/iPhaD4aRPhU6W2Df24zoUgy
fX+XOryc74nuSsk96AZceHhqokvT0Nls+1bk9NHKImqtKnE8B9sPyqLcCR3TiAam
v6kKxchDdWZSiTJd0O1bSHcf/H6GJKlN7gN7zigpOHbGJ0zH6ZDQjCSEQ1TiyBDM
8PmqDaAdAUFozfersktLz/dkIbiJoePhNUpySB48VPFbiJjThl+jylZ+n87BO9l7
KP82SwUtUgDV9hCNjFHyowN4ZuoZgZLng2EXtHyhy2siFSGIVEURPpDPePc2ibbf
E0SvgpEiF3TVoja2sN3VgUHLXcQp1fxCSyOY1XeAyRtSOJh0xXnf0bafRQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFCnBcNmLXjXX1RU3ZxxgQKUVGIS8MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZiL2UyNWEz
Yy1kZWY2LTQyMjgtYTEwYi1jNDVlOTQ5ZTljZDYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmIvZTI1YTNj
LWRlZjYtNDIyOC1hMTBiLWM0NWU5NDllOWNkNi8xL0tjRncyWXRlTmRmVkZUZG5I
R0JBcFJVWWhMdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQD1EjgMA0EAgACMAcDBQAqAgloMA0GCSqGSIb3
DQEBCwUAA4IBAQBo7k3sCYD+mpdF1FAHxnG020Zr8B+btqT6OBQTbmz8ZHYGm2WG
MohiJr7Yaw9wTQdH8qboNIAR7T5v1sG9Gd5eNkT7j3bG5bqFittwyYq+kUMKcf4V
LAiNpMx5uWLOR+P4lTcsDxb0r8S5aVettj+scKQInDes62WhNVsFonEP2W0b7Hkp
0HN89jXn1qOT2KpClv4h9DeQJKzcNdY6ss3TtXEuHybYqi85OYYgTPushBYkAIEW
NBZqT5UnqiwMd76rN1l6o6cqVXG9yNeStym8r8Bs0oZZTP8UW9AVVqA0OPG1W9LC
Uo+KsTno8m/yn8xtvFnvXrN2PQGNqLeh6P+D
-----END CERTIFICATE-----