Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/KgV9tw5HTrSgd_oT875N17Y4C1Q.cer
File:                     KgV9tw5HTrSgd_oT875N17Y4C1Q.cer (raw, json)
Hash identifier:          mUHGIwd/bvcOZe3UNoDZCIEIpiBda0way61czejyxMk=
Subject key identifier:   2A:05:7D:B7:0E:47:4E:B4:A0:77:FA:13:F3:BE:4D:D7:B6:38:0B:54
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942823C24A7FCD6AC43E8BA487411CF0CF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/cc/d978ff-74a1-4915-959a-c03568dc08b3/1/KgV9tw5HTrSgd_oT875N17Y4C1Q.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/cc/d978ff-74a1-4915-959a-c03568dc08b3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 17:50:19 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 204500
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Mar 2025 12:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:c2:4a:7f:cd:6a:c4:3e:8b:a4:87:41:1c:f0:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 17:50:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a057db70e474eb4a077fa13f3be4dd7b6380b54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:4f:a6:e0:bf:c6:71:a8:3d:e7:52:ea:6c:72:
                    54:8d:e0:04:b8:52:0a:73:dc:c8:9a:6f:21:e4:d8:
                    9a:02:4f:c7:b2:6c:aa:e6:a6:02:16:81:f6:99:e3:
                    53:1b:db:ab:b3:8b:9d:34:4b:84:7c:19:ca:14:0f:
                    63:93:8e:f4:5f:77:2f:8d:e1:8e:54:14:b6:4c:a4:
                    75:68:54:d0:d0:09:80:b7:3b:8f:e6:fd:4b:73:74:
                    38:63:8e:08:38:08:f0:f2:44:a7:c9:4f:67:40:ec:
                    83:d0:38:29:10:4d:a4:cc:cc:5c:69:f0:44:f5:36:
                    1d:75:05:69:15:f3:5f:f4:aa:23:69:ed:b9:06:b7:
                    e4:e7:c0:d6:e1:87:06:35:c8:4b:5f:b0:a3:2b:d5:
                    52:44:ea:b9:6c:61:fe:54:3b:1e:83:36:35:55:7f:
                    30:ca:f3:c5:a9:24:db:d5:f8:66:ae:3d:48:89:42:
                    da:34:6a:26:f9:da:1d:d9:c3:c5:28:90:9f:3e:56:
                    4a:21:4b:1d:60:1a:7e:80:e3:d2:11:1c:63:dc:4d:
                    be:69:e7:ef:c5:94:e1:f1:06:69:82:ea:cf:f2:1b:
                    22:fb:10:cf:69:89:b6:c6:77:70:25:91:8a:c3:20:
                    d5:36:d1:89:fc:aa:0e:a5:1b:bc:63:b9:74:42:54:
                    b6:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:05:7D:B7:0E:47:4E:B4:A0:77:FA:13:F3:BE:4D:D7:B6:38:0B:54
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/d978ff-74a1-4915-959a-c03568dc08b3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/d978ff-74a1-4915-959a-c03568dc08b3/1/KgV9tw5HTrSgd_oT875N17Y4C1Q.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  204500

    Signature Algorithm: sha256WithRSAEncryption
         3d:43:dc:0d:19:55:0e:a0:bd:30:fb:c8:a8:39:1d:cf:d8:8a:
         59:05:a3:1d:23:3d:8b:fc:4e:c2:c1:8b:07:21:0b:5f:e2:59:
         93:92:03:91:1f:5c:0c:07:6d:62:5a:e9:7e:42:e7:bd:9d:aa:
         53:6d:ec:63:60:fd:97:50:b5:80:3b:e4:0c:ee:a7:40:09:63:
         9f:34:3c:b0:8c:91:16:1e:85:0b:b8:ee:a9:ea:d6:ae:a5:19:
         6e:83:25:27:5a:77:36:62:1f:ce:7f:df:df:c9:37:1d:44:f4:
         53:a9:fe:c3:41:07:d8:31:a3:f1:9c:e8:11:72:de:27:b6:1d:
         62:08:0c:ed:23:1b:eb:04:bc:8e:f7:42:47:44:1a:d0:e2:27:
         dd:19:aa:a7:04:32:a2:65:08:4e:f1:25:82:46:65:e8:dc:70:
         14:f2:ac:8c:5e:1f:a5:be:e4:40:6d:39:1a:a9:40:2c:4c:66:
         73:b9:af:e9:75:2e:03:c9:86:d0:0e:8b:61:67:16:cc:6b:b5:
         e1:10:77:53:39:57:7c:b1:c2:7b:52:70:0e:34:f4:92:7e:c8:
         11:5a:67:e5:28:b9:80:b9:93:87:06:51:d8:b0:1b:24:4e:ec:
         51:d7:76:90:7e:52:40:df:05:16:dc:ad:cf:8b:83:44:45:a9:
         54:75:38:f4
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQoI8JKf81qxD6LpIdBHPDPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTc1MDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTA1N2RiNzBlNDc0ZWI0YTA3N2ZhMTNmM2JlNGRkN2I2MzgwYjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5E+m4L/Gcag951LqbHJUjeAEuFIK
c9zImm8h5NiaAk/Hsmyq5qYCFoH2meNTG9urs4udNEuEfBnKFA9jk470X3cvjeGO
VBS2TKR1aFTQ0AmAtzuP5v1Lc3Q4Y44IOAjw8kSnyU9nQOyD0DgpEE2kzMxcafBE
9TYddQVpFfNf9Kojae25Brfk58DW4YcGNchLX7CjK9VSROq5bGH+VDsegzY1VX8w
yvPFqSTb1fhmrj1IiULaNGom+dod2cPFKJCfPlZKIUsdYBp+gOPSERxj3E2+aefv
xZTh8QZpgurP8hsi+xDPaYm2xndwJZGKwyDVNtGJ/KoOpRu8Y7l0QlS2cwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFCoFfbcOR060oHf6E/O+Tde2OAtUMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NjL2Q5Nzhm
Zi03NGExLTQ5MTUtOTU5YS1jMDM1NjhkYzA4YjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2MvZDk3OGZm
LTc0YTEtNDkxNS05NTlhLWMwMzU2OGRjMDhiMy8xL0tnVjl0dzVIVHJTZ2Rfb1Q4
NzVOMTdZNEMxUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMe1DANBgkqhkiG9w0BAQsFAAOCAQEAPUPcDRlVDqC9
MPvIqDkdz9iKWQWjHSM9i/xOwsGLByELX+JZk5IDkR9cDAdtYlrpfkLnvZ2qU23s
Y2D9l1C1gDvkDO6nQAljnzQ8sIyRFh6FC7juqerWrqUZboMlJ1p3NmIfzn/f38k3
HUT0U6n+w0EH2DGj8ZzoEXLeJ7YdYggM7SMb6wS8jvdCR0Qa0OIn3RmqpwQyomUI
TvElgkZl6NxwFPKsjF4fpb7kQG05GqlALExmc7mv6XUuA8mG0A6LYWcWzGu14RB3
UzlXfLHCe1JwDjT0kn7IEVpn5Si5gLmThwZR2LAbJE7sUdd2kH5SQN8FFtytz4uD
REWpVHU49A==
-----END CERTIFICATE-----