Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Ld7_S4_DB1RP7B-pnaKmiX30Yrg.cer
File:                     Ld7_S4_DB1RP7B-pnaKmiX30Yrg.cer (raw, json)
Hash identifier:          3cClmm6UYtEQZkWxI8YNWf8ymHJu+AR385E/5ueKRsU=
Subject key identifier:   2D:DE:FF:4B:8F:C3:07:54:4F:EC:1F:A9:9D:A2:A6:89:7D:F4:62:B8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019424B3B5C506D3777C57B5913FC54E3E1C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a5/f309c9-230a-41e2-bf27-6613aeaa60de/1/Ld7_S4_DB1RP7B-pnaKmiX30Yrg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a5/f309c9-230a-41e2-bf27-6613aeaa60de/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 01:49:04 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 91.194.132.0/23
                          IP: 91.239.92.0/23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:b5:c5:06:d3:77:7c:57:b5:91:3f:c5:4e:3e:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 01:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ddeff4b8fc307544fec1fa99da2a6897df462b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:32:ef:64:22:28:68:b9:07:f6:fe:d1:96:25:
                    b3:1f:36:11:18:08:2e:19:d2:8d:bb:19:2c:13:68:
                    db:c8:36:c9:a9:12:77:83:70:bb:6d:51:90:9f:c8:
                    f9:c6:32:46:56:c9:ea:f3:cd:b2:35:54:e2:17:8e:
                    8a:80:1c:3f:39:ee:d3:4b:90:29:fa:25:74:41:56:
                    e5:1e:0a:45:cf:66:46:e9:c0:c2:c7:b4:3e:7c:65:
                    d6:ff:fe:50:f5:1c:55:d5:b1:b2:d1:1a:39:f7:02:
                    35:45:f2:cf:5c:12:21:da:3e:45:ff:2d:8b:53:e7:
                    0f:82:0d:fc:3a:f4:b3:bd:ef:46:62:91:59:a5:ce:
                    0d:67:57:c0:5e:02:b1:f8:ef:f5:50:54:fa:fa:f8:
                    7b:7f:aa:70:b5:79:7a:a8:16:b2:e2:a9:25:39:13:
                    d0:44:5b:77:47:bd:79:84:09:a6:c0:81:ef:24:ba:
                    4a:10:b8:6e:4c:1e:e0:10:f6:85:f8:6a:d9:5e:fb:
                    d8:a8:82:ae:11:3d:59:92:86:5e:3e:3f:cb:06:0a:
                    12:1f:1b:c4:ff:9d:a2:36:d7:6d:fe:92:d2:3c:a9:
                    12:74:ba:11:5e:62:fc:18:43:6e:7e:8b:c6:9e:f2:
                    88:b4:78:f5:1d:b0:0b:22:43:1e:5b:17:c7:12:78:
                    b1:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:DE:FF:4B:8F:C3:07:54:4F:EC:1F:A9:9D:A2:A6:89:7D:F4:62:B8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/f309c9-230a-41e2-bf27-6613aeaa60de/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/f309c9-230a-41e2-bf27-6613aeaa60de/1/Ld7_S4_DB1RP7B-pnaKmiX30Yrg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.132.0/23
                  91.239.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:0d:49:33:ec:f5:11:44:38:63:a7:71:5f:24:b3:a4:b1:88:
         e4:d8:96:4a:2b:a8:4b:e5:74:b9:fc:f0:6e:f8:ec:0a:14:be:
         b6:8f:18:4d:54:fa:d9:5c:fa:8a:a8:24:c5:ef:c2:24:c2:a7:
         ba:c5:e6:38:6e:c4:aa:5d:8d:5d:b1:37:fd:a8:5d:50:9b:d0:
         34:cb:db:20:44:19:27:6a:81:f3:d7:3b:c0:3c:d1:d0:2a:58:
         7f:4a:c1:85:ee:aa:d4:9a:9e:6c:fd:9e:1d:d2:ec:f3:f8:7a:
         2c:22:cd:54:28:ce:10:09:a5:b1:11:64:e7:0f:8a:76:ea:33:
         7b:4e:d0:d6:a2:e0:e3:21:67:52:3d:96:3d:53:b5:51:24:23:
         9a:46:a6:f4:96:33:13:dc:bf:75:4b:d6:9b:83:06:3a:aa:d8:
         99:94:e3:f2:fd:27:a3:e0:bc:63:a8:c8:d1:3b:88:55:68:e6:
         57:39:3b:76:64:1b:2d:9a:72:91:3e:86:56:08:38:89:f3:45:
         04:b9:42:e7:42:62:30:05:28:db:6b:ed:3f:92:21:6e:f9:f4:
         33:18:f9:39:57:f0:c1:3b:57:2d:b6:61:90:59:de:46:62:a2:
         bc:7a:33:8c:07:6a:f4:fc:b0:d6:8e:b5:af:61:f4:3d:d1:89:
         e4:06:01:6b
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAZQks7XFBtN3fFe1kT/FTj4cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDE0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGRlZmY0YjhmYzMwNzU0NGZlYzFmYTk5ZGEyYTY4OTdkZjQ2MmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDLvZCIoaLkH9v7RliWzHzYRGAgu
GdKNuxksE2jbyDbJqRJ3g3C7bVGQn8j5xjJGVsnq882yNVTiF46KgBw/Oe7TS5Ap
+iV0QVblHgpFz2ZG6cDCx7Q+fGXW//5Q9RxV1bGy0Ro59wI1RfLPXBIh2j5F/y2L
U+cPgg38OvSzve9GYpFZpc4NZ1fAXgKx+O/1UFT6+vh7f6pwtXl6qBay4qklORPQ
RFt3R715hAmmwIHvJLpKELhuTB7gEPaF+GrZXvvYqIKuET1ZkoZePj/LBgoSHxvE
/52iNtdt/pLSPKkSdLoRXmL8GENufovGnvKItHj1HbALIkMeWxfHEnixKwIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFC3e/0uPwwdUT+wfqZ2ipol99GK4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2E1L2YzMDlj
OS0yMzBhLTQxZTItYmYyNy02NjEzYWVhYTYwZGUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTUvZjMwOWM5
LTIzMGEtNDFlMi1iZjI3LTY2MTNhZWFhNjBkZS8xL0xkN19TNF9EQjFSUDdCLXBu
YUttaVgzMFlyZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQBW8KEAwQBW+9cMA0GCSqGSIb3DQEBCwUAA4IB
AQA3DUkz7PURRDhjp3FfJLOksYjk2JZKK6hL5XS5/PBu+OwKFL62jxhNVPrZXPqK
qCTF78Ikwqe6xeY4bsSqXY1dsTf9qF1Qm9A0y9sgRBknaoHz1zvAPNHQKlh/SsGF
7qrUmp5s/Z4d0uzz+HosIs1UKM4QCaWxEWTnD4p26jN7TtDWouDjIWdSPZY9U7VR
JCOaRqb0ljMT3L91S9abgwY6qtiZlOPy/Sej4LxjqMjRO4hVaOZXOTt2ZBstmnKR
PoZWCDiJ80UEuULnQmIwBSjba+0/kiFu+fQzGPk5V/DBO1cttmGQWd5GYqK8ejOM
B2r0/LDWjrWvYfQ90YnkBgFr
-----END CERTIFICATE-----