Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/PUPPQPaR8Us1ymVwMpNIAgBc-og.cer
File:                     PUPPQPaR8Us1ymVwMpNIAgBc-og.cer (raw, json)
Hash identifier:          9cQREovGii0xRIdbWjjUzGhbb2kD1nSp93WCzFt98U8=
Subject key identifier:   3D:43:CF:40:F6:91:F1:4B:35:CA:65:70:32:93:48:02:00:5C:FA:88
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019421439650D8753DE96D28782168D37FC5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/28/43f7ac-6788-490b-9b3b-07fb6171f18f/1/PUPPQPaR8Us1ymVwMpNIAgBc-og.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/28/43f7ac-6788-490b-9b3b-07fb6171f18f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 09:47:45 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 91.200.61.0/24
                          IP: 2001:67c:1270::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:96:50:d8:75:3d:e9:6d:28:78:21:68:d3:7f:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 09:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d43cf40f691f14b35ca657032934802005cfa88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:de:2e:ab:ee:0a:4b:c0:96:4a:f0:48:12:66:
                    52:b9:9d:5b:40:3c:1c:95:61:03:0f:c1:3e:54:d7:
                    ed:be:65:24:38:59:62:7a:c7:8b:16:57:7d:3f:81:
                    40:4f:2a:f0:13:b1:f3:2b:26:ea:7a:02:1a:6b:8b:
                    98:85:c1:f7:f1:82:c6:4c:68:67:c7:13:2d:46:d1:
                    0b:ae:b4:69:c2:6f:6e:ed:13:31:1f:da:32:7e:93:
                    73:62:99:b6:82:4c:b0:7f:22:78:2c:2d:fe:df:77:
                    97:89:44:4f:2a:00:75:28:38:44:5e:f9:f7:e1:bc:
                    47:3a:82:bd:e2:6b:39:56:b8:64:a6:9b:90:b0:50:
                    1f:9a:5f:f7:e6:c6:f9:ae:05:2b:07:19:a9:0b:da:
                    b8:74:9d:c2:c2:d4:be:50:14:0a:5d:60:b8:84:95:
                    9a:7b:8e:08:18:bc:52:7b:45:20:43:ed:72:8d:2f:
                    4d:33:ab:1e:09:a9:d3:ff:53:c7:8c:bc:48:89:f5:
                    d4:ed:bf:ab:cd:9c:84:a3:1f:66:4c:2c:0f:c8:60:
                    5e:1c:af:43:43:f2:ae:ad:d4:0f:c9:e5:7e:e4:e9:
                    09:a6:51:a4:05:d1:40:52:25:e5:80:95:db:36:ed:
                    f5:24:6a:f0:77:77:8e:9d:99:d8:48:31:17:ef:9d:
                    88:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:43:CF:40:F6:91:F1:4B:35:CA:65:70:32:93:48:02:00:5C:FA:88
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/43f7ac-6788-490b-9b3b-07fb6171f18f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/43f7ac-6788-490b-9b3b-07fb6171f18f/1/PUPPQPaR8Us1ymVwMpNIAgBc-og.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.61.0/24
                IPv6:
                  2001:67c:1270::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:9b:14:89:d4:45:2b:f2:5a:15:ff:f5:71:40:3e:ea:d1:db:
         cd:c3:52:f5:65:2e:fc:9d:5d:5d:02:03:7f:0e:8d:0e:e2:fb:
         e0:01:fc:27:91:06:ad:85:e5:38:0f:48:01:76:6d:8e:da:ba:
         0c:b5:ab:50:1a:b3:1b:fd:f9:90:cc:72:b3:13:67:c5:d8:b4:
         29:e4:26:0c:48:64:a8:93:31:07:64:c3:83:06:7b:d4:3f:11:
         27:43:3e:81:d1:75:2d:8b:e3:4a:4d:85:9a:6e:57:03:37:6b:
         ab:f0:ae:3a:4e:4c:44:1f:74:43:92:44:76:55:01:67:2c:02:
         14:bb:93:af:86:04:c7:15:74:fa:ee:00:89:53:e0:5e:e0:bb:
         d9:97:66:92:c7:94:24:91:70:54:64:45:dd:cb:e9:d8:97:37:
         52:f7:4a:db:67:bd:99:03:42:30:ed:59:4a:37:cc:54:87:2f:
         36:35:87:14:d8:62:f2:50:5f:d3:71:46:39:93:27:c5:72:41:
         88:f8:c2:b6:cd:4f:bd:be:63:96:8e:2f:19:60:ec:30:4b:e1:
         d6:f0:51:04:44:56:d0:22:0b:f5:71:31:32:8c:22:2c:78:e4:
         62:89:80:af:70:bf:2a:c7:49:7c:b4:75:23:b5:ac:4c:82:fd:
         2d:6b:b1:b4
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgISAZQhQ5ZQ2HU96W0oeCFo03/FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDk0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDQzY2Y0MGY2OTFmMTRiMzVjYTY1NzAzMjkzNDgwMjAwNWNmYTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8t4uq+4KS8CWSvBIEmZSuZ1bQDwc
lWEDD8E+VNftvmUkOFlieseLFld9P4FATyrwE7HzKybqegIaa4uYhcH38YLGTGhn
xxMtRtELrrRpwm9u7RMxH9oyfpNzYpm2gkywfyJ4LC3+33eXiURPKgB1KDhEXvn3
4bxHOoK94ms5VrhkppuQsFAfml/35sb5rgUrBxmpC9q4dJ3CwtS+UBQKXWC4hJWa
e44IGLxSe0UgQ+1yjS9NM6seCanT/1PHjLxIifXU7b+rzZyEox9mTCwPyGBeHK9D
Q/KurdQPyeV+5OkJplGkBdFAUiXlgJXbNu31JGrwd3eOnZnYSDEX752IJwIDAQAB
o4IClTCCApEwHQYDVR0OBBYEFD1Dz0D2kfFLNcplcDKTSAIAXPqIMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzI4LzQzZjdh
Yy02Nzg4LTQ5MGItOWIzYi0wN2ZiNjE3MWYxOGYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjgvNDNmN2Fj
LTY3ODgtNDkwYi05YjNiLTA3ZmI2MTcxZjE4Zi8xL1BVUFBRUGFSOFVzMXltVndN
cE5JQWdCYy1vZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUF
BwEHAQH/BCEwHzAMBAIAATAGAwQAW8g9MA8EAgACMAkDBwAgAQZ8EnAwDQYJKoZI
hvcNAQELBQADggEBADCbFInURSvyWhX/9XFAPurR283DUvVlLvydXV0CA38OjQ7i
++AB/CeRBq2F5TgPSAF2bY7augy1q1Aasxv9+ZDMcrMTZ8XYtCnkJgxIZKiTMQdk
w4MGe9Q/ESdDPoHRdS2L40pNhZpuVwM3a6vwrjpOTEQfdEOSRHZVAWcsAhS7k6+G
BMcVdPruAIlT4F7gu9mXZpLHlCSRcFRkRd3L6diXN1L3SttnvZkDQjDtWUo3zFSH
LzY1hxTYYvJQX9NxRjmTJ8VyQYj4wrbNT72+Y5aOLxlg7DBL4dbwUQREVtAiC/Vx
MTKMIix45GKJgK9wvyrHSXy0dSO1rEyC/S1rsbQ=
-----END CERTIFICATE-----