Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/PeJoHdoAcCp1l6cSV-FPenJeiQ4.cer
File:                     PeJoHdoAcCp1l6cSV-FPenJeiQ4.cer (raw, json)
Hash identifier:          DLKJbiecGFFPdR+Pi7GHCijLhXV4rb2jvyt9qiaT6TU=
Subject key identifier:   3D:E2:68:1D:DA:00:70:2A:75:97:A7:12:57:E1:4F:7A:72:5E:89:0E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019427478FCD60D723F2D65776A33BFC0F44
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/1a/36d6e4-8d77-48d5-afb6-e0ac7263db12/1/PeJoHdoAcCp1l6cSV-FPenJeiQ4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/1a/36d6e4-8d77-48d5-afb6-e0ac7263db12/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 13:49:48 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 50799
                          IP: 145.43.0.0/16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:8f:cd:60:d7:23:f2:d6:57:76:a3:3b:fc:0f:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 13:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3de2681dda00702a7597a71257e14f7a725e890e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d1:cb:50:2b:88:79:80:20:6e:ca:8b:ea:e7:
                    57:7f:74:7e:f3:3b:d6:d1:ad:68:33:de:ed:7d:4b:
                    41:c0:c3:f4:f0:3a:87:08:5e:5e:7a:d5:06:dc:31:
                    f9:e5:ad:a1:24:9d:66:62:a2:e2:85:8b:7a:12:ec:
                    af:50:37:78:1c:e0:61:a4:87:a9:ec:72:27:c2:02:
                    bc:87:db:5f:3e:70:b6:53:b1:29:86:27:30:e0:66:
                    89:dd:10:2c:7a:76:40:67:12:3e:5e:5c:b5:41:36:
                    a3:20:74:9c:5b:ca:62:d5:63:be:c3:fc:3c:26:12:
                    a0:14:c3:ef:fb:86:ba:e1:88:54:7b:67:f0:d6:31:
                    70:1b:18:28:b8:16:39:a1:86:47:88:f8:16:8a:15:
                    74:ad:1d:8d:c6:35:aa:0f:f5:83:00:75:fa:35:29:
                    f6:a4:39:fd:16:7c:d2:b5:9a:37:03:d5:38:37:90:
                    a8:9f:5b:8f:7f:d1:c0:58:29:9f:f8:0f:18:11:c0:
                    72:c6:d1:8a:07:95:8c:ca:a3:fb:ab:46:83:3a:ab:
                    44:9e:82:0c:18:2d:38:26:c0:0e:93:ae:28:18:27:
                    c5:9e:f2:36:53:5e:f9:2d:d5:64:ea:ab:2c:ca:16:
                    bc:7d:7d:ff:e0:20:a2:96:48:00:94:30:50:b3:40:
                    3c:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:E2:68:1D:DA:00:70:2A:75:97:A7:12:57:E1:4F:7A:72:5E:89:0E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/36d6e4-8d77-48d5-afb6-e0ac7263db12/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/36d6e4-8d77-48d5-afb6-e0ac7263db12/1/PeJoHdoAcCp1l6cSV-FPenJeiQ4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.43.0.0/16

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  50799

    Signature Algorithm: sha256WithRSAEncryption
         2d:8c:88:79:6e:b9:05:a7:91:6c:40:c9:f2:82:21:60:c2:4e:
         65:fc:32:bd:a3:1f:f2:cf:2e:75:24:2c:ff:08:11:cc:6e:75:
         9c:df:35:6c:a9:62:3d:2d:7c:48:2d:40:4b:2b:5d:06:48:7f:
         14:44:bd:e1:05:2e:c8:aa:50:c2:d1:f6:e9:08:32:02:a6:ae:
         e3:e0:83:4d:2f:bc:b4:b6:2a:0c:28:57:b0:0f:43:b6:3b:72:
         56:8a:5b:8b:fb:24:5c:a3:b7:32:a4:ca:d5:80:89:75:dd:21:
         cf:74:5b:26:97:fb:65:8b:9a:43:5c:98:c2:e1:f1:24:26:0e:
         68:40:b8:3a:d5:af:ab:ee:55:f9:4e:d3:eb:1d:eb:4e:73:d5:
         5f:ef:eb:56:18:95:9b:9a:da:80:6c:93:45:4f:09:6a:f5:e2:
         ac:7a:d5:c7:67:d6:27:0e:fd:83:a6:24:ed:71:23:25:f9:33:
         14:24:ed:30:fd:8c:c7:37:0b:a2:57:b0:84:0e:b9:9b:18:29:
         4c:17:31:72:6e:a3:d0:42:ed:81:90:5c:e8:29:cd:21:f2:f2:
         e2:9b:4b:97:d3:3f:9c:93:22:e8:c8:ab:45:c2:9c:08:eb:07:
         bb:67:c6:7f:7d:dc:4b:8a:f7:67:da:6a:05:d2:31:90:e5:78:
         58:8c:e9:85
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAZQnR4/NYNcj8tZXdqM7/A9EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTM0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGUyNjgxZGRhMDA3MDJhNzU5N2E3MTI1N2UxNGY3YTcyNWU4OTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNHLUCuIeYAgbsqL6udXf3R+8zvW
0a1oM97tfUtBwMP08DqHCF5eetUG3DH55a2hJJ1mYqLihYt6EuyvUDd4HOBhpIep
7HInwgK8h9tfPnC2U7Ephicw4GaJ3RAsenZAZxI+Xly1QTajIHScW8pi1WO+w/w8
JhKgFMPv+4a64YhUe2fw1jFwGxgouBY5oYZHiPgWihV0rR2NxjWqD/WDAHX6NSn2
pDn9FnzStZo3A9U4N5Con1uPf9HAWCmf+A8YEcByxtGKB5WMyqP7q0aDOqtEnoIM
GC04JsAOk64oGCfFnvI2U175LdVk6qssyha8fX3/4CCilkgAlDBQs0A8IwIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFD3iaB3aAHAqdZenElfhT3pyXokOMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFhLzM2ZDZl
NC04ZDc3LTQ4ZDUtYWZiNi1lMGFjNzI2M2RiMTIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWEvMzZkNmU0
LThkNzctNDhkNS1hZmI2LWUwYWM3MjYzZGIxMi8xL1BlSm9IZG9BY0NwMWw2Y1NW
LUZQZW5KZWlRNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUF
BwEHAQH/BA8wDTALBAIAATAFAwMAkSswGgYIKwYBBQUHAQgBAf8ECzAJoAcwBQID
AMZvMA0GCSqGSIb3DQEBCwUAA4IBAQAtjIh5brkFp5FsQMnygiFgwk5l/DK9ox/y
zy51JCz/CBHMbnWc3zVsqWI9LXxILUBLK10GSH8URL3hBS7IqlDC0fbpCDICpq7j
4INNL7y0tioMKFewD0O2O3JWiluL+yRco7cypMrVgIl13SHPdFsml/tli5pDXJjC
4fEkJg5oQLg61a+r7lX5TtPrHetOc9Vf7+tWGJWbmtqAbJNFTwlq9eKsetXHZ9Yn
Dv2DpiTtcSMl+TMUJO0w/YzHNwuiV7CEDrmbGClMFzFybqPQQu2BkFzoKc0h8vLi
m0uX0z+ckyLoyKtFwpwI6we7Z8Z/fdxLivdn2moF0jGQ5XhYjOmF
-----END CERTIFICATE-----