Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Pq0ZCWsO4ID-Q4EFALcYqUf-0ik.cer
File:                     Pq0ZCWsO4ID-Q4EFALcYqUf-0ik.cer (raw, json)
Hash identifier:          TpqkgptxrZltgTryNhAyiQXeA7EzrnZpwzor6Jin814=
Subject key identifier:   3E:AD:19:09:6B:0E:E0:80:FE:43:81:05:00:B7:18:A9:47:FE:D2:29
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019427B3B92AE2218DF60067BB6E687780A2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/13/63bb79-93b0-499f-978d-10fe44726908/1/Pq0ZCWsO4ID-Q4EFALcYqUf-0ik.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/13/63bb79-93b0-499f-978d-10fe44726908/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 15:47:57 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 193.108.136.0/23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 21:03:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:b9:2a:e2:21:8d:f6:00:67:bb:6e:68:77:80:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 15:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ead19096b0ee080fe43810500b718a947fed229
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:8f:c5:49:1f:b1:c9:e8:2a:66:43:14:68:01:
                    f8:24:c2:d2:d6:51:a6:7d:7b:6f:1c:0b:3b:a7:00:
                    7b:1b:f1:5a:9d:96:f0:9b:90:d3:ac:90:85:08:9b:
                    0b:b4:a5:de:a5:24:e7:fd:21:cc:cf:02:52:81:79:
                    ce:fa:ec:ef:30:f2:2f:f4:93:8f:67:b7:c2:f2:e7:
                    77:0c:2d:6a:f4:14:cd:78:3e:a7:95:83:e1:9d:cb:
                    5f:87:eb:5b:d3:2d:a6:05:a6:7b:ed:b9:9b:82:13:
                    3d:f6:8f:46:5b:bd:b4:e6:b7:1f:06:63:6b:5b:7c:
                    8f:06:99:ed:bc:e6:c5:ba:46:0d:5e:98:d8:9b:ea:
                    b5:8f:f7:30:0b:d8:99:cd:99:cf:bc:f2:07:17:e6:
                    a7:5a:fc:c0:57:96:c9:0b:99:e7:fa:d7:c3:95:e0:
                    0c:f6:3e:b9:3f:c7:6b:7d:f8:1d:70:88:e2:be:27:
                    bb:d2:21:19:8d:e1:13:cf:2c:16:d1:52:b9:ad:b1:
                    89:ec:81:fb:7c:f4:39:37:76:ac:88:5a:96:34:e2:
                    81:74:08:0f:18:98:bc:95:53:5c:a0:91:ff:30:c1:
                    a9:5d:16:f7:79:d8:22:f0:23:2a:ff:79:fd:cc:a5:
                    2d:f8:8b:3c:60:2e:e4:f6:88:66:15:f7:07:8b:f7:
                    1a:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:AD:19:09:6B:0E:E0:80:FE:43:81:05:00:B7:18:A9:47:FE:D2:29
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/63bb79-93b0-499f-978d-10fe44726908/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/63bb79-93b0-499f-978d-10fe44726908/1/Pq0ZCWsO4ID-Q4EFALcYqUf-0ik.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7d:32:4f:9f:38:d3:7e:e3:bc:e5:75:fd:8e:ee:bf:de:18:51:
         15:18:95:6b:ee:59:54:f2:47:28:49:f5:fc:34:7c:69:75:6e:
         74:57:1e:53:b4:29:61:33:21:87:f5:fa:21:bc:1d:60:78:4f:
         12:f4:6c:3f:eb:4c:d8:a6:ea:37:b6:12:8d:31:3e:e8:5d:f2:
         94:9b:28:3d:0c:8b:04:08:b4:fe:97:23:1f:8a:2d:ea:02:65:
         70:4a:2a:a2:6c:42:0f:23:c3:69:40:68:87:44:e4:ca:4f:54:
         6f:62:fa:42:5e:a3:1e:c5:da:e1:ab:ff:44:ee:10:c0:02:5f:
         5a:f9:4a:6f:b5:00:53:d1:67:f2:e7:29:0d:53:6f:d0:3d:32:
         22:6c:58:b0:cb:71:cb:f6:31:9f:3b:90:67:42:ad:f4:87:6e:
         7c:22:60:fa:92:e1:6e:58:14:12:44:15:e2:d6:25:63:4d:76:
         49:5d:ac:a6:97:11:f2:34:38:b2:39:8c:0e:ba:08:bd:99:ae:
         0a:18:d1:07:38:01:6e:85:51:50:8b:be:e9:8a:8d:b8:3e:6f:
         b2:fe:c0:89:ca:d5:17:f4:3d:c5:a7:77:31:b9:a2:43:b0:fa:
         39:3b:f4:36:77:df:3b:df:25:56:cd:08:11:b2:60:3b:ce:e3:
         fe:5e:85:5f
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQns7kq4iGN9gBnu25od4CiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTU0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWFkMTkwOTZiMGVlMDgwZmU0MzgxMDUwMGI3MThhOTQ3ZmVkMjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Y/FSR+xyegqZkMUaAH4JMLS1lGm
fXtvHAs7pwB7G/FanZbwm5DTrJCFCJsLtKXepSTn/SHMzwJSgXnO+uzvMPIv9JOP
Z7fC8ud3DC1q9BTNeD6nlYPhnctfh+tb0y2mBaZ77bmbghM99o9GW7205rcfBmNr
W3yPBpntvObFukYNXpjYm+q1j/cwC9iZzZnPvPIHF+anWvzAV5bJC5nn+tfDleAM
9j65P8drffgdcIjivie70iEZjeETzywW0VK5rbGJ7IH7fPQ5N3asiFqWNOKBdAgP
GJi8lVNcoJH/MMGpXRb3edgi8CMq/3n9zKUt+Is8YC7k9ohmFfcHi/caDwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFD6tGQlrDuCA/kOBBQC3GKlH/tIpMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEzLzYzYmI3
OS05M2IwLTQ5OWYtOTc4ZC0xMGZlNDQ3MjY5MDgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTMvNjNiYjc5
LTkzYjAtNDk5Zi05NzhkLTEwZmU0NDcyNjkwOC8xL1BxMFpDV3NPNElELVE0RUZB
TGNZcVVmLTBpay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBwWyIMA0GCSqGSIb3DQEBCwUAA4IBAQB9Mk+f
ONN+47zldf2O7r/eGFEVGJVr7llU8kcoSfX8NHxpdW50Vx5TtClhMyGH9fohvB1g
eE8S9Gw/60zYpuo3thKNMT7oXfKUmyg9DIsECLT+lyMfii3qAmVwSiqibEIPI8Np
QGiHROTKT1RvYvpCXqMexdrhq/9E7hDAAl9a+UpvtQBT0Wfy5ykNU2/QPTIibFiw
y3HL9jGfO5BnQq30h258ImD6kuFuWBQSRBXi1iVjTXZJXaymlxHyNDiyOYwOugi9
ma4KGNEHOAFuhVFQi77pio24Pm+y/sCJytUX9D3Fp3cxuaJDsPo5O/Q2d9873yVW
zQgRsmA7zuP+XoVf
-----END CERTIFICATE-----