Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Q5E3vv6LxVkDaQx8Rq8ZfMkacDw.cer
File:                     Q5E3vv6LxVkDaQx8Rq8ZfMkacDw.cer (raw, json)
Hash identifier:          442jdLzj7yVkY0aZQygR49du4wkX9uW+rjC3gXldfco=
Subject key identifier:   43:91:37:BE:FE:8B:C5:59:03:69:0C:7C:46:AF:19:7C:C9:1A:70:3C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019497DB078C84DF51B56F81E978ECE25943
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f3/5ac22d-9e8f-449d-8304-0f52d828fd4f/1/Q5E3vv6LxVkDaQx8Rq8ZfMkacDw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f3/5ac22d-9e8f-449d-8304-0f52d828fd4f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 24 Jan 2025 10:28:21 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.99.40.0/22
                          IP: 2a0d:a280::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:97:db:07:8c:84:df:51:b5:6f:81:e9:78:ec:e2:59:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 24 10:28:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=439137befe8bc55903690c7c46af197cc91a703c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:0b:6c:c3:40:e2:78:03:63:b3:d2:8e:91:0f:
                    38:0d:5f:70:fd:c9:3d:5c:e1:47:67:b7:48:37:68:
                    cc:7f:7c:a6:50:08:a6:ff:42:cf:ae:cf:49:31:26:
                    cc:a6:14:d0:26:67:cd:b8:98:60:2b:fd:06:65:ea:
                    45:c8:76:01:d9:dc:c0:f3:66:bf:ef:66:d0:67:f2:
                    8b:9f:99:5e:64:d0:f8:be:17:72:70:61:3a:46:7d:
                    2a:ed:4b:72:e8:03:5e:9e:fa:2d:36:39:c4:79:89:
                    1a:eb:60:44:a0:c4:32:67:23:d4:b2:19:0e:29:ac:
                    85:97:11:fb:08:9f:78:44:18:95:e2:b0:ad:9b:08:
                    60:cd:89:67:86:ee:59:c6:8f:1f:22:99:fa:a3:c1:
                    29:45:85:2d:33:21:17:1c:f2:93:05:53:08:32:f7:
                    62:39:d4:5f:a9:58:9c:cd:f6:f1:a4:08:20:9a:1d:
                    04:58:6f:4c:2b:6c:f8:bc:6f:15:41:a4:82:c7:58:
                    1e:68:d4:79:d7:7b:cb:ba:e0:13:88:8b:34:f0:5b:
                    06:a3:07:7a:e1:a4:87:d5:af:0b:33:aa:3d:3f:85:
                    ed:34:5a:d9:3d:05:79:de:45:d0:11:b2:3b:9f:97:
                    e8:71:ee:10:8c:2c:87:fc:36:65:09:83:40:0c:62:
                    b2:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:91:37:BE:FE:8B:C5:59:03:69:0C:7C:46:AF:19:7C:C9:1A:70:3C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/5ac22d-9e8f-449d-8304-0f52d828fd4f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/5ac22d-9e8f-449d-8304-0f52d828fd4f/1/Q5E3vv6LxVkDaQx8Rq8ZfMkacDw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.99.40.0/22
                IPv6:
                  2a0d:a280::/29

    Signature Algorithm: sha256WithRSAEncryption
         0c:06:25:d3:f6:71:3a:c9:23:c8:f4:fb:7e:12:8c:9a:91:0c:
         ef:40:eb:b2:c9:7a:d1:d6:8e:0c:b9:54:bc:89:ad:d0:9c:cd:
         e2:94:de:81:c1:60:05:d4:9a:12:87:bd:5c:44:db:5e:44:1f:
         bb:21:b5:a2:27:db:95:f4:ff:3b:94:b0:cb:a3:36:d8:33:cd:
         22:84:6a:bc:02:8f:2e:a8:d5:9c:64:d3:7d:41:66:d6:a1:4a:
         1d:b4:fd:b3:a1:a5:07:6c:e8:60:8a:39:8d:99:c0:a6:f8:bd:
         9c:75:a8:a5:58:bc:2c:cc:3c:9b:a3:6f:38:6d:01:1c:8f:5f:
         bc:65:e5:b1:ce:68:0d:c3:dd:c9:5c:83:bd:9b:a5:46:b7:5c:
         cd:5d:b6:a8:1f:01:8e:8f:0f:ea:10:6c:d7:87:40:d3:70:44:
         aa:c0:78:b2:04:c3:9e:ff:80:d0:88:2c:33:5d:42:eb:fd:20:
         e6:34:0d:9b:5f:a7:07:8a:b9:fc:e8:29:a0:62:5a:c6:ec:ba:
         3d:f4:87:e7:78:7e:36:c1:c9:3b:c2:a1:38:9d:ec:7a:db:6c:
         fa:61:3d:40:d3:c4:34:d1:d2:dc:f4:50:d2:38:80:ae:bc:83:
         10:21:f1:d7:f5:49:0c:08:67:6e:7f:39:62:4d:4d:10:f9:40:
         85:74:91:07
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZSX2weMhN9RtW+B6Xjs4llDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTI0MTAyODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzkxMzdiZWZlOGJjNTU5MDM2OTBjN2M0NmFmMTk3Y2M5MWE3MDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwtsw0DieANjs9KOkQ84DV9w/ck9
XOFHZ7dIN2jMf3ymUAim/0LPrs9JMSbMphTQJmfNuJhgK/0GZepFyHYB2dzA82a/
72bQZ/KLn5leZND4vhdycGE6Rn0q7Uty6ANenvotNjnEeYka62BEoMQyZyPUshkO
KayFlxH7CJ94RBiV4rCtmwhgzYlnhu5Zxo8fIpn6o8EpRYUtMyEXHPKTBVMIMvdi
OdRfqViczfbxpAggmh0EWG9MK2z4vG8VQaSCx1geaNR513vLuuATiIs08FsGowd6
4aSH1a8LM6o9P4XtNFrZPQV53kXQEbI7n5foce4QjCyH/DZlCYNADGKylQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFEORN77+i8VZA2kMfEavGXzJGnA8MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YzLzVhYzIy
ZC05ZThmLTQ0OWQtODMwNC0wZjUyZDgyOGZkNGYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjMvNWFjMjJk
LTllOGYtNDQ5ZC04MzA0LTBmNTJkODI4ZmQ0Zi8xL1E1RTN2djZMeFZrRGFReDhS
cThaZk1rYWNEdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuWMoMA0EAgACMAcDBQMqDaKAMA0GCSqGSIb3
DQEBCwUAA4IBAQAMBiXT9nE6ySPI9Pt+EoyakQzvQOuyyXrR1o4MuVS8ia3QnM3i
lN6BwWAF1JoSh71cRNteRB+7IbWiJ9uV9P87lLDLozbYM80ihGq8Ao8uqNWcZNN9
QWbWoUodtP2zoaUHbOhgijmNmcCm+L2cdailWLwszDybo284bQEcj1+8ZeWxzmgN
w93JXIO9m6VGt1zNXbaoHwGOjw/qEGzXh0DTcESqwHiyBMOe/4DQiCwzXULr/SDm
NA2bX6cHirn86CmgYlrG7Lo99IfneH42wck7wqE4nex622z6YT1A08Q00dLc9FDS
OICuvIMQIfHX9UkMCGdufzliTU0Q+UCFdJEH
-----END CERTIFICATE-----