Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/R7lNsbPetIBa0mFVS65rpfp0CMs.cer
File:                     R7lNsbPetIBa0mFVS65rpfp0CMs.cer (raw, json)
Hash identifier:          yse/ahlsnc2LdFWPGi7Se87d/UD0N+CSRgjdk2gUZDs=
Subject key identifier:   47:B9:4D:B1:B3:DE:B4:80:5A:D2:61:55:4B:AE:6B:A5:FA:74:08:CB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019421B1FF0E34198F729AED031735A5D7DF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f4/871f8e-e7c0-4264-baea-2c294ec81297/1/R7lNsbPetIBa0mFVS65rpfp0CMs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f4/871f8e-e7c0-4264-baea-2c294ec81297/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 11:48:20 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.194.132.0/22
                          IP: 2a00:7780::/32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:ff:0e:34:19:8f:72:9a:ed:03:17:35:a5:d7:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 11:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47b94db1b3deb4805ad261554bae6ba5fa7408cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:de:60:a3:3b:39:d4:99:e8:f7:a8:08:84:73:
                    a8:9e:49:21:82:94:8b:c5:71:56:40:3a:3e:01:5c:
                    d6:02:47:50:f5:65:79:08:c5:97:9c:3c:08:00:0a:
                    a0:45:d0:44:a2:52:29:9a:9d:58:39:10:bf:bd:bd:
                    9d:97:e6:ff:0b:01:3d:59:c5:60:9f:ab:eb:c0:fb:
                    20:d1:3a:eb:99:94:74:fb:30:86:3b:f7:1e:ac:94:
                    e3:25:77:47:84:36:d4:de:8a:09:c0:82:6d:8e:55:
                    46:8d:65:a2:88:df:40:fc:fc:7f:e5:90:4e:4a:97:
                    e2:f7:fb:74:46:c3:99:ed:91:26:e3:eb:44:e4:03:
                    b9:21:7b:5a:76:f4:68:93:47:e9:30:3d:3c:89:9e:
                    3e:de:26:2e:50:8f:aa:72:f0:73:37:d9:e4:0c:67:
                    01:dd:28:83:99:e0:16:86:e4:2c:da:99:56:ee:85:
                    c8:aa:96:39:86:e6:f7:c9:59:aa:ab:0a:47:3a:ca:
                    f4:93:2d:fa:86:50:6c:8c:d4:fa:c4:3a:5b:e3:b8:
                    89:67:0d:dd:57:1a:be:0b:c8:03:c5:9f:bd:a7:f7:
                    75:30:31:d6:a5:3b:8c:d6:f2:57:15:9e:52:a7:ce:
                    f5:25:5e:48:63:9f:1e:2c:c1:7e:0a:a5:b2:f7:99:
                    3b:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:B9:4D:B1:B3:DE:B4:80:5A:D2:61:55:4B:AE:6B:A5:FA:74:08:CB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/871f8e-e7c0-4264-baea-2c294ec81297/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/871f8e-e7c0-4264-baea-2c294ec81297/1/R7lNsbPetIBa0mFVS65rpfp0CMs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.132.0/22
                IPv6:
                  2a00:7780::/32

    Signature Algorithm: sha256WithRSAEncryption
         1c:48:28:cf:69:8c:22:1e:4b:98:8b:74:71:98:15:2d:a3:5b:
         d6:19:c5:30:6e:8d:74:b1:41:5b:10:20:ab:20:0c:c4:8a:58:
         e7:5d:94:f6:74:85:8f:40:23:34:6d:e7:5f:00:c9:e3:9d:86:
         01:91:5c:bb:92:a2:17:c4:ef:b7:dd:4e:ab:ee:f0:6e:86:05:
         99:e2:c0:af:b4:a3:20:c8:82:43:f9:cc:85:8f:c8:ef:3b:fe:
         dd:ab:6e:54:fe:26:d2:1a:1d:84:71:fd:fa:99:9d:ea:43:e3:
         4c:f8:f4:99:0b:95:55:33:9f:f1:aa:01:c3:7e:ca:72:6d:b4:
         53:54:81:6f:01:3a:06:95:63:4c:0e:f7:e6:42:dc:6f:d8:12:
         e7:d4:0f:eb:7c:ec:d2:4a:f0:46:f5:83:c3:66:28:c0:1b:47:
         68:d6:22:9a:71:cb:69:3c:9e:e1:a5:81:de:82:ef:ee:02:af:
         d3:c3:a2:d2:69:d1:26:e6:31:3b:de:21:e5:9b:31:b4:85:c9:
         ff:43:e5:4c:03:e7:4b:08:41:5e:72:cd:76:73:9d:68:96:1a:
         2b:d0:d9:2c:5d:36:30:9e:91:a7:9f:13:8b:5f:33:ec:db:95:
         42:13:fd:52:b6:ad:a8:b5:75:9d:d5:4a:d5:47:97:27:ab:26:
         ad:c0:62:f8
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQhsf8ONBmPcprtAxc1pdffMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTE0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2I5NGRiMWIzZGViNDgwNWFkMjYxNTU0YmFlNmJhNWZhNzQwOGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArt5gozs51Jno96gIhHOonkkhgpSL
xXFWQDo+AVzWAkdQ9WV5CMWXnDwIAAqgRdBEolIpmp1YORC/vb2dl+b/CwE9WcVg
n6vrwPsg0TrrmZR0+zCGO/cerJTjJXdHhDbU3ooJwIJtjlVGjWWiiN9A/Px/5ZBO
Spfi9/t0RsOZ7ZEm4+tE5AO5IXtadvRok0fpMD08iZ4+3iYuUI+qcvBzN9nkDGcB
3SiDmeAWhuQs2plW7oXIqpY5hub3yVmqqwpHOsr0ky36hlBsjNT6xDpb47iJZw3d
Vxq+C8gDxZ+9p/d1MDHWpTuM1vJXFZ5Sp871JV5IY58eLMF+CqWy95k7kQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFEe5TbGz3rSAWtJhVUuua6X6dAjLMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y0Lzg3MWY4
ZS1lN2MwLTQyNjQtYmFlYS0yYzI5NGVjODEyOTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjQvODcxZjhl
LWU3YzAtNDI2NC1iYWVhLTJjMjk0ZWM4MTI5Ny8xL1I3bE5zYlBldElCYTBtRlZT
NjVycGZwMENNcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCucKEMA0EAgACMAcDBQAqAHeAMA0GCSqGSIb3
DQEBCwUAA4IBAQAcSCjPaYwiHkuYi3RxmBUto1vWGcUwbo10sUFbECCrIAzEiljn
XZT2dIWPQCM0bedfAMnjnYYBkVy7kqIXxO+33U6r7vBuhgWZ4sCvtKMgyIJD+cyF
j8jvO/7dq25U/ibSGh2Ecf36mZ3qQ+NM+PSZC5VVM5/xqgHDfspybbRTVIFvAToG
lWNMDvfmQtxv2BLn1A/rfOzSSvBG9YPDZijAG0do1iKacctpPJ7hpYHegu/uAq/T
w6LSadEm5jE73iHlmzG0hcn/Q+VMA+dLCEFecs12c51olhor0NksXTYwnpGnnxOL
XzPs25VCE/1Stq2otXWd1UrVR5cnqyatwGL4
-----END CERTIFICATE-----