Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/RHzUHZ5sz4AwbBtGvcC1d7HuLK4.cer
File:                     RHzUHZ5sz4AwbBtGvcC1d7HuLK4.cer (raw, json)
Hash identifier:          NEafm6GuvB796+kw9czPmkUgwEv0/TVAciWsIojqmII=
Subject key identifier:   44:7C:D4:1D:9E:6C:CF:80:30:6C:1B:46:BD:C0:B5:77:B1:EE:2C:AE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194266B41093CCAA84881AEDB28A8962CC1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4e/1203d7-41ab-404c-929b-b97838c8d658/1/RHzUHZ5sz4AwbBtGvcC1d7HuLK4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4e/1203d7-41ab-404c-929b-b97838c8d658/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 09:49:10 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 45022
                          IP: 195.5.184.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:41:09:3c:ca:a8:48:81:ae:db:28:a8:96:2c:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 09:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=447cd41d9e6ccf80306c1b46bdc0b577b1ee2cae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:01:d7:c2:13:db:45:30:d4:05:69:fa:fa:6a:
                    cc:c9:96:1c:e4:f6:23:10:87:08:52:79:55:c6:93:
                    d9:1f:79:42:9d:8b:19:1d:18:5c:c4:48:23:7e:ca:
                    5a:24:3e:a8:da:8f:28:0d:47:88:b9:3a:a5:fc:87:
                    4c:d7:b4:1a:73:22:d8:6f:6c:04:e3:30:3a:e7:bb:
                    59:41:70:1d:c0:b5:c6:89:fb:92:60:46:d4:41:23:
                    e0:71:29:83:f4:df:f4:1e:f6:a9:4f:49:68:d7:e6:
                    af:30:e7:9f:73:1b:00:5a:35:50:7c:44:e3:2c:7c:
                    f5:f0:22:ef:53:94:8d:04:e5:59:12:29:1a:15:34:
                    73:8d:a6:51:bf:de:c1:2f:bf:49:94:a9:e6:83:fd:
                    a5:89:6b:43:8e:39:37:95:ad:f9:4b:0b:23:99:96:
                    7b:05:4e:84:81:9f:35:e1:01:19:a8:a7:fb:09:97:
                    c9:00:e3:72:48:13:34:c7:84:90:ce:05:6f:8f:23:
                    6b:43:af:3a:c3:97:4d:9f:53:5e:a0:83:f5:6d:f9:
                    9a:29:01:4c:72:f8:c7:ef:9c:80:c9:1b:c5:6b:25:
                    93:9d:d4:73:ab:94:62:62:af:cd:26:bf:75:ac:24:
                    11:1d:77:bc:e7:4d:36:d5:90:3d:13:4c:9f:27:66:
                    82:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:7C:D4:1D:9E:6C:CF:80:30:6C:1B:46:BD:C0:B5:77:B1:EE:2C:AE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/1203d7-41ab-404c-929b-b97838c8d658/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/1203d7-41ab-404c-929b-b97838c8d658/1/RHzUHZ5sz4AwbBtGvcC1d7HuLK4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.5.184.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  45022

    Signature Algorithm: sha256WithRSAEncryption
         51:bb:e0:96:ea:b0:c6:47:fe:9b:12:5a:46:cf:0a:5b:a5:0c:
         84:36:7a:0c:e0:bc:c5:c6:28:29:b5:63:1b:75:5b:e7:cc:52:
         50:7e:51:9f:ab:0d:ef:cf:ce:62:6a:8c:20:7d:25:ee:b5:a7:
         f9:a1:f3:e3:ed:80:00:3e:18:c2:d1:10:98:a6:6c:22:3e:0c:
         93:6c:b8:7a:04:d9:05:a2:11:a3:0a:42:dc:ed:be:bd:fb:47:
         b9:30:e3:c4:77:bc:b0:f9:00:2c:ce:49:a6:83:b2:3b:5a:75:
         06:ee:34:76:12:b5:39:50:4b:f2:db:f4:3d:da:a7:a9:a2:f8:
         a7:30:1e:ed:46:92:f1:e6:53:28:4b:49:63:21:08:15:0e:30:
         c4:2e:a9:95:1f:bc:c3:d4:e6:f7:a4:72:2e:e8:91:57:e0:45:
         b4:dc:f1:a9:1c:d9:00:3d:1e:a0:b6:19:f2:2f:4c:0e:70:90:
         07:4e:a5:55:e5:d7:f0:0a:24:0e:78:d0:79:bd:ae:bf:c9:1a:
         ba:a9:17:e8:61:68:17:6d:35:3d:8b:d0:f4:f9:2f:67:a7:af:
         1f:80:eb:5c:e3:0c:83:08:cb:3d:97:f2:7e:39:f7:00:f5:0f:
         7c:b1:23:02:3d:1f:ee:8a:e0:c1:8d:51:ed:7c:81:f2:41:11:
         49:84:8b:df
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQma0EJPMqoSIGu2yiolizBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDk0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDdjZDQxZDllNmNjZjgwMzA2YzFiNDZiZGMwYjU3N2IxZWUyY2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigHXwhPbRTDUBWn6+mrMyZYc5PYj
EIcIUnlVxpPZH3lCnYsZHRhcxEgjfspaJD6o2o8oDUeIuTql/IdM17QacyLYb2wE
4zA657tZQXAdwLXGifuSYEbUQSPgcSmD9N/0HvapT0lo1+avMOefcxsAWjVQfETj
LHz18CLvU5SNBOVZEikaFTRzjaZRv97BL79JlKnmg/2liWtDjjk3la35SwsjmZZ7
BU6EgZ814QEZqKf7CZfJAONySBM0x4SQzgVvjyNrQ686w5dNn1NeoIP1bfmaKQFM
cvjH75yAyRvFayWTndRzq5RiYq/NJr91rCQRHXe850021ZA9E0yfJ2aCFwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFER81B2ebM+AMGwbRr3AtXex7iyuMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRlLzEyMDNk
Ny00MWFiLTQwNGMtOTI5Yi1iOTc4MzhjOGQ2NTgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvMTIwM2Q3
LTQxYWItNDA0Yy05MjliLWI5NzgzOGM4ZDY1OC8xL1JIelVIWjVzejRBd2JCdEd2
Y0MxZDdIdUxLNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwwW4MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCv3jANBgkqhkiG9w0BAQsFAAOCAQEAUbvgluqwxkf+mxJaRs8KW6UMhDZ6DOC8
xcYoKbVjG3Vb58xSUH5Rn6sN78/OYmqMIH0l7rWn+aHz4+2AAD4YwtEQmKZsIj4M
k2y4egTZBaIRowpC3O2+vftHuTDjxHe8sPkALM5JpoOyO1p1Bu40dhK1OVBL8tv0
PdqnqaL4pzAe7UaS8eZTKEtJYyEIFQ4wxC6plR+8w9Tm96RyLuiRV+BFtNzxqRzZ
AD0eoLYZ8i9MDnCQB06lVeXX8AokDnjQeb2uv8kauqkX6GFoF201PYvQ9PkvZ6ev
H4DrXOMMgwjLPZfyfjn3APUPfLEjAj0f7orgwY1R7XyB8kERSYSL3w==
-----END CERTIFICATE-----