Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Rg-35e67X4Zdv2EpZpCczKcbPrs.cer
File:                     Rg-35e67X4Zdv2EpZpCczKcbPrs.cer (raw, json)
Hash identifier:          GUFayJ9erAxqzDh4tU8nW60RYDU4UZqOZYY89T82FSw=
Subject key identifier:   46:0F:B7:E5:EE:BB:5F:86:5D:BF:61:29:66:90:9C:CC:A7:1B:3E:BB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019551D84200473805E0153ECE3342C39D37
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/35baf3e6-49a6-476a-bbd0-964a5827e808/0/460FB7E5EEBB5F865DBF612966909CCCA71B3EBB.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/35baf3e6-49a6-476a-bbd0-964a5827e808/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Sat 01 Mar 2025 13:14:42 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 213768
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Mar 2025 15:21:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:51:d8:42:00:47:38:05:e0:15:3e:ce:33:42:c3:9d:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar  1 13:14:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=460fb7e5eebb5f865dbf612966909ccca71b3ebb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:40:a2:e7:a3:c9:65:7c:58:5b:52:14:98:5d:
                    90:65:ee:2d:9c:ce:09:03:c0:33:77:54:01:d4:ed:
                    2b:2b:8f:4b:2f:e5:6f:0c:1d:6c:28:05:f7:dc:ed:
                    c4:17:6f:46:8e:36:53:dc:ab:8e:b2:83:15:c5:67:
                    dc:71:64:ec:b1:86:f3:d5:f4:a4:b1:72:45:0e:f2:
                    b9:7a:1a:57:48:a3:e5:03:61:32:1e:7e:ec:21:7b:
                    4d:cd:42:d4:a3:93:26:0f:04:f7:80:ae:65:4d:ef:
                    ad:5c:dd:6c:0b:e0:5f:22:f2:a2:06:67:e1:60:f9:
                    8b:a2:5e:e0:d4:0b:44:13:31:26:09:6b:59:29:76:
                    1d:fa:d6:52:02:e8:97:0b:06:c5:dd:fc:63:35:eb:
                    20:30:0f:6a:e0:8b:3c:db:6d:78:5f:a8:88:41:38:
                    61:e6:c8:69:b3:a9:2d:e8:50:6a:ba:77:fa:df:74:
                    11:33:40:0a:5a:f7:63:19:6a:ec:34:b7:53:1c:29:
                    01:fd:ac:0a:b8:43:25:b6:e4:aa:08:4e:9f:0a:35:
                    03:e8:e2:51:8d:12:9d:a7:61:32:17:bd:fd:14:da:
                    22:41:13:96:80:1d:55:37:76:cc:a0:2f:45:42:8d:
                    5a:4e:72:19:a6:11:31:17:60:a5:a9:0f:88:39:06:
                    d4:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:0F:B7:E5:EE:BB:5F:86:5D:BF:61:29:66:90:9C:CC:A7:1B:3E:BB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/35baf3e6-49a6-476a-bbd0-964a5827e808/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/35baf3e6-49a6-476a-bbd0-964a5827e808/0/460FB7E5EEBB5F865DBF612966909CCCA71B3EBB.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213768

    Signature Algorithm: sha256WithRSAEncryption
         49:a0:8d:73:73:ff:aa:6b:a9:35:10:bb:0f:6d:22:df:7d:15:
         47:94:b9:22:7a:c6:22:0c:84:ac:fc:64:99:19:df:2d:b8:4a:
         e0:5c:3e:38:3b:82:6e:17:83:f3:49:b4:80:49:9c:ab:b4:81:
         68:be:78:af:4f:dd:fb:25:68:e2:9f:47:82:a0:ff:06:7d:93:
         fc:19:be:64:48:a5:97:13:f8:d6:e5:ce:aa:fd:bd:03:4c:b3:
         4c:bd:e0:4d:99:07:3a:4c:3b:95:a8:bd:29:a8:03:44:1a:54:
         90:eb:56:49:e6:50:6a:9a:fa:ca:5e:9f:a3:09:23:08:1e:54:
         15:8a:1a:1a:56:8b:15:09:50:49:31:1b:8b:1b:ba:6e:66:5b:
         56:fd:8f:73:dc:70:24:5f:ae:ad:ab:55:33:96:00:88:f3:af:
         c3:a6:94:6f:4b:5d:7a:2c:92:5c:eb:b9:18:d5:af:6f:36:4c:
         58:e8:96:b5:0a:65:3d:91:0c:1d:e8:23:0f:87:61:d4:09:b5:
         f6:07:ad:f5:69:6e:df:ef:24:57:d4:02:59:fb:d8:10:20:8f:
         a0:1a:e3:f1:d9:89:58:0b:b5:8e:24:b6:20:5d:27:2c:95:2b:
         9f:f7:8d:b1:9f:27:09:e5:07:ed:09:bd:7a:f0:1c:37:16:af:
         c6:28:8f:3b
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZVR2EIARzgF4BU+zjNCw503MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMzAxMTMxNDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjBmYjdlNWVlYmI1Zjg2NWRiZjYxMjk2NjkwOWNjY2E3MWIzZWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlECi56PJZXxYW1IUmF2QZe4tnM4J
A8Azd1QB1O0rK49LL+VvDB1sKAX33O3EF29GjjZT3KuOsoMVxWfccWTssYbz1fSk
sXJFDvK5ehpXSKPlA2EyHn7sIXtNzULUo5MmDwT3gK5lTe+tXN1sC+BfIvKiBmfh
YPmLol7g1AtEEzEmCWtZKXYd+tZSAuiXCwbF3fxjNesgMA9q4Is82214X6iIQThh
5shps6kt6FBqunf633QRM0AKWvdjGWrsNLdTHCkB/awKuEMltuSqCE6fCjUD6OJR
jRKdp2EyF739FNoiQROWgB1VN3bMoC9FQo1aTnIZphExF2ClqQ+IOQbU0wIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFEYPt+Xuu1+GXb9hKWaQnMynGz67MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzM1YmFm
M2U2LTQ5YTYtNDc2YS1iYmQwLTk2NGE1ODI3ZTgwOC8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMzVi
YWYzZTYtNDlhNi00NzZhLWJiZDAtOTY0YTU4MjdlODA4LzAvNDYwRkI3RTVFRUJC
NUY4NjVEQkY2MTI5NjY5MDlDQ0NBNzFCM0VCQi5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDQwgw
DQYJKoZIhvcNAQELBQADggEBAEmgjXNz/6prqTUQuw9tIt99FUeUuSJ6xiIMhKz8
ZJkZ3y24SuBcPjg7gm4Xg/NJtIBJnKu0gWi+eK9P3fslaOKfR4Kg/wZ9k/wZvmRI
pZcT+Nblzqr9vQNMs0y94E2ZBzpMO5WovSmoA0QaVJDrVknmUGqa+spen6MJIwge
VBWKGhpWixUJUEkxG4sbum5mW1b9j3PccCRfrq2rVTOWAIjzr8OmlG9LXXosklzr
uRjVr282TFjolrUKZT2RDB3oIw+HYdQJtfYHrfVpbt/vJFfUAln72BAgj6Aa4/HZ
iVgLtY4ktiBdJyyVK5/3jbGfJwnlB+0JvXrwHDcWr8Yojzs=
-----END CERTIFICATE-----