Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Rmz6T4hH8VYbVZcWcBZcDmi2J5k.cer
File:                     Rmz6T4hH8VYbVZcWcBZcDmi2J5k.cer (raw, json)
Hash identifier:          dH/Jy/Ql6oW5n+YtgLjC/3YcRQwM+2VdnQsWrG8y4DY=
Subject key identifier:   46:6C:FA:4F:88:47:F1:56:1B:55:97:16:70:16:5C:0E:68:B6:27:99
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019427B5CDD9BC840308399F7690B1F25736
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7d/504ffa-2905-4785-9291-5b11bb179a8b/1/Rmz6T4hH8VYbVZcWcBZcDmi2J5k.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7d/504ffa-2905-4785-9291-5b11bb179a8b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 15:50:13 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 2001:67c:14b4::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:cd:d9:bc:84:03:08:39:9f:76:90:b1:f2:57:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 15:50:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=466cfa4f8847f1561b55971670165c0e68b62799
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:80:cc:58:26:db:6f:f8:17:b9:1c:eb:ca:48:
                    dd:19:d4:6b:71:81:49:78:a6:2d:a1:8c:39:35:7e:
                    96:09:eb:a7:15:6f:1f:95:af:64:2e:f8:58:27:50:
                    b8:22:93:1c:9f:b9:a6:b5:e6:18:cf:5d:32:5b:72:
                    91:37:35:a9:55:e5:26:bd:e7:8b:d7:9e:4f:59:cb:
                    62:43:3e:0c:a2:84:f8:e6:9f:e5:3d:be:79:93:cd:
                    3a:a3:a8:e5:5e:f3:2d:bb:ee:45:0b:a2:6b:62:ad:
                    77:4e:b2:57:02:1b:2a:e0:7a:71:40:97:00:2c:74:
                    04:30:02:2c:18:9b:5b:8b:f4:59:07:82:96:17:ee:
                    62:fb:28:b7:4a:12:a6:38:50:26:98:ab:66:aa:a5:
                    ea:7a:65:fe:10:1e:f8:26:76:ba:62:b0:ef:14:5c:
                    59:2c:c4:06:80:4d:2f:b7:54:2c:f3:46:b4:b6:f5:
                    19:a3:2f:26:05:c7:ff:69:32:97:3a:32:b3:a4:90:
                    2b:1e:71:f7:6a:c2:2d:60:06:52:cc:3c:dc:42:34:
                    4e:38:59:27:ab:ea:6e:88:fa:9e:82:c5:ac:f1:a2:
                    ec:70:d9:78:5d:ec:50:11:70:0e:e5:1c:20:72:c4:
                    05:95:a0:09:e9:1f:80:2a:c2:91:d2:e2:6c:8d:c2:
                    87:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:6C:FA:4F:88:47:F1:56:1B:55:97:16:70:16:5C:0E:68:B6:27:99
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/504ffa-2905-4785-9291-5b11bb179a8b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/504ffa-2905-4785-9291-5b11bb179a8b/1/Rmz6T4hH8VYbVZcWcBZcDmi2J5k.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:14b4::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:24:5d:e6:b8:79:84:6c:0c:78:09:21:c2:32:31:4c:38:cb:
         62:ff:01:8d:8a:6c:02:de:8f:f1:f6:95:3f:94:36:15:76:a2:
         ae:94:e1:58:a8:8b:89:b6:93:2f:64:ee:87:15:30:30:2b:ca:
         4f:c5:9f:94:e4:09:aa:6d:ac:cf:40:51:db:f1:9b:86:80:02:
         40:7f:90:14:15:ae:0b:ea:9d:81:bf:8d:93:10:c5:91:0e:11:
         20:38:2a:3a:46:9a:6a:d0:f3:03:94:eb:8b:40:13:c1:7b:d2:
         fd:e4:f9:11:6b:50:73:9b:87:e7:c6:61:a3:aa:8c:f7:c8:cd:
         36:3c:2e:ca:98:94:91:f4:67:a2:68:4b:40:31:32:2c:c5:0a:
         8b:58:86:f4:3c:ba:9c:d7:1e:32:f1:f7:7d:38:b7:60:0c:2e:
         b1:50:f7:89:56:06:c2:e9:d3:85:d0:77:1d:4d:29:28:da:7d:
         25:b7:42:2a:93:66:9c:e0:1a:2e:8c:25:15:a8:04:2d:61:5c:
         7c:be:7d:35:04:42:85:15:a7:6f:3b:b0:f3:21:22:0f:33:e1:
         79:80:22:df:84:ca:79:1e:eb:79:ff:2e:fa:77:06:a7:ef:f6:
         83:ba:5c:92:b9:19:71:05:0b:14:25:a3:a0:ea:0a:50:6c:09:
         fa:95:50:87
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgISAZQntc3ZvIQDCDmfdpCx8lc2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTU1MDEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjZjZmE0Zjg4NDdmMTU2MWI1NTk3MTY3MDE2NWMwZTY4YjYyNzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvIDMWCbbb/gXuRzrykjdGdRrcYFJ
eKYtoYw5NX6WCeunFW8fla9kLvhYJ1C4IpMcn7mmteYYz10yW3KRNzWpVeUmveeL
155PWctiQz4MooT45p/lPb55k806o6jlXvMtu+5FC6JrYq13TrJXAhsq4HpxQJcA
LHQEMAIsGJtbi/RZB4KWF+5i+yi3ShKmOFAmmKtmqqXqemX+EB74Jna6YrDvFFxZ
LMQGgE0vt1Qs80a0tvUZoy8mBcf/aTKXOjKzpJArHnH3asItYAZSzDzcQjROOFkn
q+puiPqegsWs8aLscNl4XexQEXAO5RwgcsQFlaAJ6R+AKsKR0uJsjcKH9wIDAQAB
o4IChzCCAoMwHQYDVR0OBBYEFEZs+k+IR/FWG1WXFnAWXA5otieZMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdkLzUwNGZm
YS0yOTA1LTQ3ODUtOTI5MS01YjExYmIxNzlhOGIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2QvNTA0ZmZh
LTI5MDUtNDc4NS05MjkxLTViMTFiYjE3OWE4Yi8xL1JtejZUNGhIOFZZYlZaY1dj
QlpjRG1pMko1ay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBS0MA0GCSqGSIb3DQEBCwUAA4IBAQBc
JF3muHmEbAx4CSHCMjFMOMti/wGNimwC3o/x9pU/lDYVdqKulOFYqIuJtpMvZO6H
FTAwK8pPxZ+U5AmqbazPQFHb8ZuGgAJAf5AUFa4L6p2Bv42TEMWRDhEgOCo6Rppq
0PMDlOuLQBPBe9L95PkRa1Bzm4fnxmGjqoz3yM02PC7KmJSR9GeiaEtAMTIsxQqL
WIb0PLqc1x4y8fd9OLdgDC6xUPeJVgbC6dOF0HcdTSko2n0lt0Iqk2ac4BoujCUV
qAQtYVx8vn01BEKFFadvO7DzISIPM+F5gCLfhMp5Hut5/y76dwan7/aDulySuRlx
BQsUJaOg6gpQbAn6lVCH
-----END CERTIFICATE-----