Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/RzRpqWb03zzygXHYfHR4D8Ry-Xk.cer
File:                     RzRpqWb03zzygXHYfHR4D8Ry-Xk.cer (raw, json)
Hash identifier:          nVHibPTUiUmxRXjhwVMn3ylUz+Wg72QOAg12OzBHB+E=
Subject key identifier:   47:34:69:A9:66:F4:DF:3C:F2:81:71:D8:7C:74:78:0F:C4:72:F9:79
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019423D7DFA68DF80E5E52ABA6444D28BD0B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d3/1efbe6-a014-417c-9685-583920f5f05b/1/RzRpqWb03zzygXHYfHR4D8Ry-Xk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d3/1efbe6-a014-417c-9685-583920f5f05b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 21:48:57 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 43310
                          IP: 91.197.7.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:df:a6:8d:f8:0e:5e:52:ab:a6:44:4d:28:bd:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 21:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=473469a966f4df3cf28171d87c74780fc472f979
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:20:48:69:cc:9f:62:92:ac:81:15:ae:c2:f6:
                    38:a7:27:c1:5b:7d:e4:5c:b6:ce:c1:1f:ec:08:ae:
                    18:48:48:fa:ec:22:ae:e0:70:a1:fe:a9:21:cc:e4:
                    b7:59:6a:98:b5:3f:9a:4e:0e:05:cd:cf:27:81:a7:
                    9b:e6:8c:28:13:be:89:b3:06:96:01:67:90:af:69:
                    80:1a:45:62:8c:38:e6:d2:38:6c:14:a7:b4:e9:ef:
                    28:a0:d1:83:14:91:05:42:1d:dd:c7:44:af:cc:98:
                    6c:5b:7d:93:bf:ca:d5:a7:51:99:45:73:31:7f:3e:
                    a0:f2:09:74:e1:c0:f2:fb:18:f8:39:10:81:e9:bd:
                    db:54:80:a2:10:a6:6e:d6:c6:0a:a7:58:fa:93:40:
                    a7:32:6f:35:6c:11:d6:e6:05:25:b6:be:8b:14:2d:
                    3f:2e:64:79:af:9e:fe:0a:13:c2:6e:e7:9e:b7:69:
                    91:bc:60:4e:e6:86:ea:81:12:79:52:e5:52:bb:08:
                    11:e6:29:7a:49:53:05:2a:fc:03:38:75:dc:7e:78:
                    a2:fb:ef:fe:ae:2f:40:f1:04:4e:40:6b:54:cb:df:
                    77:2c:9f:c6:80:d6:50:7b:6d:5c:e8:c9:41:ff:4c:
                    dc:ed:fb:41:c8:e0:a6:f6:e3:63:a1:58:35:ad:83:
                    1d:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:34:69:A9:66:F4:DF:3C:F2:81:71:D8:7C:74:78:0F:C4:72:F9:79
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1efbe6-a014-417c-9685-583920f5f05b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1efbe6-a014-417c-9685-583920f5f05b/1/RzRpqWb03zzygXHYfHR4D8Ry-Xk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.7.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  43310

    Signature Algorithm: sha256WithRSAEncryption
         1d:c6:ab:04:79:46:f8:e3:ab:b8:cc:4e:62:62:57:eb:28:96:
         30:07:e5:29:81:4f:70:a3:c6:5c:94:ca:23:57:00:76:02:d3:
         58:7f:25:e5:21:a9:ab:9f:74:e0:e8:ee:45:a3:d6:c4:35:c4:
         25:77:b3:58:86:a5:af:48:17:22:1e:83:b5:17:18:ec:33:e2:
         ef:4e:3c:4f:62:65:df:02:03:46:53:2b:41:35:ec:33:69:d7:
         24:ed:cf:be:da:12:0f:c1:05:a2:db:88:ad:08:09:45:79:f0:
         c2:97:9e:f4:c1:d4:da:45:5d:fc:fe:9e:92:6d:02:fb:db:a1:
         91:ac:15:e1:3a:ab:56:e2:09:d4:5e:1c:f3:4c:90:d8:db:7b:
         b9:9f:e2:e7:49:e4:de:b3:0d:bb:1c:56:6d:61:31:04:fe:cc:
         9b:60:bc:35:87:e0:7d:95:7a:88:47:07:ef:e9:4c:b7:2d:3b:
         cb:da:d4:7e:db:cf:0f:22:c2:84:5b:6a:bc:ab:2d:54:fc:7a:
         09:57:9a:54:2b:7b:ee:86:a9:f9:de:86:6e:18:a2:1a:23:22:
         d5:2a:8d:04:61:7d:54:3f:fb:e8:0e:97:19:00:d5:8b:a3:7a:
         99:62:7e:d6:b8:e7:90:6e:7c:57:51:be:df:a7:59:38:89:06:
         15:d6:7a:d1
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQj19+mjfgOXlKrpkRNKL0LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMjE0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzM0NjlhOTY2ZjRkZjNjZjI4MTcxZDg3Yzc0NzgwZmM0NzJmOTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2CBIacyfYpKsgRWuwvY4pyfBW33k
XLbOwR/sCK4YSEj67CKu4HCh/qkhzOS3WWqYtT+aTg4Fzc8ngaeb5owoE76JswaW
AWeQr2mAGkVijDjm0jhsFKe06e8ooNGDFJEFQh3dx0SvzJhsW32Tv8rVp1GZRXMx
fz6g8gl04cDy+xj4ORCB6b3bVICiEKZu1sYKp1j6k0CnMm81bBHW5gUltr6LFC0/
LmR5r57+ChPCbueet2mRvGBO5obqgRJ5UuVSuwgR5il6SVMFKvwDOHXcfnii++/+
ri9A8QROQGtUy993LJ/GgNZQe21c6MlB/0zc7ftByOCm9uNjoVg1rYMdKwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFEc0aalm9N888oFx2Hx0eA/Ecvl5MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2QzLzFlZmJl
Ni1hMDE0LTQxN2MtOTY4NS01ODM5MjBmNWYwNWIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDMvMWVmYmU2
LWEwMTQtNDE3Yy05Njg1LTU4MzkyMGY1ZjA1Yi8xL1J6UnBxV2IwM3p6eWdYSFlm
SFI0RDhSeS1Yay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW8UHMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCpLjANBgkqhkiG9w0BAQsFAAOCAQEAHcarBHlG+OOruMxOYmJX6yiWMAflKYFP
cKPGXJTKI1cAdgLTWH8l5SGpq5904OjuRaPWxDXEJXezWIalr0gXIh6DtRcY7DPi
7048T2Jl3wIDRlMrQTXsM2nXJO3PvtoSD8EFotuIrQgJRXnwwpee9MHU2kVd/P6e
km0C+9uhkawV4TqrVuIJ1F4c80yQ2Nt7uZ/i50nk3rMNuxxWbWExBP7Mm2C8NYfg
fZV6iEcH7+lMty07y9rUftvPDyLChFtqvKstVPx6CVeaVCt77oap+d6GbhiiGiMi
1SqNBGF9VD/76A6XGQDVi6N6mWJ+1rjnkG58V1G+36dZOIkGFdZ60Q==
-----END CERTIFICATE-----