Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/S91CzNE9f4p8PtpbVQLY1ty7vhE.cer
File:                     S91CzNE9f4p8PtpbVQLY1ty7vhE.cer (raw, json)
Hash identifier:          JMUL0Gqs9DGOGz9W961InF7Hdh0l9jyjoq3VZAeTQ/U=
Subject key identifier:   4B:DD:42:CC:D1:3D:7F:8A:7C:3E:DA:5B:55:02:D8:D6:DC:BB:BE:11
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019421442F3936D7E1B216E65935CC6DB91E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9b/fc8e22-9a3b-4646-babe-1ca2120ee436/1/S91CzNE9f4p8PtpbVQLY1ty7vhE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9b/fc8e22-9a3b-4646-babe-1ca2120ee436/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 09:48:24 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.168.149.0/24
                          IP: 2a12:b7c0::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:2f:39:36:d7:e1:b2:16:e6:59:35:cc:6d:b9:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 09:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4bdd42ccd13d7f8a7c3eda5b5502d8d6dcbbbe11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:33:33:54:08:ca:d0:71:13:46:9c:30:f3:f3:
                    84:b3:a8:74:54:e2:ab:b6:f7:8f:1a:05:57:d2:ca:
                    39:43:be:d2:87:c1:49:e8:90:72:1b:6b:54:97:8c:
                    7b:4d:ae:fc:6a:f5:65:c6:eb:67:81:80:a7:c5:d5:
                    02:30:ac:de:e6:54:e1:0c:63:ed:11:83:17:26:67:
                    17:27:0a:ca:eb:6f:ba:71:a2:53:16:58:37:19:f6:
                    97:f4:cd:3c:d4:f3:43:5b:66:d8:90:ab:0b:ba:42:
                    4b:37:91:2a:93:44:fb:33:cf:01:ed:8c:1d:80:45:
                    07:d7:6b:58:8d:77:44:1d:6b:1a:56:45:5f:e4:c0:
                    79:1d:c9:12:8a:eb:2e:bc:6e:94:31:e8:79:59:7e:
                    ae:59:58:c2:98:b4:82:d9:d9:e9:a7:64:d1:eb:1b:
                    ce:22:59:5d:e2:bd:62:e4:0f:57:d5:c4:de:b7:f2:
                    24:df:42:89:20:6e:0c:d2:7e:ae:ff:f6:e4:b2:95:
                    78:56:8e:6e:f4:ae:9b:89:70:e6:7b:b7:04:8e:58:
                    cf:86:ee:8e:a9:bb:7d:6c:c8:29:4d:a4:4d:80:40:
                    7c:db:05:85:da:ef:dc:a6:64:da:5b:96:18:89:4d:
                    4d:99:39:dd:c8:cc:83:33:ef:7d:71:62:06:00:ea:
                    1d:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:DD:42:CC:D1:3D:7F:8A:7C:3E:DA:5B:55:02:D8:D6:DC:BB:BE:11
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/fc8e22-9a3b-4646-babe-1ca2120ee436/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/fc8e22-9a3b-4646-babe-1ca2120ee436/1/S91CzNE9f4p8PtpbVQLY1ty7vhE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.149.0/24
                IPv6:
                  2a12:b7c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:cb:29:5f:89:5b:bf:2c:af:f4:ec:f2:2d:d5:0e:12:e3:89:
         29:8c:40:02:c1:e2:3b:1f:15:60:1e:55:50:74:6d:65:95:c9:
         26:85:86:4b:2f:a8:40:ed:7a:49:1a:9c:b4:31:8f:d4:84:9a:
         d5:51:6e:2a:87:25:3e:7f:23:dc:74:31:56:f4:c1:bc:c7:61:
         e2:71:dd:04:24:54:06:67:a7:c0:9f:e3:84:f4:bb:44:8d:d8:
         4b:10:bc:0f:f6:40:e4:f8:56:76:dc:20:a1:aa:e9:c8:2b:f8:
         22:0c:6b:fa:67:46:0f:bf:27:80:ff:fe:f5:d6:7b:4d:2a:4e:
         20:03:03:25:d3:8f:59:0f:6e:b4:d8:df:d8:a9:5b:91:72:b3:
         a3:50:2e:5a:4a:54:2d:95:fc:74:19:af:3d:d7:05:22:e6:bb:
         99:56:3c:b9:55:d1:8e:99:3d:55:90:f5:90:2f:aa:31:eb:7f:
         48:e2:93:03:71:06:ac:64:51:53:1c:9f:24:65:7f:e3:8c:6d:
         81:75:98:9e:aa:83:40:3d:6c:47:63:42:99:6f:00:b9:bc:5e:
         31:0a:23:fd:da:87:bf:06:75:85:4d:e2:09:53:6d:4f:9c:02:
         5d:a6:20:c6:b3:0c:50:a3:06:33:82:bc:6c:11:4f:39:39:6d:
         4b:1e:33:9f
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQhRC85NtfhshbmWTXMbbkeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDk0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmRkNDJjY2QxM2Q3ZjhhN2MzZWRhNWI1NTAyZDhkNmRjYmJiZTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDMzVAjK0HETRpww8/OEs6h0VOKr
tvePGgVX0so5Q77Sh8FJ6JByG2tUl4x7Ta78avVlxutngYCnxdUCMKze5lThDGPt
EYMXJmcXJwrK62+6caJTFlg3GfaX9M081PNDW2bYkKsLukJLN5Eqk0T7M88B7Ywd
gEUH12tYjXdEHWsaVkVf5MB5HckSiusuvG6UMeh5WX6uWVjCmLSC2dnpp2TR6xvO
Illd4r1i5A9X1cTet/Ik30KJIG4M0n6u//bkspV4Vo5u9K6biXDme7cEjljPhu6O
qbt9bMgpTaRNgEB82wWF2u/cpmTaW5YYiU1NmTndyMyDM+99cWIGAOodcQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFEvdQszRPX+KfD7aW1UC2Nbcu74RMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzliL2ZjOGUy
Mi05YTNiLTQ2NDYtYmFiZS0xY2EyMTIwZWU0MzYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWIvZmM4ZTIy
LTlhM2ItNDY0Ni1iYWJlLTFjYTIxMjBlZTQzNi8xL1M5MUN6TkU5ZjRwOFB0cGJW
UUxZMXR5N3ZoRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAuaiVMA0EAgACMAcDBQMqErfAMA0GCSqGSIb3
DQEBCwUAA4IBAQA7yylfiVu/LK/07PIt1Q4S44kpjEACweI7HxVgHlVQdG1llckm
hYZLL6hA7XpJGpy0MY/UhJrVUW4qhyU+fyPcdDFW9MG8x2Hicd0EJFQGZ6fAn+OE
9LtEjdhLELwP9kDk+FZ23CChqunIK/giDGv6Z0YPvyeA//711ntNKk4gAwMl049Z
D2602N/YqVuRcrOjUC5aSlQtlfx0Ga891wUi5ruZVjy5VdGOmT1VkPWQL6ox639I
4pMDcQasZFFTHJ8kZX/jjG2BdZieqoNAPWxHY0KZbwC5vF4xCiP92oe/BnWFTeIJ
U21PnAJdpiDGswxQowYzgrxsEU85OW1LHjOf
-----END CERTIFICATE-----