Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/TOSIxkAcj16WnhXWRlH7Sy0tzfc.cer
File:                     TOSIxkAcj16WnhXWRlH7Sy0tzfc.cer (raw, json)
Hash identifier:          ceUKhM2d/iT5H8a+kecxPFbolMsQYZJBWN/UkOLgTIQ=
Subject key identifier:   4C:E4:88:C6:40:1C:8F:5E:96:9E:15:D6:46:51:FB:4B:2D:2D:CD:F7
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194214462B80812EC1680420846079F5039
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/15/c5c595-2673-4d5f-8a85-ae8c81f96f42/1/TOSIxkAcj16WnhXWRlH7Sy0tzfc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/15/c5c595-2673-4d5f-8a85-ae8c81f96f42/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 09:48:37 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 51735
                          IP: 91.220.78.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:62:b8:08:12:ec:16:80:42:08:46:07:9f:50:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 09:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ce488c6401c8f5e969e15d64651fb4b2d2dcdf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:c3:b7:8e:40:77:bb:d5:4b:54:08:2d:50:bc:
                    e3:bc:ba:15:a2:e0:4e:a0:be:a1:ae:3d:e7:98:57:
                    b8:1f:5c:66:37:5f:19:8f:4a:6d:53:7c:27:e9:08:
                    f7:0e:8d:8b:53:2d:74:be:46:41:8c:20:9a:0b:60:
                    b5:a2:7a:ae:a7:d6:0c:d5:8a:61:c7:11:04:09:e4:
                    e2:78:cc:04:e3:de:5a:b3:a8:89:ff:18:eb:eb:b1:
                    45:2e:46:3a:77:ff:89:30:3d:1b:3f:ca:01:95:e9:
                    e6:b3:a9:f7:a5:35:c7:4a:32:74:e0:5a:c8:f6:4e:
                    b9:f4:80:e6:a0:c1:71:5f:61:f3:44:e6:f6:69:d0:
                    88:c1:ac:61:db:77:21:b8:b0:cf:ca:c6:6d:37:4d:
                    c2:eb:9c:e1:b6:55:75:5a:59:73:44:04:c1:66:74:
                    fe:d5:a0:71:a1:3a:d8:8a:65:b0:42:0c:04:7a:55:
                    6c:cf:74:80:2a:69:2f:7f:3e:c8:9c:0f:3c:71:7a:
                    96:b3:0b:1a:95:0d:1e:b5:33:b6:24:ae:c5:13:d8:
                    52:bc:8e:d7:54:48:3b:2e:8e:77:cd:62:d3:51:cd:
                    01:d5:83:db:23:8a:b8:69:fc:2e:e0:78:df:74:4f:
                    96:ae:23:9e:04:fe:69:eb:66:0f:f8:6a:eb:22:08:
                    80:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:E4:88:C6:40:1C:8F:5E:96:9E:15:D6:46:51:FB:4B:2D:2D:CD:F7
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/c5c595-2673-4d5f-8a85-ae8c81f96f42/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/c5c595-2673-4d5f-8a85-ae8c81f96f42/1/TOSIxkAcj16WnhXWRlH7Sy0tzfc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.78.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  51735

    Signature Algorithm: sha256WithRSAEncryption
         13:9f:cf:c9:f0:23:9f:0a:dc:7f:fc:a6:c9:98:01:6a:56:99:
         e0:a4:eb:a8:a2:35:1e:89:8c:a1:b4:94:b2:d8:9e:9b:e8:37:
         d0:b8:a9:e1:dd:9b:82:b0:f3:48:ce:2b:35:85:d8:b5:b7:4b:
         a8:91:08:63:38:c0:78:c9:f7:15:40:e1:5d:04:c5:e6:53:a4:
         f8:0b:da:f8:d1:e2:87:73:fd:69:76:09:53:1b:89:d2:ef:5b:
         3d:d6:15:6f:f3:72:8f:a8:a1:3c:d9:88:5f:9f:89:0f:64:8e:
         3d:00:a7:6e:36:46:b1:08:6c:9e:74:4b:4f:bb:9b:e3:8d:0b:
         90:bc:9b:42:f1:89:d2:cd:52:a3:d9:f2:03:4f:a2:53:ac:b0:
         9b:36:c9:e7:d7:4e:1c:3b:e1:ac:a9:af:e2:0d:ce:64:25:34:
         e9:0e:f3:59:46:a7:97:3e:2c:73:a0:b0:71:a7:56:c7:01:df:
         0b:76:86:48:41:70:2a:c8:67:6d:4f:55:f4:b2:64:7e:56:e5:
         6e:16:16:27:66:76:79:1d:39:95:fa:31:cf:ea:69:ab:ea:5a:
         fd:09:e6:8e:c8:d8:a0:2e:fc:d3:42:7c:af:3d:e4:c6:b7:a0:
         d1:7f:e1:2c:d2:f4:d2:c0:88:d0:cd:5b:3a:4b:92:a1:cd:13:
         dd:db:c2:2f
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQhRGK4CBLsFoBCCEYHn1A5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDk0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2U0ODhjNjQwMWM4ZjVlOTY5ZTE1ZDY0NjUxZmI0YjJkMmRjZGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8O3jkB3u9VLVAgtULzjvLoVouBO
oL6hrj3nmFe4H1xmN18Zj0ptU3wn6Qj3Do2LUy10vkZBjCCaC2C1onqup9YM1Yph
xxEECeTieMwE495as6iJ/xjr67FFLkY6d/+JMD0bP8oBlenms6n3pTXHSjJ04FrI
9k659IDmoMFxX2HzROb2adCIwaxh23chuLDPysZtN03C65zhtlV1WllzRATBZnT+
1aBxoTrYimWwQgwEelVsz3SAKmkvfz7InA88cXqWswsalQ0etTO2JK7FE9hSvI7X
VEg7Lo53zWLTUc0B1YPbI4q4afwu4HjfdE+WriOeBP5p62YP+GrrIgiAjwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFEzkiMZAHI9elp4V1kZR+0stLc33MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE1L2M1YzU5
NS0yNjczLTRkNWYtOGE4NS1hZThjODFmOTZmNDIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTUvYzVjNTk1
LTI2NzMtNGQ1Zi04YTg1LWFlOGM4MWY5NmY0Mi8xL1RPU0l4a0FjajE2V25oWFdS
bEg3U3kwdHpmYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9xOMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDKFzANBgkqhkiG9w0BAQsFAAOCAQEAE5/PyfAjnwrcf/ymyZgBalaZ4KTrqKI1
HomMobSUstiem+g30Lip4d2bgrDzSM4rNYXYtbdLqJEIYzjAeMn3FUDhXQTF5lOk
+Ava+NHih3P9aXYJUxuJ0u9bPdYVb/Nyj6ihPNmIX5+JD2SOPQCnbjZGsQhsnnRL
T7ub440LkLybQvGJ0s1So9nyA0+iU6ywmzbJ59dOHDvhrKmv4g3OZCU06Q7zWUan
lz4sc6CwcadWxwHfC3aGSEFwKshnbU9V9LJkflblbhYWJ2Z2eR05lfoxz+ppq+pa
/QnmjsjYoC7800J8rz3kxreg0X/hLNL00sCI0M1bOkuSoc0T3dvCLw==
-----END CERTIFICATE-----