Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/TS-f1cihTNyfMcRYXNYNtXz_tMI.cer
File:                     TS-f1cihTNyfMcRYXNYNtXz_tMI.cer (raw, json)
Hash identifier:          vXd+1zmy7pCn9rjh3qHyor4vpjQ1id1BZAhM1kbm3vw=
Subject key identifier:   4D:2F:9F:D5:C8:A1:4C:DC:9F:31:C4:58:5C:D6:0D:B5:7C:FF:B4:C2
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942747B9E7260351D3DE532F5D1D31A3D3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b1/da4e46-2a93-44a4-b8e3-c2133dd81b56/1/TS-f1cihTNyfMcRYXNYNtXz_tMI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b1/da4e46-2a93-44a4-b8e3-c2133dd81b56/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 13:49:59 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 34022
                          IP: 193.17.195.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:b9:e7:26:03:51:d3:de:53:2f:5d:1d:31:a3:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 13:49:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d2f9fd5c8a14cdc9f31c4585cd60db57cffb4c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:7d:de:63:e3:cf:2e:84:88:21:1a:63:51:26:
                    88:c4:b5:d6:0c:a5:05:5b:81:55:1c:02:32:a0:ca:
                    87:d4:75:36:37:01:3e:97:4e:8e:f4:f2:21:78:91:
                    bb:2d:77:3b:a9:9f:2a:49:e0:8f:cd:66:06:d5:c4:
                    9f:a7:3e:25:89:eb:48:b2:3e:63:7a:e3:5e:d3:64:
                    71:36:4b:f0:00:21:98:3c:cb:e8:a2:38:86:ec:b2:
                    7f:f7:61:68:22:49:5e:0a:3b:d9:9b:f6:22:6b:26:
                    e8:b0:a2:ac:bc:b3:75:75:91:38:be:6c:06:c0:42:
                    6b:75:fb:24:c9:72:da:29:ae:91:49:c7:56:ce:77:
                    ef:a2:bc:5f:02:25:18:c1:2a:9e:0a:70:87:e1:6f:
                    3b:25:45:14:3c:c1:80:2b:32:6c:e3:3d:40:15:87:
                    b2:1d:53:d5:a9:db:90:6e:cd:9e:75:18:d2:1d:b7:
                    ee:3c:6e:7a:10:b8:ea:d1:57:3a:fe:ba:34:5b:28:
                    8f:05:78:9a:e9:f7:90:4c:6e:23:ac:e9:42:95:17:
                    70:88:a0:84:47:ce:bf:22:0a:d9:86:a2:97:84:7c:
                    ae:7d:4d:2d:25:17:a3:22:4a:72:e0:da:4a:5c:f1:
                    93:5b:05:44:93:7f:fb:78:f3:a4:fc:7a:05:24:d7:
                    2c:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:2F:9F:D5:C8:A1:4C:DC:9F:31:C4:58:5C:D6:0D:B5:7C:FF:B4:C2
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/da4e46-2a93-44a4-b8e3-c2133dd81b56/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/da4e46-2a93-44a4-b8e3-c2133dd81b56/1/TS-f1cihTNyfMcRYXNYNtXz_tMI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.195.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  34022

    Signature Algorithm: sha256WithRSAEncryption
         2c:cd:af:de:79:3e:9d:b5:c9:30:a5:ea:66:d6:08:75:5e:e2:
         22:d3:f6:2d:5c:b1:00:52:03:06:d8:c9:38:50:92:41:dd:6c:
         14:e9:23:0f:78:82:5e:f0:02:57:4d:80:d5:17:0c:6b:ca:66:
         f9:4f:bd:4d:22:ab:09:fa:e1:d0:9c:48:4b:09:d9:e4:ab:9b:
         79:31:cf:26:f8:8f:06:c4:f7:ff:c0:38:e4:f6:28:aa:94:f1:
         fb:a5:77:f0:42:e3:97:39:b0:29:0e:1f:cc:1f:31:71:c7:63:
         73:9b:e3:72:c5:f6:32:09:4a:f1:16:a2:2c:83:eb:4e:71:81:
         27:27:0b:17:00:77:90:bb:df:98:19:0b:e8:73:25:28:56:26:
         45:b9:65:2d:bc:0d:16:44:b4:0e:22:10:ec:00:50:7a:1a:54:
         a2:e7:b9:d3:10:4d:49:08:c3:5f:73:93:18:ce:4c:3b:95:4d:
         cc:94:95:95:6f:9f:9b:4e:fd:1e:8d:ed:6b:ae:3c:5a:e9:52:
         03:30:e6:e9:24:9f:b8:74:cf:df:90:1d:02:24:fc:c9:78:77:
         8d:b0:e5:23:54:dd:bc:37:49:d5:09:40:c8:1c:bc:82:6f:49:
         86:fe:eb:e7:a8:8a:5a:00:95:b6:2b:66:5e:3c:f6:b3:82:43:
         28:bf:04:26
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQnR7nnJgNR095TL10dMaPTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTM0OTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDJmOWZkNWM4YTE0Y2RjOWYzMWM0NTg1Y2Q2MGRiNTdjZmZiNGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt33eY+PPLoSIIRpjUSaIxLXWDKUF
W4FVHAIyoMqH1HU2NwE+l06O9PIheJG7LXc7qZ8qSeCPzWYG1cSfpz4lietIsj5j
euNe02RxNkvwACGYPMvoojiG7LJ/92FoIkleCjvZm/YiaybosKKsvLN1dZE4vmwG
wEJrdfskyXLaKa6RScdWznfvorxfAiUYwSqeCnCH4W87JUUUPMGAKzJs4z1AFYey
HVPVqduQbs2edRjSHbfuPG56ELjq0Vc6/ro0WyiPBXia6feQTG4jrOlClRdwiKCE
R86/IgrZhqKXhHyufU0tJRejIkpy4NpKXPGTWwVEk3/7ePOk/HoFJNcsdwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFE0vn9XIoUzcnzHEWFzWDbV8/7TCMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2IxL2RhNGU0
Ni0yYTkzLTQ0YTQtYjhlMy1jMjEzM2RkODFiNTYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEvZGE0ZTQ2
LTJhOTMtNDRhNC1iOGUzLWMyMTMzZGQ4MWI1Ni8xL1RTLWYxY2loVE55Zk1jUllY
TllOdFh6X3RNSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwRHDMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCE5jANBgkqhkiG9w0BAQsFAAOCAQEALM2v3nk+nbXJMKXqZtYIdV7iItP2LVyx
AFIDBtjJOFCSQd1sFOkjD3iCXvACV02A1RcMa8pm+U+9TSKrCfrh0JxISwnZ5Kub
eTHPJviPBsT3/8A45PYoqpTx+6V38ELjlzmwKQ4fzB8xccdjc5vjcsX2MglK8Rai
LIPrTnGBJycLFwB3kLvfmBkL6HMlKFYmRbllLbwNFkS0DiIQ7ABQehpUoue50xBN
SQjDX3OTGM5MO5VNzJSVlW+fm079Ho3ta648WulSAzDm6SSfuHTP35AdAiT8yXh3
jbDlI1TdvDdJ1QlAyBy8gm9Jhv7r56iKWgCVtitmXjz2s4JDKL8EJg==
-----END CERTIFICATE-----