Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/TzLUClO7YLhnWebsClIHMAtBr3A.cer
File:                     TzLUClO7YLhnWebsClIHMAtBr3A.cer (raw, json)
Hash identifier:          kayj3duzr5+8vobqA8YP88z5ALkIbmdlsOewlkBlmaQ=
Subject key identifier:   4F:32:D4:0A:53:BB:60:B8:67:59:E6:EC:0A:52:07:30:0B:41:AF:70
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194244554AFC84DD436A0585096A083C349
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f3/a75e63-8149-49c6-939f-c6bf2ffb7253/1/TzLUClO7YLhnWebsClIHMAtBr3A.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f3/a75e63-8149-49c6-939f-c6bf2ffb7253/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 23:48:31 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.50.176.0/22
                          IP: 2a01:aba0::/32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:54:af:c8:4d:d4:36:a0:58:50:96:a0:83:c3:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 23:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f32d40a53bb60b86759e6ec0a5207300b41af70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:74:19:8c:bf:2e:da:8d:a5:a0:cb:fd:2c:63:
                    54:a2:75:89:3b:ff:4b:1e:bb:1c:8a:cb:2d:c6:88:
                    44:84:b3:22:3b:ef:6c:42:7d:43:ea:9e:6e:b6:40:
                    98:bd:ee:6a:71:fb:cc:3f:ac:de:fb:c4:a5:e1:c5:
                    a4:af:74:6b:bb:49:4f:47:15:df:97:dd:28:bf:fb:
                    67:70:3a:d7:7a:ac:f9:75:89:5c:2e:d3:4d:90:9e:
                    8c:71:99:54:1a:16:78:f4:85:9b:89:d6:f8:08:91:
                    2f:0c:8f:82:7c:72:06:3e:2e:5f:72:09:3e:60:f6:
                    8b:6b:06:77:44:99:91:08:0f:73:03:86:d6:50:0e:
                    91:9f:46:9a:b9:05:4c:0c:6c:60:cb:fb:8f:e7:a0:
                    05:70:a2:b7:e8:6e:16:3f:1c:00:8c:6f:0c:85:37:
                    e0:69:7a:9e:8a:75:dd:fd:5e:ca:48:e3:62:fc:de:
                    dd:62:1b:52:e3:82:d9:02:b1:f3:03:1e:10:9a:cd:
                    0c:da:77:37:11:93:38:90:ac:93:d8:a3:83:48:dc:
                    6d:71:bd:6c:80:2b:29:59:24:6b:03:c1:2c:ff:ed:
                    c2:54:51:4c:fb:0d:19:02:18:18:47:6a:d5:96:ea:
                    eb:71:02:e7:e1:01:ac:d0:c0:c1:f1:ba:62:d3:e4:
                    ad:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:32:D4:0A:53:BB:60:B8:67:59:E6:EC:0A:52:07:30:0B:41:AF:70
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/a75e63-8149-49c6-939f-c6bf2ffb7253/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/a75e63-8149-49c6-939f-c6bf2ffb7253/1/TzLUClO7YLhnWebsClIHMAtBr3A.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.50.176.0/22
                IPv6:
                  2a01:aba0::/32

    Signature Algorithm: sha256WithRSAEncryption
         0c:33:2d:43:8b:bc:db:1a:02:12:14:f2:e6:79:4f:6a:da:5b:
         60:41:d5:10:c0:a3:4f:9c:53:13:c7:49:31:64:d5:19:b5:e0:
         d3:ad:d7:cd:bb:52:74:d1:10:c5:72:95:ab:10:ca:21:2e:d5:
         11:d0:5f:e4:49:c7:44:95:19:b8:14:a7:8f:d8:6d:60:a2:cb:
         8b:b7:e2:b4:48:c6:33:83:58:8b:1c:be:9e:3f:22:90:0f:4a:
         be:f8:df:f8:32:08:4c:4f:9f:e6:af:d1:e1:94:f4:d0:ba:94:
         c2:2f:d2:1c:cd:f7:e0:31:43:a3:cc:a2:0c:4d:f4:62:98:d6:
         3d:a0:2d:b9:01:90:90:b7:ea:39:6f:5f:45:f1:94:40:97:89:
         6e:36:dc:e2:76:8e:c4:0f:18:e5:f2:5e:96:a2:41:fb:6b:a3:
         da:7b:6f:87:9f:d7:57:c9:9a:38:5f:a6:57:2f:a2:d8:da:e2:
         fe:9a:42:3e:2a:83:2c:86:2d:02:72:a3:0b:69:f2:ee:dd:29:
         6b:d7:dc:52:f0:d8:70:b8:ae:01:5b:fc:30:8c:40:1a:ce:5e:
         d7:6c:f7:ce:31:48:b8:37:8a:31:c1:38:ed:af:1b:d8:30:fe:
         20:90:49:19:6a:80:79:f4:49:67:ce:b3:07:17:9f:19:d4:5e:
         76:a1:88:52
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQkRVSvyE3UNqBYUJagg8NJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMjM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjMyZDQwYTUzYmI2MGI4Njc1OWU2ZWMwYTUyMDczMDBiNDFhZjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHQZjL8u2o2loMv9LGNUonWJO/9L
HrscisstxohEhLMiO+9sQn1D6p5utkCYve5qcfvMP6ze+8Sl4cWkr3Rru0lPRxXf
l90ov/tncDrXeqz5dYlcLtNNkJ6McZlUGhZ49IWbidb4CJEvDI+CfHIGPi5fcgk+
YPaLawZ3RJmRCA9zA4bWUA6Rn0aauQVMDGxgy/uP56AFcKK36G4WPxwAjG8MhTfg
aXqeinXd/V7KSONi/N7dYhtS44LZArHzAx4Qms0M2nc3EZM4kKyT2KODSNxtcb1s
gCspWSRrA8Es/+3CVFFM+w0ZAhgYR2rVlurrcQLn4QGs0MDB8bpi0+StzwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFE8y1ApTu2C4Z1nm7ApSBzALQa9wMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YzL2E3NWU2
My04MTQ5LTQ5YzYtOTM5Zi1jNmJmMmZmYjcyNTMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjMvYTc1ZTYz
LTgxNDktNDljNi05MzlmLWM2YmYyZmZiNzI1My8xL1R6TFVDbE83WUxobldlYnND
bElITUF0QnIzQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuTKwMA0EAgACMAcDBQAqAaugMA0GCSqGSIb3
DQEBCwUAA4IBAQAMMy1Di7zbGgISFPLmeU9q2ltgQdUQwKNPnFMTx0kxZNUZteDT
rdfNu1J00RDFcpWrEMohLtUR0F/kScdElRm4FKeP2G1gosuLt+K0SMYzg1iLHL6e
PyKQD0q++N/4MghMT5/mr9HhlPTQupTCL9IczffgMUOjzKIMTfRimNY9oC25AZCQ
t+o5b19F8ZRAl4luNtzido7EDxjl8l6WokH7a6Pae2+Hn9dXyZo4X6ZXL6LY2uL+
mkI+KoMshi0CcqMLafLu3Slr19xS8NhwuK4BW/wwjEAazl7XbPfOMUi4N4oxwTjt
rxvYMP4gkEkZaoB59ElnzrMHF58Z1F52oYhS
-----END CERTIFICATE-----