Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/UQzngdsNx-T59JQUWileTMsSHK4.cer
File:                     UQzngdsNx-T59JQUWileTMsSHK4.cer (raw, json)
Hash identifier:          vxafhvfGP0JGVbp1GOxThZg+gJtjg5pQlxvSjxVufsU=
Subject key identifier:   51:0C:E7:81:DB:0D:C7:E4:F9:F4:94:14:5A:29:5E:4C:CB:12:1C:AE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420685265434D226F21018BBB5FEFA49C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/5f/31fd16-6d00-4d09-a8d4-c1d6c8f319c1/1/UQzngdsNx-T59JQUWileTMsSHK4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/5f/31fd16-6d00-4d09-a8d4-c1d6c8f319c1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 05:48:15 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 21469
                          IP: 80.252.192.0/20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:52:65:43:4d:22:6f:21:01:8b:bb:5f:ef:a4:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=510ce781db0dc7e4f9f494145a295e4ccb121cae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ad:04:53:8c:40:dd:4d:91:b2:d8:97:7a:7d:
                    65:ff:1f:f7:e0:0a:ba:b1:bb:d2:a9:b4:c7:31:44:
                    b6:d4:1e:f7:00:e2:c1:7b:9c:82:22:09:24:df:cf:
                    53:c9:57:c8:ff:2e:89:78:1b:24:9d:81:38:f7:7e:
                    b5:26:1d:55:be:d5:60:b3:a7:c2:ea:eb:38:2b:55:
                    c1:c8:73:3e:34:46:f5:c3:30:56:45:2b:b1:25:a1:
                    60:8b:73:4f:ed:2f:8f:5b:69:69:94:a6:1f:04:c0:
                    58:9c:8c:c4:9a:40:7a:da:1b:fe:33:74:1d:bb:7b:
                    1f:08:b0:d4:5c:0e:44:0e:07:ee:18:ce:7f:21:d0:
                    7c:9e:22:7e:6a:9b:0d:1f:6c:cf:c2:b8:02:36:16:
                    85:b4:ed:f3:d0:23:ff:7a:63:c9:45:97:e6:84:7b:
                    a0:23:b4:1a:d4:25:3d:2e:47:57:43:7c:28:e7:ea:
                    f9:db:4d:67:b9:d2:20:e7:fa:13:d1:1d:bf:87:04:
                    00:7f:06:45:8c:9a:f6:dc:af:1a:56:96:80:18:a2:
                    0e:3c:eb:ee:0e:a7:ea:36:76:26:cf:14:47:60:c6:
                    04:81:f8:9f:8e:73:37:de:fd:fd:da:42:88:e1:59:
                    1f:fb:5f:f9:e5:f9:de:f1:12:cb:b8:7b:14:74:5b:
                    38:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:0C:E7:81:DB:0D:C7:E4:F9:F4:94:14:5A:29:5E:4C:CB:12:1C:AE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/31fd16-6d00-4d09-a8d4-c1d6c8f319c1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/31fd16-6d00-4d09-a8d4-c1d6c8f319c1/1/UQzngdsNx-T59JQUWileTMsSHK4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.252.192.0/20

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  21469

    Signature Algorithm: sha256WithRSAEncryption
         29:0c:8f:03:1a:00:e8:39:73:86:43:3c:cf:ee:9a:e7:9a:b6:
         95:aa:df:b7:cb:c9:18:a8:f4:31:35:91:b2:a8:34:24:3e:7c:
         4c:1d:82:08:82:2b:6b:e3:39:41:ac:c3:d9:e3:eb:63:3b:94:
         b7:f0:fa:32:7e:c0:09:03:a2:75:6a:e0:8f:af:ab:31:d0:64:
         3e:11:e8:84:30:3b:45:b9:12:75:78:ce:6e:99:e0:3b:f3:5e:
         20:31:5a:25:64:e7:14:8b:d0:dc:e7:8c:43:82:dd:e7:81:86:
         80:95:a6:8d:54:7d:45:ba:ce:aa:6c:da:6e:8b:6e:ee:cc:1c:
         30:b8:3f:4d:bf:e4:09:75:6c:ae:80:84:fd:d8:86:f6:65:c3:
         bb:2e:e6:80:30:4b:ab:77:93:2f:a2:26:ab:89:5a:7a:3c:c3:
         b3:fd:2b:a5:87:a2:a6:c9:f5:af:84:13:d5:82:e7:e3:d5:f8:
         1e:db:2c:2b:2b:1a:43:b5:ad:a2:ce:e6:72:1f:dc:68:fe:ae:
         92:c9:59:94:c8:6a:3c:2a:fd:11:17:30:28:93:10:fa:4e:90:
         f2:ce:a5:94:c7:41:3d:d9:f0:59:12:62:49:f9:16:61:34:cb:
         9d:80:58:4e:56:a3:e2:ae:b9:c0:d3:8b:3a:93:d6:1e:3c:b4:
         c8:f7:e8:f6
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAZQgaFJlQ00ibyEBi7tf76ScMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDU0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTBjZTc4MWRiMGRjN2U0ZjlmNDk0MTQ1YTI5NWU0Y2NiMTIxY2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtq0EU4xA3U2RstiXen1l/x/34Aq6
sbvSqbTHMUS21B73AOLBe5yCIgkk389TyVfI/y6JeBsknYE49361Jh1VvtVgs6fC
6us4K1XByHM+NEb1wzBWRSuxJaFgi3NP7S+PW2lplKYfBMBYnIzEmkB62hv+M3Qd
u3sfCLDUXA5EDgfuGM5/IdB8niJ+apsNH2zPwrgCNhaFtO3z0CP/emPJRZfmhHug
I7Qa1CU9LkdXQ3wo5+r5201nudIg5/oT0R2/hwQAfwZFjJr23K8aVpaAGKIOPOvu
DqfqNnYmzxRHYMYEgfifjnM33v392kKI4Vkf+1/55fne8RLLuHsUdFs4bwIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFFEM54HbDcfk+fSUFFopXkzLEhyuMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVmLzMxZmQx
Ni02ZDAwLTRkMDktYThkNC1jMWQ2YzhmMzE5YzEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWYvMzFmZDE2
LTZkMDAtNGQwOS1hOGQ0LWMxZDZjOGYzMTljMS8xL1VRem5nZHNOeC1UNTlKUVVX
aWxlVE1zU0hLNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQEUPzAMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AlPdMA0GCSqGSIb3DQEBCwUAA4IBAQApDI8DGgDoOXOGQzzP7prnmraVqt+3y8kY
qPQxNZGyqDQkPnxMHYIIgitr4zlBrMPZ4+tjO5S38PoyfsAJA6J1auCPr6sx0GQ+
EeiEMDtFuRJ1eM5umeA7814gMVolZOcUi9Dc54xDgt3ngYaAlaaNVH1Fus6qbNpu
i27uzBwwuD9Nv+QJdWyugIT92Ib2ZcO7LuaAMEurd5MvoiariVp6PMOz/Sulh6Km
yfWvhBPVgufj1fge2ywrKxpDta2izuZyH9xo/q6SyVmUyGo8Kv0RFzAokxD6TpDy
zqWUx0E92fBZEmJJ+RZhNMudgFhOVqPirrnA04s6k9YePLTI9+j2
-----END CERTIFICATE-----