Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/U_azaGcjiqcYvhfm5zzkCpiVeKA.cer
File:                     U_azaGcjiqcYvhfm5zzkCpiVeKA.cer (raw, json)
Hash identifier:          ojqs3tEORZSku4AUJpaQpvxysjVo9w6EM2Q0ShOMHG8=
Subject key identifier:   53:F6:B3:68:67:23:8A:A7:18:BE:17:E6:E7:3C:E4:0A:98:95:78:A0
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019423D741259B186C7209189F5C7631DD43
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ac/091e11-ee0c-49ec-95d7-6dbad31dbc41/1/U_azaGcjiqcYvhfm5zzkCpiVeKA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ac/091e11-ee0c-49ec-95d7-6dbad31dbc41/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 21:48:17 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 31098
                          IP: 194.39.140.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:41:25:9b:18:6c:72:09:18:9f:5c:76:31:dd:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 21:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53f6b36867238aa718be17e6e73ce40a989578a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:43:2a:04:6e:1d:9e:90:9c:51:da:1b:7d:50:
                    1f:b0:5e:e3:8b:e9:45:41:53:3a:3c:1b:f2:31:a5:
                    22:8e:7a:f2:26:d4:ac:a4:89:3a:8d:e1:85:1d:7f:
                    84:42:0d:61:cc:66:3e:f9:fd:94:74:6f:03:2d:0f:
                    3b:36:00:e7:3d:44:dd:cc:82:03:8b:4c:c4:b8:fe:
                    cc:20:c4:fd:05:00:12:1f:bf:c9:de:c7:bd:a4:b7:
                    4d:21:32:a1:0e:05:ff:45:a7:e3:c3:b0:32:61:cc:
                    ce:3c:61:4d:a7:b9:33:0a:79:09:68:6a:54:05:c6:
                    4d:4d:5f:cf:e9:50:db:df:a8:a1:e5:46:f7:53:f2:
                    72:48:67:bb:c1:a3:87:76:a5:2c:34:6f:d0:31:5f:
                    5a:83:b1:d0:98:79:ec:f7:72:8e:05:68:60:18:ba:
                    bb:54:4c:48:91:8f:bd:3a:ea:cd:eb:f1:c4:34:9c:
                    72:58:19:9c:94:14:da:03:6e:f7:14:b6:d4:2b:3b:
                    f1:9b:20:43:fe:03:6a:77:9b:80:48:c0:7b:66:5e:
                    71:22:a0:b2:1e:28:4e:98:89:6a:a1:e5:29:c7:c5:
                    8f:cd:06:56:07:7c:2f:f1:0d:7e:50:a1:68:84:7c:
                    60:55:62:e9:43:d3:ea:03:84:85:9c:f7:89:7a:57:
                    1d:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:F6:B3:68:67:23:8A:A7:18:BE:17:E6:E7:3C:E4:0A:98:95:78:A0
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/091e11-ee0c-49ec-95d7-6dbad31dbc41/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/091e11-ee0c-49ec-95d7-6dbad31dbc41/1/U_azaGcjiqcYvhfm5zzkCpiVeKA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.140.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  31098

    Signature Algorithm: sha256WithRSAEncryption
         20:a7:ec:65:ad:d5:17:db:ae:05:f6:6f:78:f7:06:28:70:24:
         18:63:b6:6a:6e:eb:22:b3:9f:6d:38:34:b2:22:c1:80:ee:bb:
         d0:e3:7f:b8:c9:dc:20:35:01:fa:d3:72:3c:ed:06:d9:20:52:
         8e:02:1c:78:84:bb:df:0d:78:e6:24:c5:56:fa:8b:cd:9d:da:
         b4:79:1e:ce:89:1c:09:28:54:17:41:14:3e:3f:89:ef:53:43:
         7e:39:02:f9:63:0d:83:9f:97:d8:82:8a:3b:c4:44:a0:c0:8c:
         5a:23:02:31:68:57:6d:c6:4c:b3:e5:4f:7c:6e:1b:bb:db:8d:
         d1:3f:60:7f:5c:cf:90:bf:0c:24:f5:1d:2b:48:ce:ae:2d:71:
         27:c6:0b:5b:be:b5:cb:55:d7:0f:88:6b:ad:26:45:7b:83:c1:
         97:c1:01:45:24:89:33:f5:65:d1:df:37:5d:e9:e3:ac:4b:3b:
         8e:b6:bc:dd:e2:21:64:c6:ce:5e:4c:3d:7b:10:90:ee:0e:3c:
         af:b1:61:6c:b9:9e:8a:12:4e:8e:d0:0f:fc:39:04:29:eb:12:
         fb:9b:1d:a3:1b:ab:c5:64:f1:a4:8d:7b:1e:27:c8:ca:99:ab:
         5c:f4:ba:b7:a7:a6:06:99:3f:b3:d4:31:51:e0:49:35:c4:b5:
         cb:8a:5d:9d
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAZQj10ElmxhscgkYn1x2Md1DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMjE0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2Y2YjM2ODY3MjM4YWE3MThiZTE3ZTZlNzNjZTQwYTk4OTU3OGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEMqBG4dnpCcUdobfVAfsF7ji+lF
QVM6PBvyMaUijnryJtSspIk6jeGFHX+EQg1hzGY++f2UdG8DLQ87NgDnPUTdzIID
i0zEuP7MIMT9BQASH7/J3se9pLdNITKhDgX/Rafjw7AyYczOPGFNp7kzCnkJaGpU
BcZNTV/P6VDb36ih5Ub3U/JySGe7waOHdqUsNG/QMV9ag7HQmHns93KOBWhgGLq7
VExIkY+9OurN6/HENJxyWBmclBTaA273FLbUKzvxmyBD/gNqd5uASMB7Zl5xIqCy
HihOmIlqoeUpx8WPzQZWB3wv8Q1+UKFohHxgVWLpQ9PqA4SFnPeJelcdFQIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFFP2s2hnI4qnGL4X5uc85AqYlXigMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2FjLzA5MWUx
MS1lZTBjLTQ5ZWMtOTVkNy02ZGJhZDMxZGJjNDEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWMvMDkxZTEx
LWVlMGMtNDllYy05NWQ3LTZkYmFkMzFkYmM0MS8xL1VfYXphR2NqaXFjWXZoZm01
enprQ3BpVmVLQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwieMMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
Anl6MA0GCSqGSIb3DQEBCwUAA4IBAQAgp+xlrdUX264F9m949wYocCQYY7Zqbusi
s59tODSyIsGA7rvQ43+4ydwgNQH603I87QbZIFKOAhx4hLvfDXjmJMVW+ovNndq0
eR7OiRwJKFQXQRQ+P4nvU0N+OQL5Yw2Dn5fYgoo7xESgwIxaIwIxaFdtxkyz5U98
bhu7243RP2B/XM+Qvwwk9R0rSM6uLXEnxgtbvrXLVdcPiGutJkV7g8GXwQFFJIkz
9WXR3zdd6eOsSzuOtrzd4iFkxs5eTD17EJDuDjyvsWFsuZ6KEk6O0A/8OQQp6xL7
mx2jG6vFZPGkjXseJ8jKmatc9Lq3p6YGmT+z1DFR4Ek1xLXLil2d
-----END CERTIFICATE-----