Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/UxUwA3N9ePci25oo4iBD412Nhx4.cer
File:                     UxUwA3N9ePci25oo4iBD412Nhx4.cer (raw, json)
Hash identifier:          CIPaJFQJlvFNFDOfAQycvSXz9O1mJAJzPo7hu4uTNEA=
Subject key identifier:   53:15:30:03:73:7D:78:F7:22:DB:9A:28:E2:20:43:E3:5D:8D:87:1E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194258F72A4CC5446B6A8D03FE9B0023040
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fe/8f7148-236d-4088-89e6-665995c62838/1/UxUwA3N9ePci25oo4iBD412Nhx4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fe/8f7148-236d-4088-89e6-665995c62838/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 05:49:05 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 134.21.0.0/16
                          IP: 192.47.244.0 -- 192.47.249.255
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 09:37:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:72:a4:cc:54:46:b6:a8:d0:3f:e9:b0:02:30:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 05:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53153003737d78f722db9a28e22043e35d8d871e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c4:b6:5d:7e:bf:4f:c6:91:52:70:ca:4a:cb:
                    93:2d:28:ad:80:33:a8:60:ef:17:df:58:d2:8f:db:
                    fe:0e:f3:2a:65:a7:ab:2c:53:20:dc:ab:5a:5f:85:
                    49:8d:ce:20:f1:ca:06:25:5d:14:a6:ce:7d:4a:f6:
                    d9:2a:9f:9e:10:5d:c7:82:22:6d:de:bd:b8:4d:bf:
                    81:85:82:a3:0d:ff:a5:51:90:90:b8:e4:db:0f:34:
                    70:7c:dd:76:e5:87:dd:80:0c:1e:63:ff:3e:8e:5b:
                    76:5c:8e:51:6c:1a:cb:fc:6d:d9:be:63:8e:eb:47:
                    11:f6:21:61:1c:66:19:82:a7:2e:06:5d:4c:ef:5f:
                    b9:bb:6e:3c:46:6b:15:cc:81:63:06:e7:ee:8d:a2:
                    ba:cf:83:b1:f3:ea:51:da:df:64:7b:68:07:5d:df:
                    1d:2c:6c:1c:6c:43:21:12:4a:b0:2d:ed:38:b1:68:
                    df:15:73:62:bc:69:4e:a9:fe:9f:a9:89:08:93:04:
                    fc:81:f6:37:e8:1c:a1:8c:8d:43:82:15:b1:c1:04:
                    e0:eb:02:40:50:8a:1a:ef:7b:9f:cb:41:25:d2:25:
                    1f:4e:9c:47:6e:f8:d9:e0:f5:5e:f8:c6:44:fb:2c:
                    1b:9f:fd:c0:7b:14:8c:f1:1f:80:95:9e:ce:6d:d9:
                    30:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:15:30:03:73:7D:78:F7:22:DB:9A:28:E2:20:43:E3:5D:8D:87:1E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/8f7148-236d-4088-89e6-665995c62838/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/8f7148-236d-4088-89e6-665995c62838/1/UxUwA3N9ePci25oo4iBD412Nhx4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.21.0.0/16
                  192.47.244.0-192.47.249.255

    Signature Algorithm: sha256WithRSAEncryption
         76:65:c1:2e:e8:22:8f:5f:61:3a:d8:6c:c0:78:17:d2:a3:3c:
         9a:f5:34:ca:58:00:06:1b:74:a3:96:dc:53:59:38:f2:6e:dd:
         7c:89:d9:db:9e:83:3a:b4:4f:0a:7e:40:06:83:8b:45:b4:b3:
         2d:ca:28:84:37:29:ba:34:17:88:97:7b:b3:1d:d5:35:d3:f0:
         16:6b:99:64:2d:78:dc:a5:d4:fc:1c:30:9e:de:80:df:b6:ae:
         c6:77:90:9c:cb:03:52:b0:59:1e:4f:c7:42:c8:ef:24:a4:63:
         48:06:1e:8d:a4:48:33:d9:66:35:54:98:38:f6:19:ee:96:e8:
         a0:ce:52:fa:04:79:98:51:4d:9f:2e:1b:7b:96:2a:0c:66:a6:
         e1:0b:5c:d7:8b:71:71:33:f2:2a:19:b8:fa:2f:25:05:1e:a9:
         57:e7:42:fa:81:83:f0:12:e1:4f:37:6e:10:de:c6:ba:a0:48:
         3a:2c:49:02:2c:88:2d:6b:6d:f6:e4:ac:6e:ad:2d:0e:88:a6:
         11:3d:63:b1:95:dd:e0:2b:21:88:63:f4:01:4d:68:bb:15:25:
         59:1a:64:02:e8:e1:99:17:2a:80:e7:7f:a9:29:60:2c:20:c5:
         b6:65:68:a2:84:8c:7d:40:55:d1:44:3c:63:77:45:af:99:f7:
         f6:61:46:92
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgISAZQlj3KkzFRGtqjQP+mwAjBAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDU0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzE1MzAwMzczN2Q3OGY3MjJkYjlhMjhlMjIwNDNlMzVkOGQ4NzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsS2XX6/T8aRUnDKSsuTLSitgDOo
YO8X31jSj9v+DvMqZaerLFMg3KtaX4VJjc4g8coGJV0Ups59SvbZKp+eEF3HgiJt
3r24Tb+BhYKjDf+lUZCQuOTbDzRwfN125YfdgAweY/8+jlt2XI5RbBrL/G3ZvmOO
60cR9iFhHGYZgqcuBl1M71+5u248RmsVzIFjBufujaK6z4Ox8+pR2t9ke2gHXd8d
LGwcbEMhEkqwLe04sWjfFXNivGlOqf6fqYkIkwT8gfY36ByhjI1DghWxwQTg6wJA
UIoa73ufy0El0iUfTpxHbvjZ4PVe+MZE+ywbn/3AexSM8R+AlZ7Obdkw/QIDAQAB
o4ICkTCCAo0wHQYDVR0OBBYEFFMVMANzfXj3ItuaKOIgQ+NdjYceMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZlLzhmNzE0
OC0yMzZkLTQwODgtODllNi02NjU5OTVjNjI4MzgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmUvOGY3MTQ4
LTIzNmQtNDA4OC04OWU2LTY2NTk5NWM2MjgzOC8xL1V4VXdBM045ZVBjaTI1b280
aUJENDEyTmh4NC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCwGCCsGAQUF
BwEHAQH/BB0wGzAZBAIAATATAwMAhhUwDAMEAsAv9AMEAcAv+DANBgkqhkiG9w0B
AQsFAAOCAQEAdmXBLugij19hOthswHgX0qM8mvU0ylgABht0o5bcU1k48m7dfInZ
256DOrRPCn5ABoOLRbSzLcoohDcpujQXiJd7sx3VNdPwFmuZZC143KXU/Bwwnt6A
37auxneQnMsDUrBZHk/HQsjvJKRjSAYejaRIM9lmNVSYOPYZ7pbooM5S+gR5mFFN
ny4be5YqDGam4Qtc14txcTPyKhm4+i8lBR6pV+dC+oGD8BLhTzduEN7GuqBIOixJ
AiyILWtt9uSsbq0tDoimET1jsZXd4CshiGP0AU1ouxUlWRpkAujhmRcqgOd/qSlg
LCDFtmVoooSMfUBV0UQ8Y3dFr5n39mFGkg==
-----END CERTIFICATE-----