Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/V1TRlSf9hdDURKyt1EoBZV_cdAA.cer
File:                     V1TRlSf9hdDURKyt1EoBZV_cdAA.cer (raw, json)
Hash identifier:          pMSrpPiiGvjqlasBoHpRiL8f6zNGjH4LYrHqdJAfqL4=
Subject key identifier:   57:54:D1:95:27:FD:85:D0:D4:44:AC:AD:D4:4A:01:65:5F:DC:74:00
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420D63EB7606D1CF3BE0CBABB1AEBA73C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/81/7c9fcc-8fce-44b7-b6bf-11776031415f/1/V1TRlSf9hdDURKyt1EoBZV_cdAA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/81/7c9fcc-8fce-44b7-b6bf-11776031415f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 07:48:19 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 62.109.192.0/18
                          IP: 2a00:a640::/32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:3e:b7:60:6d:1c:f3:be:0c:ba:bb:1a:eb:a7:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5754d19527fd85d0d444acadd44a01655fdc7400
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:ac:0b:fa:e6:64:06:b6:2e:79:be:ae:f2:b1:
                    f0:c3:b9:29:e3:72:9b:6d:cd:62:ad:42:f6:b6:19:
                    89:c7:e1:ef:24:4a:81:28:d7:6e:ce:ae:78:83:e9:
                    d4:ba:9d:c7:7c:0b:50:ca:7c:46:38:1d:93:f2:9b:
                    93:5d:05:03:8b:22:d4:78:8b:c7:c1:8c:d8:40:24:
                    33:f9:45:a7:82:8f:21:c8:b0:a4:e8:0a:0a:c3:82:
                    b4:3d:b0:52:a1:9a:37:fd:a4:bd:a8:37:1f:1e:a9:
                    43:11:7e:85:39:ec:3d:6b:03:6c:3a:60:ef:75:24:
                    cb:cb:2f:95:19:b2:22:c7:07:56:d1:4f:3c:06:dc:
                    36:2b:91:8d:1a:f9:1a:3f:c9:b4:43:9a:45:80:a8:
                    2c:18:dd:c8:74:82:9b:53:86:42:82:f7:fa:ed:61:
                    a3:84:97:b1:04:cc:fc:52:f0:d7:47:47:30:a1:1a:
                    f3:7f:fd:e8:75:37:80:37:68:09:2a:a2:70:6e:b5:
                    18:c2:84:0b:77:3f:4b:49:51:be:28:f9:64:5a:d0:
                    a4:20:d2:6f:4b:2e:19:a3:0f:75:d3:eb:0a:aa:b6:
                    ed:5c:79:77:3b:ae:ad:68:22:f4:70:0c:69:d3:b2:
                    be:41:e0:bf:89:d6:03:37:4b:01:ea:50:52:6f:1d:
                    19:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:54:D1:95:27:FD:85:D0:D4:44:AC:AD:D4:4A:01:65:5F:DC:74:00
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/7c9fcc-8fce-44b7-b6bf-11776031415f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/7c9fcc-8fce-44b7-b6bf-11776031415f/1/V1TRlSf9hdDURKyt1EoBZV_cdAA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.109.192.0/18
                IPv6:
                  2a00:a640::/32

    Signature Algorithm: sha256WithRSAEncryption
         96:7c:1a:6a:b8:e6:cc:13:fb:25:92:a6:e6:3f:d3:78:fe:70:
         7a:ab:96:65:9c:ba:b4:d6:3c:14:65:80:ea:21:99:de:ba:62:
         56:a9:0e:d7:43:9b:19:57:47:aa:01:cd:b4:9c:ac:26:1b:6b:
         76:36:1d:ca:3d:12:ec:eb:51:48:eb:20:ca:01:4e:07:df:9f:
         cd:cd:10:80:8b:0b:bd:ed:cb:15:1a:e5:ef:99:6a:2f:ff:1e:
         87:5c:6d:07:99:83:05:4f:59:80:41:e9:d7:1a:51:88:3c:6c:
         cf:16:f3:ed:13:b5:57:f0:cc:67:f5:78:81:1c:99:06:0e:c7:
         48:1d:11:59:64:20:58:f3:00:7a:71:be:f5:5c:e1:97:f4:d4:
         ba:dd:e0:94:ba:d4:78:4d:a8:00:8e:8a:fb:1e:fc:33:e0:c7:
         39:61:bc:f0:f9:8b:49:63:71:06:3c:ae:0d:da:dd:32:ea:43:
         c5:28:d2:5f:db:2a:56:bf:a1:ab:7b:14:23:1f:6f:4f:87:a7:
         47:a6:91:f5:89:61:28:84:f8:72:94:41:63:3e:b0:ba:67:5f:
         cf:e1:1e:4f:32:aa:b5:33:1e:5a:12:50:b3:4e:bc:20:d3:4d:
         5e:10:53:95:9a:d6:09:a7:12:24:33:96:08:29:b8:5f:db:63:
         4f:8c:5e:e9
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQg1j63YG0c874Mursa66c8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDc0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzU0ZDE5NTI3ZmQ4NWQwZDQ0NGFjYWRkNDRhMDE2NTVmZGM3NDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KwL+uZkBrYueb6u8rHww7kp43Kb
bc1irUL2thmJx+HvJEqBKNduzq54g+nUup3HfAtQynxGOB2T8puTXQUDiyLUeIvH
wYzYQCQz+UWngo8hyLCk6AoKw4K0PbBSoZo3/aS9qDcfHqlDEX6FOew9awNsOmDv
dSTLyy+VGbIixwdW0U88Btw2K5GNGvkaP8m0Q5pFgKgsGN3IdIKbU4ZCgvf67WGj
hJexBMz8UvDXR0cwoRrzf/3odTeAN2gJKqJwbrUYwoQLdz9LSVG+KPlkWtCkINJv
Sy4Zow910+sKqrbtXHl3O66taCL0cAxp07K+QeC/idYDN0sB6lBSbx0Z9QIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFFdU0ZUn/YXQ1ESsrdRKAWVf3HQAMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzgxLzdjOWZj
Yy04ZmNlLTQ0YjctYjZiZi0xMTc3NjAzMTQxNWYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODEvN2M5ZmNj
LThmY2UtNDRiNy1iNmJmLTExNzc2MDMxNDE1Zi8xL1YxVFJsU2Y5aGREVVJLeXQx
RW9CWlZfY2RBQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQGPm3AMA0EAgACMAcDBQAqAKZAMA0GCSqGSIb3
DQEBCwUAA4IBAQCWfBpquObME/slkqbmP9N4/nB6q5ZlnLq01jwUZYDqIZneumJW
qQ7XQ5sZV0eqAc20nKwmG2t2Nh3KPRLs61FI6yDKAU4H35/NzRCAiwu97csVGuXv
mWov/x6HXG0HmYMFT1mAQenXGlGIPGzPFvPtE7VX8Mxn9XiBHJkGDsdIHRFZZCBY
8wB6cb71XOGX9NS63eCUutR4TagAjor7Hvwz4Mc5Ybzw+YtJY3EGPK4N2t0y6kPF
KNJf2ypWv6GrexQjH29Ph6dHppH1iWEohPhylEFjPrC6Z1/P4R5PMqq1Mx5aElCz
Trwg001eEFOVmtYJpxIkM5YIKbhf22NPjF7p
-----END CERTIFICATE-----