Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/WKhqbHH7c0xwW15m50rBxWu5YF4.cer
File:                     WKhqbHH7c0xwW15m50rBxWu5YF4.cer (raw, json)
Hash identifier:          qgTAghVXzqTglrnuqbIwiWRqwshGf2c1AS2RV4d6iKE=
Subject key identifier:   58:A8:6A:6C:71:FB:73:4C:70:5B:5E:66:E7:4A:C1:C5:6B:B9:60:5E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942143D12E2699D01B55EAA854924DF259
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b1/9c4365-a98f-43fe-9950-a9b13c2800af/1/WKhqbHH7c0xwW15m50rBxWu5YF4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b1/9c4365-a98f-43fe-9950-a9b13c2800af/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 09:48:00 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 193.35.28.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:d1:2e:26:99:d0:1b:55:ea:a8:54:92:4d:f2:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 09:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58a86a6c71fb734c705b5e66e74ac1c56bb9605e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:59:59:6e:79:20:84:07:19:d2:d2:be:4c:28:
                    47:0c:81:41:df:e9:f0:9f:90:51:ff:a8:4b:f1:f2:
                    e9:06:67:d7:cd:ba:c5:9a:ec:a2:89:e6:8b:1e:08:
                    2a:9e:d9:67:77:71:79:fe:a0:eb:41:72:c4:45:ca:
                    06:d9:e4:c7:da:4c:74:8a:06:6c:a1:cd:d9:50:d7:
                    5e:25:03:42:78:d4:54:12:f7:b2:be:80:04:d5:00:
                    55:6a:1d:37:d0:27:24:63:46:91:25:8f:86:50:51:
                    3e:79:b7:d3:f1:00:fd:3f:30:7f:c0:c3:ed:9d:6b:
                    4b:c7:ad:11:c9:ad:0d:5d:e1:09:e6:cb:15:94:91:
                    09:36:9f:e5:8a:79:34:ec:99:60:d0:4a:f1:33:22:
                    53:8b:11:c8:bb:6c:c5:da:a7:c4:cf:2d:a2:a3:82:
                    e4:7d:91:91:ad:51:6c:bd:54:74:ec:0b:69:aa:af:
                    e2:e9:e7:78:e1:3d:4a:3b:ef:4a:bc:f2:b8:d5:2e:
                    36:02:82:c8:59:73:a5:a1:e0:a4:e6:1e:32:80:ab:
                    91:d1:71:59:56:f5:42:cd:f7:6a:c7:f8:d4:e7:78:
                    3d:82:cc:af:dd:09:f3:0b:a2:16:83:e1:1b:a6:81:
                    9d:c1:ff:07:94:f0:61:01:74:bb:47:7b:d9:27:5d:
                    9b:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:A8:6A:6C:71:FB:73:4C:70:5B:5E:66:E7:4A:C1:C5:6B:B9:60:5E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/9c4365-a98f-43fe-9950-a9b13c2800af/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/9c4365-a98f-43fe-9950-a9b13c2800af/1/WKhqbHH7c0xwW15m50rBxWu5YF4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6f:cf:2b:63:ae:ec:a3:e6:b4:a4:f1:34:aa:b1:b9:13:39:a1:
         e9:ca:75:52:dd:06:cf:83:4c:2a:e8:69:62:bc:ce:30:cf:3b:
         df:84:7c:e7:1d:5b:5f:f0:13:c7:58:db:f4:6c:3e:89:c2:83:
         92:de:31:f1:6f:9d:76:04:aa:be:6c:0c:1e:c1:1f:82:0b:41:
         7e:1e:de:c0:10:23:8f:fd:b3:af:20:2d:50:c1:9b:b3:87:ed:
         b8:52:9c:37:e1:44:a1:0b:a6:be:87:ee:24:6e:88:ee:42:91:
         bb:db:88:4a:c2:5a:5d:f8:fb:cb:a4:6a:42:bb:01:47:b8:c0:
         20:c6:5a:e0:50:49:c6:7a:d7:48:53:85:69:fa:a9:1e:b1:d5:
         b3:28:44:ba:73:bc:62:f5:fa:09:04:45:0b:1a:96:b0:56:c4:
         83:eb:b7:35:74:fb:43:c4:71:de:ee:cb:d6:b7:7f:95:cc:24:
         36:35:b1:53:c9:4d:c2:a6:9f:61:67:bb:76:11:55:23:73:1d:
         34:16:dd:d5:90:2f:45:30:47:a1:7a:8a:33:31:c5:8c:05:6b:
         15:20:3a:78:9e:92:6c:79:c6:f5:b9:8f:04:af:35:e4:34:25:
         ee:87:ee:68:07:d3:95:1a:ce:ca:84:9b:fe:52:95:1d:eb:62:
         0a:60:78:49
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQhQ9EuJpnQG1XqqFSSTfJZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDk0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGE4NmE2YzcxZmI3MzRjNzA1YjVlNjZlNzRhYzFjNTZiYjk2MDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3VlZbnkghAcZ0tK+TChHDIFB3+nw
n5BR/6hL8fLpBmfXzbrFmuyiieaLHggqntlnd3F5/qDrQXLERcoG2eTH2kx0igZs
oc3ZUNdeJQNCeNRUEveyvoAE1QBVah030CckY0aRJY+GUFE+ebfT8QD9PzB/wMPt
nWtLx60Rya0NXeEJ5ssVlJEJNp/link07Jlg0ErxMyJTixHIu2zF2qfEzy2io4Lk
fZGRrVFsvVR07Atpqq/i6ed44T1KO+9KvPK41S42AoLIWXOloeCk5h4ygKuR0XFZ
VvVCzfdqx/jU53g9gsyv3QnzC6IWg+EbpoGdwf8HlPBhAXS7R3vZJ12bxQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFFioamxx+3NMcFteZudKwcVruWBeMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2IxLzljNDM2
NS1hOThmLTQzZmUtOTk1MC1hOWIxM2MyODAwYWYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEvOWM0MzY1
LWE5OGYtNDNmZS05OTUwLWE5YjEzYzI4MDBhZi8xL1dLaHFiSEg3YzB4d1cxNW01
MHJCeFd1NVlGNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwSMcMA0GCSqGSIb3DQEBCwUAA4IBAQBvzytj
ruyj5rSk8TSqsbkTOaHpynVS3QbPg0wq6GlivM4wzzvfhHznHVtf8BPHWNv0bD6J
woOS3jHxb512BKq+bAwewR+CC0F+Ht7AECOP/bOvIC1QwZuzh+24Upw34UShC6a+
h+4kbojuQpG724hKwlpd+PvLpGpCuwFHuMAgxlrgUEnGetdIU4Vp+qkesdWzKES6
c7xi9foJBEULGpawVsSD67c1dPtDxHHe7svWt3+VzCQ2NbFTyU3Cpp9hZ7t2EVUj
cx00Ft3VkC9FMEeheoozMcWMBWsVIDp4npJsecb1uY8ErzXkNCXuh+5oB9OVGs7K
hJv+UpUd62IKYHhJ
-----END CERTIFICATE-----