Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/WfJHDAOg8LrQCEaw9nx6Iy1Vcog.cer
File:                     WfJHDAOg8LrQCEaw9nx6Iy1Vcog.cer (raw, json)
Hash identifier:          6j2EnEBmP9vVgWtpV7gtlVt+wb3kfVoo66bpyA3KAiU=
Subject key identifier:   59:F2:47:0C:03:A0:F0:BA:D0:08:46:B0:F6:7C:7A:23:2D:55:72:88
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019422FBF75A52232776F20169D4862385FF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/41/cec6d6-6d34-4107-b672-92bef34e77aa/1/WfJHDAOg8LrQCEaw9nx6Iy1Vcog.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/41/cec6d6-6d34-4107-b672-92bef34e77aa/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 17:48:45 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 211595
                          IP: 2001:678:f10::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:f7:5a:52:23:27:76:f2:01:69:d4:86:23:85:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 17:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=59f2470c03a0f0bad00846b0f67c7a232d557288
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:2e:d7:31:5e:c3:5d:f2:5f:7b:5a:29:96:c3:
                    d9:14:4a:33:b4:ac:2f:48:00:31:7a:f1:a0:3b:e4:
                    5b:4a:50:3f:6d:c5:3d:4f:83:66:6d:e6:8d:39:33:
                    d0:a6:8a:c7:a6:f6:6e:91:3b:45:45:3b:14:30:26:
                    cd:af:93:1e:92:c0:25:79:c1:f3:47:a4:dc:99:be:
                    01:69:47:18:63:a5:4a:f0:44:29:81:d7:d0:e0:b6:
                    7c:98:4c:ec:94:00:11:92:93:67:c2:93:0f:24:ec:
                    67:cc:0d:db:08:03:0f:dc:05:7f:d4:0e:bc:34:eb:
                    76:6e:15:b7:c1:eb:75:aa:c5:47:1a:94:37:10:8d:
                    41:8c:45:4a:84:1f:86:c9:5a:54:6b:de:a3:be:b8:
                    ed:c3:54:22:b6:f9:24:f6:a6:05:e4:40:06:d4:d2:
                    d6:c6:7c:f6:ae:97:23:cb:9e:83:f6:0f:c4:0b:23:
                    8d:93:85:67:bc:57:f4:81:d6:db:c8:54:31:b2:43:
                    87:f8:ab:80:75:a7:86:0f:a5:00:2d:63:aa:69:0e:
                    76:b8:29:f2:bf:39:d0:0e:41:4d:25:c5:cf:a7:19:
                    38:52:eb:47:60:8c:8d:a7:6e:58:b3:88:a4:d1:19:
                    a7:6c:12:7d:c9:f4:dd:09:07:98:67:0f:e4:a3:cb:
                    87:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:F2:47:0C:03:A0:F0:BA:D0:08:46:B0:F6:7C:7A:23:2D:55:72:88
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/cec6d6-6d34-4107-b672-92bef34e77aa/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/cec6d6-6d34-4107-b672-92bef34e77aa/1/WfJHDAOg8LrQCEaw9nx6Iy1Vcog.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:f10::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  211595

    Signature Algorithm: sha256WithRSAEncryption
         35:67:7a:82:1e:08:d5:d7:47:33:56:c4:e8:38:07:b8:69:db:
         66:ee:d4:b5:9e:fd:00:8e:b5:27:90:94:0d:ee:60:70:ce:5e:
         39:de:59:55:45:1a:13:a6:7b:ed:c7:05:9e:b5:39:2e:43:9e:
         1e:bc:19:ec:06:3e:3d:af:6e:ba:ce:f7:91:15:d3:b0:f7:f3:
         fd:5a:b1:53:b4:5e:88:e5:a0:65:fa:8e:2d:f0:92:87:90:32:
         1d:1b:04:ad:6b:a0:94:55:16:20:d8:d4:f3:df:bd:08:40:91:
         66:a5:77:f2:e0:67:e1:95:f9:a5:b7:fe:8b:08:e9:8f:9a:5d:
         8c:dc:72:bf:e8:d1:5f:86:0d:18:ff:fa:f9:32:61:95:69:86:
         de:f8:98:41:7c:05:b2:32:c5:21:02:70:5f:23:9b:ce:eb:b2:
         85:17:9b:96:52:11:b4:cf:c8:d0:7b:19:05:f7:27:bd:5f:b2:
         61:7e:69:fa:2d:87:7b:a4:71:ad:b6:5d:3f:ef:48:fb:d2:33:
         72:6b:de:06:c4:8f:f1:ba:aa:2a:05:6f:0e:32:7c:c8:92:cf:
         eb:00:46:c2:d9:37:8b:88:99:14:d8:08:32:90:4c:2f:cb:6a:
         ac:21:62:72:9a:d3:26:ef:d4:69:50:c4:ec:64:95:73:1d:c7:
         13:73:89:02
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZQi+/daUiMndvIBadSGI4X/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTc0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWYyNDcwYzAzYTBmMGJhZDAwODQ2YjBmNjdjN2EyMzJkNTU3Mjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwC7XMV7DXfJfe1oplsPZFEoztKwv
SAAxevGgO+RbSlA/bcU9T4NmbeaNOTPQporHpvZukTtFRTsUMCbNr5MeksAlecHz
R6Tcmb4BaUcYY6VK8EQpgdfQ4LZ8mEzslAARkpNnwpMPJOxnzA3bCAMP3AV/1A68
NOt2bhW3wet1qsVHGpQ3EI1BjEVKhB+GyVpUa96jvrjtw1Qitvkk9qYF5EAG1NLW
xnz2rpcjy56D9g/ECyONk4VnvFf0gdbbyFQxskOH+KuAdaeGD6UALWOqaQ52uCny
vznQDkFNJcXPpxk4UutHYIyNp25Ys4ik0RmnbBJ9yfTdCQeYZw/ko8uHpQIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFFnyRwwDoPC60AhGsPZ8eiMtVXKIMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQxL2NlYzZk
Ni02ZDM0LTQxMDctYjY3Mi05MmJlZjM0ZTc3YWEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDEvY2VjNmQ2
LTZkMzQtNDEwNy1iNjcyLTkyYmVmMzRlNzdhYS8xL1dmSkhEQU9nOExyUUNFYXc5
bng2SXkxVmNvZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA8QMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwM6izANBgkqhkiG9w0BAQsFAAOCAQEANWd6gh4I1ddHM1bE6DgHuGnbZu7U
tZ79AI61J5CUDe5gcM5eOd5ZVUUaE6Z77ccFnrU5LkOeHrwZ7AY+Pa9uus73kRXT
sPfz/VqxU7ReiOWgZfqOLfCSh5AyHRsErWuglFUWINjU89+9CECRZqV38uBn4ZX5
pbf+iwjpj5pdjNxyv+jRX4YNGP/6+TJhlWmG3viYQXwFsjLFIQJwXyObzuuyhReb
llIRtM/I0HsZBfcnvV+yYX5p+i2He6RxrbZdP+9I+9IzcmveBsSP8bqqKgVvDjJ8
yJLP6wBGwtk3i4iZFNgIMpBML8tqrCFicprTJu/UaVDE7GSVcx3HE3OJAg==
-----END CERTIFICATE-----