Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/XEBFShsXZ5XwIVdTR3lL2fBEJ6w.cer
File:                     XEBFShsXZ5XwIVdTR3lL2fBEJ6w.cer (raw, json)
Hash identifier:          vNhBPqXTN446gk1yflT7G49ZoF8fj44qT4GsY2xBe1k=
Subject key identifier:   5C:40:45:4A:1B:17:67:95:F0:21:57:53:47:79:4B:D9:F0:44:27:AC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194228E4391E28700F8747136343EE62768
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/XEBFShsXZ5XwIVdTR3lL2fBEJ6w.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 15:48:56 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 214740
                          IP: 2001:67c:ebc::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Mar 2025 12:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:43:91:e2:87:00:f8:74:71:36:34:3e:e6:27:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 15:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c40454a1b176795f021575347794bd9f04427ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:54:30:c1:56:b6:b4:e3:84:ce:0b:e0:9d:f2:
                    ff:5b:8d:81:1e:67:fe:5d:9d:20:f0:22:f6:e2:e2:
                    5a:e4:c9:55:e5:32:e3:de:2f:9e:6e:aa:bd:23:54:
                    dc:7b:fc:ef:fb:36:e0:4c:33:a8:a9:6d:91:f9:33:
                    f2:27:1e:60:11:26:23:fa:b6:a1:a7:f4:4a:06:60:
                    1f:b9:93:9f:7a:c0:45:cf:a1:7e:92:31:fa:e3:f2:
                    28:79:00:f3:73:7a:b7:8e:73:6e:91:c2:67:89:8a:
                    48:38:64:dd:a2:6b:20:36:13:c9:5f:f8:e3:d8:63:
                    4f:0e:52:02:4d:b7:7d:a8:ca:86:01:bf:57:81:f1:
                    8e:3e:0d:f7:80:12:aa:97:05:60:37:40:ff:a1:04:
                    aa:95:91:af:5f:15:f6:92:33:d4:7a:bb:38:cd:d5:
                    fa:20:ad:71:ff:b5:30:af:f6:71:aa:e3:35:1d:89:
                    55:50:e3:d6:c2:00:40:df:b6:60:26:61:b0:76:18:
                    83:14:24:0f:e6:ea:3b:bf:59:94:e6:58:e5:1d:a9:
                    6e:d5:a4:7c:fc:17:e8:14:c7:dc:31:96:e0:f4:90:
                    74:43:37:ba:de:3e:c0:97:34:f3:1a:ea:0a:6a:1f:
                    db:9c:32:07:bf:2b:06:fb:71:b3:91:64:c2:8a:29:
                    e7:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:40:45:4A:1B:17:67:95:F0:21:57:53:47:79:4B:D9:F0:44:27:AC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/3c367a-1f9b-4c92-8978-ca0448e7f3a3/1/XEBFShsXZ5XwIVdTR3lL2fBEJ6w.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:ebc::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214740

    Signature Algorithm: sha256WithRSAEncryption
         0c:d4:5f:5c:ca:5b:67:45:e8:78:fd:44:83:e0:58:44:d5:8c:
         f3:91:ba:7d:d9:05:94:e6:27:5a:e9:f1:25:d4:fb:1b:b6:fa:
         d9:3c:3f:4b:2f:74:b6:86:87:08:dc:66:6b:8f:d7:46:d1:64:
         a6:4d:31:87:c9:2e:91:6d:b9:9d:b1:f4:43:76:90:42:ce:22:
         5e:99:b8:cd:7d:5b:16:87:92:f3:3c:be:f8:45:2e:d8:bd:a3:
         2e:b4:b3:56:ac:2f:6c:0a:d8:7c:0a:52:87:77:23:08:96:a4:
         92:16:9e:79:7d:43:ad:b8:d8:6d:4c:8a:d0:9f:1c:46:8a:8c:
         68:aa:05:b1:13:a3:80:37:b0:f0:5c:34:b4:90:23:0e:be:e1:
         0e:49:5e:40:83:da:29:40:23:f1:1a:e4:d8:29:c5:7a:9a:10:
         ea:8a:f3:b7:09:ec:2e:0d:16:16:30:1f:c1:9d:52:10:57:ba:
         fb:3b:86:97:39:f6:49:ec:f9:83:7b:c6:23:c2:9f:bc:d6:d4:
         5a:cf:7b:b2:df:a4:8e:e0:c6:53:0a:df:c9:eb:91:6b:2a:67:
         36:d4:05:e3:33:27:fb:07:03:de:34:c8:b8:00:a2:da:db:21:
         3b:16:da:53:a6:dc:ba:ac:32:82:61:2b:14:2b:55:0f:19:30:
         4e:7b:0d:4c
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZQijkOR4ocA+HRxNjQ+5idoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTU0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzQwNDU0YTFiMTc2Nzk1ZjAyMTU3NTM0Nzc5NGJkOWYwNDQyN2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFQwwVa2tOOEzgvgnfL/W42BHmf+
XZ0g8CL24uJa5MlV5TLj3i+ebqq9I1Tce/zv+zbgTDOoqW2R+TPyJx5gESYj+rah
p/RKBmAfuZOfesBFz6F+kjH64/IoeQDzc3q3jnNukcJniYpIOGTdomsgNhPJX/jj
2GNPDlICTbd9qMqGAb9XgfGOPg33gBKqlwVgN0D/oQSqlZGvXxX2kjPUers4zdX6
IK1x/7Uwr/ZxquM1HYlVUOPWwgBA37ZgJmGwdhiDFCQP5uo7v1mU5ljlHalu1aR8
/BfoFMfcMZbg9JB0Qze63j7AlzTzGuoKah/bnDIHvysG+3GzkWTCiinnrQIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFFxARUobF2eV8CFXU0d5S9nwRCesMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdjLzNjMzY3
YS0xZjliLTRjOTItODk3OC1jYTA0NDhlN2YzYTMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2MvM2MzNjdh
LTFmOWItNGM5Mi04OTc4LWNhMDQ0OGU3ZjNhMy8xL1hFQkZTaHNYWjVYd0lWZFRS
M2xMMmZCRUo2dy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA68MBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwNG1DANBgkqhkiG9w0BAQsFAAOCAQEADNRfXMpbZ0XoeP1Eg+BYRNWM85G6
fdkFlOYnWunxJdT7G7b62Tw/Sy90toaHCNxma4/XRtFkpk0xh8kukW25nbH0Q3aQ
Qs4iXpm4zX1bFoeS8zy++EUu2L2jLrSzVqwvbArYfApSh3cjCJakkhaeeX1DrbjY
bUyK0J8cRoqMaKoFsROjgDew8Fw0tJAjDr7hDkleQIPaKUAj8Rrk2CnFepoQ6orz
twnsLg0WFjAfwZ1SEFe6+zuGlzn2Sez5g3vGI8KfvNbUWs97st+kjuDGUwrfyeuR
aypnNtQF4zMn+wcD3jTIuACi2tshOxbaU6bcuqwygmErFCtVDxkwTnsNTA==
-----END CERTIFICATE-----