Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/XTbQLD5qwUds6mipqNgzJw0svz4.cer
File:                     XTbQLD5qwUds6mipqNgzJw0svz4.cer (raw, json)
Hash identifier:          WofU4/CqAFSOLMqAmV4lbEV5G08b5OyHe4932ritSCM=
Subject key identifier:   5D:36:D0:2C:3E:6A:C1:47:6C:EA:68:A9:A8:D8:33:27:0D:2C:BF:3E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019423699822C8F561FF38B93DB6CD9B645A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c6/4a89cb-12e9-4ddd-a02f-9166657c7d9f/1/XTbQLD5qwUds6mipqNgzJw0svz4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c6/4a89cb-12e9-4ddd-a02f-9166657c7d9f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 19:48:30 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 42618
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:98:22:c8:f5:61:ff:38:b9:3d:b6:cd:9b:64:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 19:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d36d02c3e6ac1476cea68a9a8d833270d2cbf3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b8:c6:0e:79:34:d4:a3:a5:62:09:ac:07:2d:
                    68:78:ac:2e:9b:17:c1:b7:ab:4e:87:56:f8:c9:a1:
                    58:06:9a:44:c2:a3:02:12:b5:34:a9:d9:66:1d:ee:
                    3d:95:3d:70:ed:86:c9:e5:61:29:cf:68:7a:fb:f1:
                    7c:fb:e4:d6:78:0d:26:eb:59:3a:42:33:df:f3:0a:
                    49:84:43:c2:78:82:50:3c:00:79:83:95:b9:df:aa:
                    07:25:4a:40:0c:65:b9:36:e2:c4:7f:04:e4:b4:03:
                    8b:55:c6:6c:ac:61:96:d6:b6:f0:32:18:35:bc:49:
                    b0:69:fe:6e:36:5b:b6:65:6c:f0:8c:5f:5c:d8:af:
                    36:45:db:6a:29:3c:a6:d7:4b:33:e6:d3:8b:b7:b9:
                    50:18:32:c6:b6:5e:3d:cc:1a:56:83:8c:5f:55:48:
                    cd:15:18:f2:35:18:06:d7:34:1b:b5:9d:56:29:c2:
                    45:c8:f0:16:7e:3c:fa:2e:69:f0:31:a3:89:81:96:
                    d4:ca:be:df:de:1f:68:e1:3f:8e:37:11:52:fa:5a:
                    72:3b:10:6e:5e:6b:bd:e6:7b:94:f9:66:a8:67:25:
                    02:8c:66:f9:91:8b:0f:7d:07:56:57:70:33:e2:0e:
                    23:35:5c:55:7c:38:5b:35:fe:8c:d7:84:6c:ff:d3:
                    cc:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:36:D0:2C:3E:6A:C1:47:6C:EA:68:A9:A8:D8:33:27:0D:2C:BF:3E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/4a89cb-12e9-4ddd-a02f-9166657c7d9f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/4a89cb-12e9-4ddd-a02f-9166657c7d9f/1/XTbQLD5qwUds6mipqNgzJw0svz4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  42618

    Signature Algorithm: sha256WithRSAEncryption
         66:93:be:28:cf:56:e3:53:41:e0:33:24:13:ac:43:b1:1b:19:
         18:25:ee:67:bd:aa:79:48:61:28:d1:f7:28:7b:66:cc:3a:03:
         ed:9c:ca:c6:4b:58:eb:a4:63:e3:ec:f4:e4:8c:d4:4b:60:1d:
         e6:c5:b9:5a:e1:d0:39:d8:07:31:28:d7:70:72:e6:ba:5e:e9:
         c9:60:f7:c4:4e:01:eb:31:94:5a:92:6f:fd:f8:b9:ec:b5:70:
         d9:e3:74:b6:4d:bb:c8:9b:b9:69:dd:1e:e2:9b:ca:72:19:f3:
         12:5f:90:58:8e:95:e2:43:7f:0e:bc:a6:08:f7:44:46:e6:cc:
         cb:fd:ce:17:5a:48:51:3c:97:7d:dd:ad:0a:2d:dc:3f:25:41:
         e2:8f:1b:87:a7:3d:88:0e:3f:a3:9f:29:cc:df:39:81:26:7c:
         06:6f:ba:63:3b:d8:72:fa:53:eb:e2:8d:50:7a:05:b4:09:41:
         6d:d1:19:2c:6f:2d:af:02:f1:cf:0f:8a:03:06:f7:7b:d1:3b:
         d7:fd:92:4d:36:f7:52:d1:3a:eb:fa:83:0b:a3:aa:12:27:5c:
         86:c7:b4:b9:32:d8:5a:a4:8d:19:b3:f6:36:85:e9:0c:69:75:
         43:2a:bf:fc:56:c3:10:b3:28:e3:6c:a8:33:df:e5:7f:6d:a3:
         c3:2e:08:65
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQjaZgiyPVh/zi5PbbNm2RaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTk0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDM2ZDAyYzNlNmFjMTQ3NmNlYTY4YTlhOGQ4MzMyNzBkMmNiZjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrjGDnk01KOlYgmsBy1oeKwumxfB
t6tOh1b4yaFYBppEwqMCErU0qdlmHe49lT1w7YbJ5WEpz2h6+/F8++TWeA0m61k6
QjPf8wpJhEPCeIJQPAB5g5W536oHJUpADGW5NuLEfwTktAOLVcZsrGGW1rbwMhg1
vEmwaf5uNlu2ZWzwjF9c2K82RdtqKTym10sz5tOLt7lQGDLGtl49zBpWg4xfVUjN
FRjyNRgG1zQbtZ1WKcJFyPAWfjz6LmnwMaOJgZbUyr7f3h9o4T+ONxFS+lpyOxBu
Xmu95nuU+WaoZyUCjGb5kYsPfQdWV3Az4g4jNVxVfDhbNf6M14Rs/9PM0wIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFF020Cw+asFHbOpoqajYMycNLL8+MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M2LzRhODlj
Yi0xMmU5LTRkZGQtYTAyZi05MTY2NjU3YzdkOWYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzYvNGE4OWNi
LTEyZTktNGRkZC1hMDJmLTkxNjY2NTdjN2Q5Zi8xL1hUYlFMRDVxd1VkczZtaXBx
Tmd6Sncwc3Z6NC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwCmejANBgkqhkiG9w0BAQsFAAOCAQEAZpO+KM9W41NB
4DMkE6xDsRsZGCXuZ72qeUhhKNH3KHtmzDoD7ZzKxktY66Rj4+z05IzUS2Ad5sW5
WuHQOdgHMSjXcHLmul7pyWD3xE4B6zGUWpJv/fi57LVw2eN0tk27yJu5ad0e4pvK
chnzEl+QWI6V4kN/DrymCPdERubMy/3OF1pIUTyXfd2tCi3cPyVB4o8bh6c9iA4/
o58pzN85gSZ8Bm+6YzvYcvpT6+KNUHoFtAlBbdEZLG8trwLxzw+KAwb3e9E71/2S
TTb3UtE66/qDC6OqEidchse0uTLYWqSNGbP2NoXpDGl1Qyq//FbDELMo42yoM9/l
f22jwy4IZQ==
-----END CERTIFICATE-----