Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/XfnoVvBJXISQ1RJOjPuvCNcN-xc.cer
File:                     XfnoVvBJXISQ1RJOjPuvCNcN-xc.cer (raw, json)
Hash identifier:          W6RMp96RJAhejw5HIMSdCM/INpNZstdlILPZ/i2ueso=
Subject key identifier:   5D:F9:E8:56:F0:49:5C:84:90:D5:12:4E:8C:FB:AF:08:D7:0D:FB:17
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194B1BBBBFDAF808CDB363BE9D498169DE5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/95/13dc38-2e75-4b07-bef0-e1ea453c5257/1/XfnoVvBJXISQ1RJOjPuvCNcN-xc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/95/13dc38-2e75-4b07-bef0-e1ea453c5257/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 29 Jan 2025 11:04:18 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.228.59.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b1:bb:bb:fd:af:80:8c:db:36:3b:e9:d4:98:16:9d:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 29 11:04:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5df9e856f0495c8490d5124e8cfbaf08d70dfb17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:a4:ea:d4:c9:20:ae:d0:65:73:65:fa:b6:bb:
                    f1:41:13:f8:db:6d:06:bf:99:32:fd:f3:65:6a:99:
                    97:94:40:96:9a:a9:50:d2:ae:f4:e3:13:21:67:f5:
                    d1:c2:19:31:40:b1:dc:ef:36:f7:7b:4c:86:7d:98:
                    93:15:ef:cb:6a:44:ed:87:1d:fe:8d:a1:73:46:ba:
                    32:40:5a:f4:9b:50:94:07:58:a0:17:33:99:21:80:
                    e8:66:58:54:4f:86:d8:d8:ec:78:d0:2d:cf:ee:0d:
                    6e:04:cf:30:47:f5:fc:fc:a5:e5:ad:e8:bb:a1:9f:
                    85:a1:89:86:c8:b5:36:b0:49:72:e6:5d:0e:7d:cc:
                    4d:6b:ef:8d:31:07:80:94:12:e3:74:4a:41:54:50:
                    12:00:52:4e:f6:6f:2a:be:c1:02:de:14:de:27:c8:
                    87:a1:bb:a3:ff:55:2a:a3:9e:3f:3c:fd:e4:81:cb:
                    1a:7a:ea:f3:60:d7:fb:19:b0:46:75:dc:b9:1d:0b:
                    84:6d:ed:8a:73:9e:f1:5f:06:9c:e0:96:9e:cc:85:
                    c9:08:b0:58:db:6c:d7:c4:d2:aa:a8:3b:b1:7b:5c:
                    65:87:9f:2a:ad:82:25:29:d7:84:ef:5c:96:c8:1f:
                    5c:d1:2f:b7:d8:1c:92:4e:dd:01:a1:f8:f2:14:bc:
                    5d:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:F9:E8:56:F0:49:5C:84:90:D5:12:4E:8C:FB:AF:08:D7:0D:FB:17
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/13dc38-2e75-4b07-bef0-e1ea453c5257/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/13dc38-2e75-4b07-bef0-e1ea453c5257/1/XfnoVvBJXISQ1RJOjPuvCNcN-xc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:44:05:c1:cc:93:91:0f:5d:14:b4:da:6b:da:28:70:46:9b:
         ea:ed:ef:56:d4:4a:87:68:8a:8e:e4:72:13:68:2b:5e:c4:1c:
         ea:20:9d:8e:3d:d5:da:db:ea:a9:51:1b:41:6c:de:84:a6:1e:
         36:9a:3b:24:06:34:f6:82:e3:61:5f:b4:7b:0d:c6:ed:b9:af:
         8b:a2:02:b3:01:c8:4d:e5:12:80:98:c2:27:2e:4a:d3:20:06:
         1c:32:a7:f2:0e:a8:cf:d8:be:dd:63:1f:15:08:dc:fb:f5:f7:
         6e:b9:fa:ed:45:dc:02:18:0a:08:4c:04:3f:ef:df:e2:72:92:
         79:f9:aa:34:70:89:8e:b2:74:d4:1b:9a:e9:d4:f0:b0:76:46:
         5e:1d:f5:33:50:bd:66:55:77:bf:7a:5a:73:7c:7b:66:a5:9e:
         69:5e:27:c9:9c:f2:ba:b9:61:69:e4:33:95:c3:a3:a7:a9:ec:
         7c:80:ec:5d:5c:84:25:36:7e:90:35:1b:7e:db:7d:1c:1d:cf:
         32:88:41:d4:5b:85:cc:a5:a3:c9:3b:4d:ff:31:cb:76:82:1e:
         44:03:de:5f:b2:37:37:cc:85:51:59:6d:e8:0e:9e:d8:73:e5:
         9e:1e:78:f7:f2:fd:87:27:b3:f9:f9:d7:ac:3f:92:68:d3:35:
         c7:4a:44:80
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZSxu7v9r4CM2zY76dSYFp3lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTI5MTEwNDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGY5ZTg1NmYwNDk1Yzg0OTBkNTEyNGU4Y2ZiYWYwOGQ3MGRmYjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKTq1MkgrtBlc2X6trvxQRP4220G
v5ky/fNlapmXlECWmqlQ0q704xMhZ/XRwhkxQLHc7zb3e0yGfZiTFe/LakTthx3+
jaFzRroyQFr0m1CUB1igFzOZIYDoZlhUT4bY2Ox40C3P7g1uBM8wR/X8/KXlrei7
oZ+FoYmGyLU2sEly5l0OfcxNa++NMQeAlBLjdEpBVFASAFJO9m8qvsEC3hTeJ8iH
obuj/1Uqo54/PP3kgcsaeurzYNf7GbBGddy5HQuEbe2Kc57xXwac4JaezIXJCLBY
22zXxNKqqDuxe1xlh58qrYIlKdeE71yWyB9c0S+32BySTt0BofjyFLxdwwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFF356FbwSVyEkNUSToz7rwjXDfsXMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk1LzEzZGMz
OC0yZTc1LTRiMDctYmVmMC1lMWVhNDUzYzUyNTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTUvMTNkYzM4
LTJlNzUtNGIwNy1iZWYwLWUxZWE0NTNjNTI1Ny8xL1hmbm9WdkJKWElTUTFSSk9q
UHV2Q05jTi14Yy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAueQ7MA0GCSqGSIb3DQEBCwUAA4IBAQCuRAXB
zJORD10UtNpr2ihwRpvq7e9W1EqHaIqO5HITaCtexBzqIJ2OPdXa2+qpURtBbN6E
ph42mjskBjT2guNhX7R7Dcbtua+LogKzAchN5RKAmMInLkrTIAYcMqfyDqjP2L7d
Yx8VCNz79fduufrtRdwCGAoITAQ/79/icpJ5+ao0cImOsnTUG5rp1PCwdkZeHfUz
UL1mVXe/elpzfHtmpZ5pXifJnPK6uWFp5DOVw6Onqex8gOxdXIQlNn6QNRt+230c
Hc8yiEHUW4XMpaPJO03/Mct2gh5EA95fsjc3zIVRWW3oDp7Yc+WeHnj38v2HJ7P5
+desP5Jo0zXHSkSA
-----END CERTIFICATE-----