Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Z-B-9OfktoQIIZjk7JIUQ0TEGEM.cer
File:                     Z-B-9OfktoQIIZjk7JIUQ0TEGEM.cer (raw, json)
Hash identifier:          nUpwfLiMaCiC4pA0pELAlbumHeKignhcYURJTs5uXXk=
Subject key identifier:   67:E0:7E:F4:E7:E4:B6:84:08:21:98:E4:EC:92:14:43:44:C4:18:43
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019483CD7AD5606AC574EC9CD083BDD77CD0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e0/44f63e-f33d-4f22-8dfb-af6f338bcec2/1/Z-B-9OfktoQIIZjk7JIUQ0TEGEM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e0/44f63e-f33d-4f22-8dfb-af6f338bcec2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 20 Jan 2025 13:01:09 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.43.148.0/22
                          IP: 2a01:44a0::/32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:83:cd:7a:d5:60:6a:c5:74:ec:9c:d0:83:bd:d7:7c:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 20 13:01:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67e07ef4e7e4b684082198e4ec92144344c41843
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:86:6f:7b:65:e4:ca:f1:7c:e2:c6:70:34:03:
                    ee:93:14:20:fe:bd:d9:95:9e:c3:a9:49:6e:a9:e5:
                    89:a6:de:37:07:83:7d:c4:5d:5e:c4:c1:29:4e:a4:
                    6a:53:cd:d7:63:ef:98:5a:a1:78:56:9e:38:c6:45:
                    79:f9:99:8c:73:9b:fb:a5:77:e7:52:3a:74:cc:9a:
                    81:ce:0f:c2:6a:6f:e4:40:cd:06:7e:6e:de:f5:f1:
                    39:ea:8f:d1:77:17:24:38:7e:a8:1f:43:05:36:9b:
                    da:e7:2a:9d:db:9d:9f:72:8f:cb:43:a2:86:1a:34:
                    90:dc:ba:0b:6d:31:0d:c3:48:17:bf:7b:3c:e2:b5:
                    56:d6:00:51:f9:5b:b1:86:ae:ff:d9:1b:96:72:58:
                    98:5e:c0:b1:ac:88:9e:26:ad:73:55:43:c9:da:ed:
                    9e:32:df:53:af:d8:50:39:a3:3d:0f:27:81:4c:d1:
                    f3:5e:8c:47:e6:ed:d0:de:d9:51:37:af:89:16:42:
                    da:ce:e9:74:93:d1:d4:d3:03:36:38:67:00:bd:74:
                    b5:88:10:6e:89:35:c9:f3:a2:d6:e5:5f:f4:ec:99:
                    3c:d3:0d:7c:46:e4:12:9c:a9:aa:84:13:44:bc:39:
                    88:20:cf:4a:fe:61:75:e0:6c:2a:cd:c9:bd:27:ed:
                    b3:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:E0:7E:F4:E7:E4:B6:84:08:21:98:E4:EC:92:14:43:44:C4:18:43
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/44f63e-f33d-4f22-8dfb-af6f338bcec2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/44f63e-f33d-4f22-8dfb-af6f338bcec2/1/Z-B-9OfktoQIIZjk7JIUQ0TEGEM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.148.0/22
                IPv6:
                  2a01:44a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         45:ca:03:0b:0a:bb:7f:ba:a8:36:f3:f4:9d:03:52:1c:e6:77:
         a5:83:b3:ba:12:bd:18:8f:0f:df:04:4c:7d:a7:2c:8a:96:a6:
         62:17:d5:7f:f9:e8:e8:c3:a1:47:d3:07:10:48:24:ad:36:c7:
         4c:27:24:a3:fd:45:64:98:a4:5a:ee:a7:7f:26:0f:8c:44:75:
         d3:ea:17:07:61:d9:49:bc:61:20:b7:a3:a3:86:20:1d:7d:0b:
         68:ce:78:83:30:fc:fc:bd:26:0d:0b:6b:a6:3b:2d:14:3d:50:
         e2:1d:8b:b2:28:9c:49:be:90:30:ac:0b:fe:81:79:27:1c:5c:
         5f:52:6f:76:70:f5:90:04:ab:b8:0a:51:32:cd:91:67:8a:7c:
         06:35:6b:fd:d0:c3:70:a3:f2:f8:9f:3d:ed:28:59:d5:06:d5:
         ab:08:07:fa:7b:a3:f7:5c:13:59:08:ba:bd:de:de:6f:03:b7:
         3a:fe:bd:52:2c:95:6e:15:86:59:7f:bf:b0:5e:57:e0:8b:a5:
         d4:c9:bf:4f:cf:af:62:f5:e0:da:5a:0f:cd:37:3e:36:db:6e:
         95:a3:a9:b4:8b:49:2a:5f:34:79:e3:c0:43:03:3e:2f:72:9b:
         a8:16:b9:ba:75:d6:60:df:22:3d:6f:a5:70:c5:ce:cf:d9:fb:
         b7:49:f2:bd
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZSDzXrVYGrFdOyc0IO913zQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTIwMTMwMTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2UwN2VmNGU3ZTRiNjg0MDgyMTk4ZTRlYzkyMTQ0MzQ0YzQxODQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4Zve2XkyvF84sZwNAPukxQg/r3Z
lZ7DqUluqeWJpt43B4N9xF1exMEpTqRqU83XY++YWqF4Vp44xkV5+ZmMc5v7pXfn
Ujp0zJqBzg/Cam/kQM0Gfm7e9fE56o/RdxckOH6oH0MFNpva5yqd252fco/LQ6KG
GjSQ3LoLbTENw0gXv3s84rVW1gBR+Vuxhq7/2RuWcliYXsCxrIieJq1zVUPJ2u2e
Mt9Tr9hQOaM9DyeBTNHzXoxH5u3Q3tlRN6+JFkLazul0k9HU0wM2OGcAvXS1iBBu
iTXJ86LW5V/07Jk80w18RuQSnKmqhBNEvDmIIM9K/mF14Gwqzcm9J+2zGQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFGfgfvTn5LaECCGY5OySFENExBhDMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2UwLzQ0ZjYz
ZS1mMzNkLTRmMjItOGRmYi1hZjZmMzM4YmNlYzIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTAvNDRmNjNl
LWYzM2QtNGYyMi04ZGZiLWFmNmYzMzhiY2VjMi8xL1otQi05T2ZrdG9RSUlaams3
SklVUTBURUdFTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuSuUMA0EAgACMAcDBQAqAUSgMA0GCSqGSIb3
DQEBCwUAA4IBAQBFygMLCrt/uqg28/SdA1Ic5nelg7O6Er0Yjw/fBEx9pyyKlqZi
F9V/+ejow6FH0wcQSCStNsdMJySj/UVkmKRa7qd/Jg+MRHXT6hcHYdlJvGEgt6Oj
hiAdfQtozniDMPz8vSYNC2umOy0UPVDiHYuyKJxJvpAwrAv+gXknHFxfUm92cPWQ
BKu4ClEyzZFninwGNWv90MNwo/L4nz3tKFnVBtWrCAf6e6P3XBNZCLq93t5vA7c6
/r1SLJVuFYZZf7+wXlfgi6XUyb9Pz69i9eDaWg/NNz42226Vo6m0i0kqXzR548BD
Az4vcpuoFrm6ddZg3yI9b6Vwxc7P2fu3SfK9
-----END CERTIFICATE-----