Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ZLCrAcoNA05Q0QhadBIy_oy7TL8.cer
File:                     ZLCrAcoNA05Q0QhadBIy_oy7TL8.cer (raw, json)
Hash identifier:          qQbjP6r0SgEPaBfg2dI1cnm1teY6uebXZ/zCIKc9pww=
Subject key identifier:   64:B0:AB:01:CA:0D:03:4E:50:D1:08:5A:74:12:32:FE:8C:BB:4C:BF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01931B7561DA4A2A814C94A091D614AC7373
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2e/30279f-79e7-4dd2-a2e6-732fee90855d/1/ZLCrAcoNA05Q0QhadBIy_oy7TL8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2e/30279f-79e7-4dd2-a2e6-732fee90855d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 11 Nov 2024 13:41:37 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 194.127.197.0/24
                          IP: 212.11.93.0/24
                          IP: 212.104.211.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1b:75:61:da:4a:2a:81:4c:94:a0:91:d6:14:ac:73:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Nov 11 13:41:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64b0ab01ca0d034e50d1085a741232fe8cbb4cbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:7b:7c:e7:78:01:65:5c:5d:8e:b9:7b:05:70:
                    22:67:c5:53:00:78:4d:6d:61:79:59:ba:70:09:9c:
                    d5:27:e6:60:10:cc:6e:4e:8e:d4:28:a7:b2:cd:9e:
                    ce:11:11:e4:5f:87:fd:31:79:a3:8b:06:e9:bb:5c:
                    07:24:58:b9:7c:de:9c:68:48:49:79:50:d8:f4:2b:
                    37:f0:03:21:9d:1c:6c:05:19:0c:06:fa:88:a2:5c:
                    fb:2f:48:ad:28:28:04:00:72:94:40:4c:30:f9:78:
                    f8:10:33:0f:9a:83:4f:91:d1:dc:d6:6b:4e:07:fd:
                    c4:9a:29:ef:45:8e:a3:bc:31:a2:7a:34:09:a6:8d:
                    32:6d:13:e2:8d:19:00:82:21:31:d6:fa:40:ee:4c:
                    65:81:e4:01:4d:b8:bd:1b:30:8b:e7:8c:45:f3:9d:
                    39:fe:fe:2e:ca:af:5a:3f:07:89:70:b3:db:17:c8:
                    7d:9b:73:1d:28:0f:ae:b1:35:65:93:2d:d8:73:41:
                    cd:cb:35:3b:87:0b:10:95:99:5a:43:0e:12:e6:64:
                    43:97:d0:95:2d:21:ac:e0:33:8d:5c:01:ec:ac:c5:
                    17:91:43:1b:98:c9:1b:a8:5f:e7:17:50:74:e5:d2:
                    69:81:2f:ba:f4:19:67:ef:1d:e8:3d:e5:72:1e:bf:
                    f9:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:B0:AB:01:CA:0D:03:4E:50:D1:08:5A:74:12:32:FE:8C:BB:4C:BF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/30279f-79e7-4dd2-a2e6-732fee90855d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/30279f-79e7-4dd2-a2e6-732fee90855d/1/ZLCrAcoNA05Q0QhadBIy_oy7TL8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.197.0/24
                  212.11.93.0/24
                  212.104.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:88:84:4d:13:77:86:b6:cc:0e:e7:43:fa:09:3d:18:47:f6:
         c7:a1:8c:9a:3b:83:fc:1a:47:3e:13:89:f7:d9:33:ff:1a:7f:
         50:fa:70:89:91:dc:b8:a9:49:b3:aa:b6:e6:32:da:03:fa:76:
         05:3c:a2:43:9c:b3:b0:53:3f:7f:70:b9:2c:c1:1c:7e:40:3e:
         d7:94:36:ae:f2:ec:22:22:64:86:92:11:09:c6:2e:f9:a7:43:
         27:6c:d7:58:f3:f0:1f:6a:a9:c1:0f:f8:dc:f0:67:94:86:79:
         7a:56:54:5f:be:16:99:cd:b4:1e:29:9f:76:97:dd:6f:eb:06:
         d9:68:0f:cf:f0:28:6b:97:b7:81:15:09:92:73:73:24:2b:0a:
         d9:1e:2a:f3:7e:42:7e:9c:5b:27:4e:9d:34:b0:f5:c0:4e:ce:
         3d:46:ee:28:5e:44:7e:59:e0:15:b3:99:d4:b0:79:df:1d:8c:
         d0:99:86:cc:0a:d5:09:3a:d0:6d:c2:d8:cc:a5:a6:7f:11:8c:
         05:27:30:44:6a:ce:ea:6f:19:ee:d5:e2:fd:f7:cf:36:5b:7c:
         36:2d:5c:07:31:13:f2:fd:a0:1e:4b:8a:50:63:47:b1:0a:1a:
         94:14:ba:65:85:83:78:a3:ba:4d:e2:79:15:81:4e:d8:f3:f7:
         d8:1b:0d:16
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgISAZMbdWHaSiqBTJSgkdYUrHNzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQxMTExMTM0MTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGIwYWIwMWNhMGQwMzRlNTBkMTA4NWE3NDEyMzJmZThjYmI0Y2JmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3t853gBZVxdjrl7BXAiZ8VTAHhN
bWF5WbpwCZzVJ+ZgEMxuTo7UKKeyzZ7OERHkX4f9MXmjiwbpu1wHJFi5fN6caEhJ
eVDY9Cs38AMhnRxsBRkMBvqIolz7L0itKCgEAHKUQEww+Xj4EDMPmoNPkdHc1mtO
B/3EminvRY6jvDGiejQJpo0ybRPijRkAgiEx1vpA7kxlgeQBTbi9GzCL54xF8505
/v4uyq9aPweJcLPbF8h9m3MdKA+usTVlky3Yc0HNyzU7hwsQlZlaQw4S5mRDl9CV
LSGs4DONXAHsrMUXkUMbmMkbqF/nF1B05dJpgS+69Bln7x3oPeVyHr/5HQIDAQAB
o4ICkDCCAowwHQYDVR0OBBYEFGSwqwHKDQNOUNEIWnQSMv6Mu0y/MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJlLzMwMjc5
Zi03OWU3LTRkZDItYTJlNi03MzJmZWU5MDg1NWQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmUvMzAyNzlm
LTc5ZTctNGRkMi1hMmU2LTczMmZlZTkwODU1ZC8xL1pMQ3JBY29OQTA1UTBRaGFk
Qkl5X295N1RMOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUF
BwEHAQH/BBwwGjAYBAIAATASAwQAwn/FAwQA1AtdAwQA1GjTMA0GCSqGSIb3DQEB
CwUAA4IBAQCBiIRNE3eGtswO50P6CT0YR/bHoYyaO4P8Gkc+E4n32TP/Gn9Q+nCJ
kdy4qUmzqrbmMtoD+nYFPKJDnLOwUz9/cLkswRx+QD7XlDau8uwiImSGkhEJxi75
p0MnbNdY8/AfaqnBD/jc8GeUhnl6VlRfvhaZzbQeKZ92l91v6wbZaA/P8Chrl7eB
FQmSc3MkKwrZHirzfkJ+nFsnTp00sPXATs49Ru4oXkR+WeAVs5nUsHnfHYzQmYbM
CtUJOtBtwtjMpaZ/EYwFJzBEas7qbxnu1eL99882W3w2LVwHMRPy/aAeS4pQY0ex
ChqUFLplhYN4o7pN4nkVgU7Y8/fYGw0W
-----END CERTIFICATE-----