Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ZUFaF2P-AFsBObAUxuV11fmypQQ.cer
File:                     ZUFaF2P-AFsBObAUxuV11fmypQQ.cer (raw, json)
Hash identifier:          T4pbR+besy18jtcywu80fm3Zu4xfaMejYAajhmhCAh0=
Subject key identifier:   65:41:5A:17:63:FE:00:5B:01:39:B0:14:C6:E5:75:D5:F9:B2:A5:04
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019421442262BD9E0B40CE8BE7E35A2D7F29
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7b/3aec71-ca17-4ec5-87a7-ee7a20569b83/1/ZUFaF2P-AFsBObAUxuV11fmypQQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7b/3aec71-ca17-4ec5-87a7-ee7a20569b83/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 09:48:20 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 176.120.120.0/21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:22:62:bd:9e:0b:40:ce:8b:e7:e3:5a:2d:7f:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 09:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=65415a1763fe005b0139b014c6e575d5f9b2a504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:07:98:72:18:e1:4c:6b:4d:02:09:c3:14:a1:
                    81:13:65:4d:60:c1:50:ab:65:bb:18:27:40:dd:c2:
                    ff:f5:df:b2:b6:a1:3e:1f:a4:08:d1:66:6b:91:a5:
                    01:62:b2:de:80:05:b1:0e:ae:6d:f2:29:f8:5d:e1:
                    99:85:16:38:3a:2c:aa:b7:67:f7:92:bb:c9:11:2c:
                    37:c3:84:42:51:8f:f3:10:c7:0c:88:13:22:83:2c:
                    5b:10:da:18:ed:44:c4:ad:81:0e:9f:78:6d:26:c5:
                    80:9c:9b:02:34:69:f0:1c:0d:7b:e3:96:dc:a3:2f:
                    2f:c9:44:a1:05:a6:62:c0:41:dc:b4:63:3f:c3:d3:
                    4f:af:73:8d:76:46:da:2a:b7:e7:a9:a8:47:fa:fa:
                    f7:4a:5f:8d:bb:e2:87:b4:2f:66:11:c9:62:3b:ae:
                    1c:fe:b8:ff:0a:0c:ec:66:66:ae:8f:00:32:65:4d:
                    a1:a5:28:1a:cf:0b:ef:f9:e4:c8:93:4a:50:9b:77:
                    64:a8:85:e0:06:58:fb:53:e3:e5:10:90:ec:9d:9c:
                    d7:90:ff:bb:1d:ef:ad:8f:44:e6:4c:a0:f6:c7:63:
                    4d:53:6e:0d:1d:5a:99:79:a8:1e:04:63:21:d9:43:
                    e8:33:3d:ab:8d:f7:28:6f:93:cd:e7:04:27:05:21:
                    87:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:41:5A:17:63:FE:00:5B:01:39:B0:14:C6:E5:75:D5:F9:B2:A5:04
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/3aec71-ca17-4ec5-87a7-ee7a20569b83/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/3aec71-ca17-4ec5-87a7-ee7a20569b83/1/ZUFaF2P-AFsBObAUxuV11fmypQQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.120.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         00:c6:d4:ef:5e:c1:f0:49:3c:ff:8a:16:b4:d0:02:05:e0:83:
         63:2c:98:a8:83:d1:d1:8e:9a:b7:a4:e2:da:0c:13:e8:9e:92:
         87:c7:ec:60:8e:be:39:66:9a:0b:fc:01:71:c6:50:b8:27:da:
         cf:f8:e4:2d:ad:e1:80:43:b5:49:29:e1:76:4c:77:3b:3b:6e:
         95:27:b6:cd:64:5b:58:c4:d4:53:36:02:e7:1b:b6:de:2c:5f:
         99:72:b8:ee:98:b7:a8:df:2c:34:32:53:06:f6:bf:38:2b:a3:
         9e:fb:89:59:f2:3a:11:33:a3:e3:6e:0d:2d:7d:f4:fd:49:b0:
         99:fc:73:8f:0a:cd:fd:75:ae:7a:d6:f8:0e:13:10:02:b3:3d:
         c6:db:f3:f5:0d:e7:82:51:7b:3b:3b:30:ed:b8:3f:09:02:80:
         a9:8b:f2:9e:81:09:53:eb:97:91:7b:15:33:21:85:32:c7:81:
         35:9e:9a:67:2b:ff:28:1b:f4:7b:ec:6f:53:dc:7b:be:1b:13:
         21:5d:ad:cf:5f:58:a3:87:f7:9d:2d:cd:63:3a:68:5a:56:05:
         b8:c3:3f:00:28:a9:28:a8:c1:ed:a7:c6:12:b0:c1:5d:3a:0c:
         1c:88:2d:6b:18:68:ab:9e:fd:eb:55:03:9f:2f:02:c4:bd:84:
         df:68:b9:36
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQhRCJivZ4LQM6L5+NaLX8pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDk0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTQxNWExNzYzZmUwMDViMDEzOWIwMTRjNmU1NzVkNWY5YjJhNTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwweYchjhTGtNAgnDFKGBE2VNYMFQ
q2W7GCdA3cL/9d+ytqE+H6QI0WZrkaUBYrLegAWxDq5t8in4XeGZhRY4Oiyqt2f3
krvJESw3w4RCUY/zEMcMiBMigyxbENoY7UTErYEOn3htJsWAnJsCNGnwHA1745bc
oy8vyUShBaZiwEHctGM/w9NPr3ONdkbaKrfnqahH+vr3Sl+Nu+KHtC9mEcliO64c
/rj/CgzsZmaujwAyZU2hpSgazwvv+eTIk0pQm3dkqIXgBlj7U+PlEJDsnZzXkP+7
He+tj0TmTKD2x2NNU24NHVqZeageBGMh2UPoMz2rjfcob5PN5wQnBSGHQwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFGVBWhdj/gBbATmwFMblddX5sqUEMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdiLzNhZWM3
MS1jYTE3LTRlYzUtODdhNy1lZTdhMjA1NjliODMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2IvM2FlYzcx
LWNhMTctNGVjNS04N2E3LWVlN2EyMDU2OWI4My8xL1pVRmFGMlAtQUZzQk9iQVV4
dVYxMWZteXBRUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQDsHh4MA0GCSqGSIb3DQEBCwUAA4IBAQAAxtTv
XsHwSTz/iha00AIF4INjLJiog9HRjpq3pOLaDBPonpKHx+xgjr45ZpoL/AFxxlC4
J9rP+OQtreGAQ7VJKeF2THc7O26VJ7bNZFtYxNRTNgLnG7beLF+ZcrjumLeo3yw0
MlMG9r84K6Oe+4lZ8joRM6Pjbg0tffT9SbCZ/HOPCs39da561vgOExACsz3G2/P1
DeeCUXs7OzDtuD8JAoCpi/KegQlT65eRexUzIYUyx4E1nppnK/8oG/R77G9T3Hu+
GxMhXa3PX1ijh/edLc1jOmhaVgW4wz8AKKkoqMHtp8YSsMFdOgwciC1rGGirnv3r
VQOfLwLEvYTfaLk2
-----END CERTIFICATE-----