Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ZUq8jkXeIx-4KbyiK7Lwsx4fevU.cer
File:                     ZUq8jkXeIx-4KbyiK7Lwsx4fevU.cer (raw, json)
Hash identifier:          5nCW5K3fADzNVBS3EGOyK+/e7qS5epRmRUS43ov7K/4=
Subject key identifier:   65:4A:BC:8E:45:DE:23:1F:B8:29:BC:A2:2B:B2:F0:B3:1E:1F:7A:F5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194258F6CF732170C343288E92FDA95128C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9e/6155d5-31ba-4239-a753-f287b7b6d7b2/1/ZUq8jkXeIx-4KbyiK7Lwsx4fevU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9e/6155d5-31ba-4239-a753-f287b7b6d7b2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 05:49:04 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.62.229.0/24
                          IP: 2a13:840::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:6c:f7:32:17:0c:34:32:88:e9:2f:da:95:12:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 05:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=654abc8e45de231fb829bca22bb2f0b31e1f7af5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:fc:92:4f:7d:67:dd:a3:59:00:6f:35:7b:f1:
                    74:91:ef:77:0a:51:46:59:5a:9d:52:cf:f5:05:fb:
                    36:10:2b:f5:42:f3:38:df:83:eb:47:10:33:b0:d9:
                    83:c9:4f:05:7a:aa:cd:64:91:da:b4:e2:b3:19:3a:
                    d2:8b:cc:f7:5a:ee:c0:4d:2d:72:62:04:16:1e:d0:
                    85:d5:11:94:3a:f4:5b:72:f2:90:85:74:cd:61:8d:
                    2f:30:db:2e:f3:52:5b:1b:75:8e:75:be:4b:21:18:
                    96:92:b0:1c:4f:d5:3b:3a:36:b5:c3:81:49:36:09:
                    30:d3:a1:99:f1:7b:cf:65:11:74:4b:29:6d:2a:9b:
                    8a:d4:8b:2b:7a:e5:35:eb:39:fe:cd:2e:aa:29:f6:
                    8b:57:21:26:48:c2:36:d3:38:25:7e:52:29:30:83:
                    4d:ea:23:2b:17:fd:8e:85:d8:eb:b3:7e:4d:88:3a:
                    0c:dc:32:2f:7a:68:cf:8c:59:50:8b:46:e9:c3:18:
                    66:ce:b1:6d:0a:58:1e:91:34:d5:6e:81:e6:cb:16:
                    fb:1a:e0:ad:1b:84:fa:b0:04:40:0f:03:ce:4f:c8:
                    29:dd:e2:a1:9a:4b:39:c4:72:1e:1a:5d:53:55:92:
                    8d:f1:84:ac:9c:c6:09:af:a2:9c:a6:e6:a5:45:70:
                    7c:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:4A:BC:8E:45:DE:23:1F:B8:29:BC:A2:2B:B2:F0:B3:1E:1F:7A:F5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/6155d5-31ba-4239-a753-f287b7b6d7b2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/6155d5-31ba-4239-a753-f287b7b6d7b2/1/ZUq8jkXeIx-4KbyiK7Lwsx4fevU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.62.229.0/24
                IPv6:
                  2a13:840::/29

    Signature Algorithm: sha256WithRSAEncryption
         8b:4c:5e:c5:ca:df:2b:d7:10:e6:0f:c3:36:fc:93:ae:43:f4:
         ad:79:2b:42:a9:3a:61:d1:2a:a9:01:4b:0b:e3:a5:1c:9a:fb:
         1a:2f:a5:e0:c4:81:5c:53:33:dd:c0:0d:01:db:43:9f:db:b9:
         25:b8:9b:55:2b:a6:b4:be:17:2a:c1:8e:09:f9:62:99:a6:67:
         70:23:bc:24:1b:be:51:23:21:a6:3f:86:7d:5d:26:b1:5f:0f:
         35:aa:c7:ec:c2:68:f8:9a:e3:cf:84:0a:92:f3:61:41:f6:5f:
         68:15:cd:19:49:a9:74:30:9c:c2:21:3d:8e:bd:d4:bc:62:83:
         07:3b:18:81:8e:59:23:e0:30:61:ab:5b:6d:2d:0b:91:f2:88:
         11:42:9e:40:1e:9f:bd:82:e7:09:56:24:b3:42:1b:f7:70:2d:
         61:7f:0c:12:6c:fd:63:21:41:43:66:0e:96:4b:8d:52:d6:10:
         b9:3f:9e:96:2a:6c:6d:be:1f:eb:73:19:a6:0b:98:ac:40:1a:
         2b:e6:d6:15:60:5d:98:fd:34:99:0a:cd:da:9d:5b:92:66:98:
         69:fa:97:8b:bf:4f:fc:22:5c:fe:44:49:42:d8:a2:f0:08:7a:
         50:ad:05:e2:03:8e:a4:ea:58:24:ff:c1:38:15:82:bb:22:21:
         ed:8d:27:c9
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQlj2z3MhcMNDKI6S/alRKMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDU0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTRhYmM4ZTQ1ZGUyMzFmYjgyOWJjYTIyYmIyZjBiMzFlMWY3YWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPyST31n3aNZAG81e/F0ke93ClFG
WVqdUs/1Bfs2ECv1QvM434PrRxAzsNmDyU8FeqrNZJHatOKzGTrSi8z3Wu7ATS1y
YgQWHtCF1RGUOvRbcvKQhXTNYY0vMNsu81JbG3WOdb5LIRiWkrAcT9U7Oja1w4FJ
Ngkw06GZ8XvPZRF0SyltKpuK1IsreuU16zn+zS6qKfaLVyEmSMI20zglflIpMINN
6iMrF/2Ohdjrs35NiDoM3DIvemjPjFlQi0bpwxhmzrFtClgekTTVboHmyxb7GuCt
G4T6sARADwPOT8gp3eKhmks5xHIeGl1TVZKN8YSsnMYJr6KcpualRXB8WQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFGVKvI5F3iMfuCm8oiuy8LMeH3r1MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzllLzYxNTVk
NS0zMWJhLTQyMzktYTc1My1mMjg3YjdiNmQ3YjIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWUvNjE1NWQ1
LTMxYmEtNDIzOS1hNzUzLWYyODdiN2I2ZDdiMi8xL1pVcThqa1hlSXgtNEtieWlL
N0x3c3g0ZmV2VS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAuT7lMA0EAgACMAcDBQMqEwhAMA0GCSqGSIb3
DQEBCwUAA4IBAQCLTF7Fyt8r1xDmD8M2/JOuQ/SteStCqTph0SqpAUsL46Ucmvsa
L6XgxIFcUzPdwA0B20Of27kluJtVK6a0vhcqwY4J+WKZpmdwI7wkG75RIyGmP4Z9
XSaxXw81qsfswmj4muPPhAqS82FB9l9oFc0ZSal0MJzCIT2OvdS8YoMHOxiBjlkj
4DBhq1ttLQuR8ogRQp5AHp+9gucJViSzQhv3cC1hfwwSbP1jIUFDZg6WS41S1hC5
P56WKmxtvh/rcxmmC5isQBor5tYVYF2Y/TSZCs3anVuSZphp+peLv0/8Ilz+RElC
2KLwCHpQrQXiA46k6lgk/8E4FYK7IiHtjSfJ
-----END CERTIFICATE-----