Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ZjhRXzKUSWmuADG94C0fTL0NK5g.cer
File:                     ZjhRXzKUSWmuADG94C0fTL0NK5g.cer (raw, json)
Hash identifier:          U+N2+hwUKNVHVBEkzaYBhesD2jTvgaWQAtncBFsy5Fw=
Subject key identifier:   66:38:51:5F:32:94:49:69:AE:00:31:BD:E0:2D:1F:4C:BD:0D:2B:98
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0195A43B9808DEDD8EE90A6DD0A9FE429FE7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/10/c509de-4a06-4f44-b137-c994fd174e6e/1/ZjhRXzKUSWmuADG94C0fTL0NK5g.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/10/c509de-4a06-4f44-b137-c994fd174e6e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 17 Mar 2025 13:12:03 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 83.170.128.0 -- 83.170.167.255
                          IP: 83.170.176.0/20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a4:3b:98:08:de:dd:8e:e9:0a:6d:d0:a9:fe:42:9f:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar 17 13:12:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6638515f32944969ae0031bde02d1f4cbd0d2b98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:4e:ab:cf:e0:92:04:20:4d:ea:5e:c7:9e:3d:
                    72:44:11:d7:fe:0b:2b:14:79:18:f8:dd:d0:a1:02:
                    09:22:7b:49:fa:23:8e:96:3d:66:d3:15:b0:6a:53:
                    f8:67:70:20:97:5f:78:d8:30:24:c5:62:32:87:e6:
                    0c:6b:a8:f6:20:c1:0c:ef:4d:70:be:52:32:e5:39:
                    dd:38:19:39:60:b6:36:0d:a6:09:cd:ea:9c:3f:40:
                    88:b7:7a:8b:9b:aa:ce:05:fa:cb:5f:ae:6b:ee:8e:
                    ac:0c:9a:c0:b7:2a:f2:2b:a6:12:8e:0c:2b:e2:9b:
                    75:08:26:20:3c:0d:7f:d9:e3:b4:43:e6:a8:d1:9c:
                    9e:09:30:65:ea:0b:28:b1:4c:af:ef:48:1d:24:f7:
                    43:ab:81:96:0f:ed:45:cf:ed:e2:49:5c:05:6d:ad:
                    01:0a:a1:3d:f6:d7:8a:b3:c1:ea:6d:03:94:41:92:
                    7c:58:0e:f6:90:0d:f0:f3:75:7c:97:3f:1e:15:75:
                    0e:84:63:cb:af:57:a7:3c:ae:88:c6:c6:9a:62:d3:
                    c2:70:4b:87:08:6a:61:79:19:66:bd:4a:72:ac:23:
                    aa:e9:aa:ae:48:54:5c:af:2e:6c:6f:d5:78:4a:7d:
                    3c:01:bf:eb:c3:71:1a:05:65:ca:a0:e5:3e:c5:00:
                    fb:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:38:51:5F:32:94:49:69:AE:00:31:BD:E0:2D:1F:4C:BD:0D:2B:98
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/c509de-4a06-4f44-b137-c994fd174e6e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/c509de-4a06-4f44-b137-c994fd174e6e/1/ZjhRXzKUSWmuADG94C0fTL0NK5g.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.170.128.0-83.170.167.255
                  83.170.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         55:f4:2a:42:3c:bb:6d:db:72:4e:22:20:ed:8d:f4:a8:df:58:
         4a:3c:ee:f8:71:49:01:27:fc:38:d3:0e:81:b7:0d:7e:f2:3a:
         02:ff:9c:61:a7:b5:64:df:b0:f2:53:c7:82:db:eb:1d:30:23:
         2f:03:25:66:19:a4:3e:aa:f0:63:41:81:4e:59:6d:47:54:62:
         df:1a:43:c8:fa:22:69:70:4d:5c:47:1d:e9:8f:bd:87:2b:dd:
         f1:82:84:0f:a9:09:de:35:11:e8:3f:22:82:18:0c:3b:01:af:
         52:e6:71:2f:4d:18:ae:be:1b:e8:89:ac:40:c1:37:da:a9:51:
         bd:15:4e:0e:d0:af:12:f5:94:ba:5b:d8:b2:c0:a6:5b:a5:cc:
         92:0e:73:21:e9:f1:fc:55:b8:81:05:06:cb:29:d4:4e:a9:a0:
         78:9c:57:b8:92:f5:0b:59:c0:7a:4f:2b:0d:dc:c5:e1:4a:fb:
         98:02:dd:91:08:93:02:14:2e:3e:4c:74:75:f3:fb:97:db:6f:
         0e:88:fc:d2:f4:6e:a5:b1:7f:e4:34:71:57:1e:88:ad:64:e4:
         23:6e:6d:ba:07:0c:e7:8a:38:65:ca:29:80:b7:b7:eb:f6:89:
         a9:be:bc:19:71:1a:0b:f1:52:0a:a7:db:60:18:f5:88:00:79:
         9d:ab:95:c3
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgISAZWkO5gI3t2O6Qpt0Kn+Qp/nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMzE3MTMxMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjM4NTE1ZjMyOTQ0OTY5YWUwMDMxYmRlMDJkMWY0Y2JkMGQyYjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4k6rz+CSBCBN6l7Hnj1yRBHX/gsr
FHkY+N3QoQIJIntJ+iOOlj1m0xWwalP4Z3Agl1942DAkxWIyh+YMa6j2IMEM701w
vlIy5TndOBk5YLY2DaYJzeqcP0CIt3qLm6rOBfrLX65r7o6sDJrAtyryK6YSjgwr
4pt1CCYgPA1/2eO0Q+ao0ZyeCTBl6gsosUyv70gdJPdDq4GWD+1Fz+3iSVwFba0B
CqE99teKs8HqbQOUQZJ8WA72kA3w83V8lz8eFXUOhGPLr1enPK6IxsaaYtPCcEuH
CGpheRlmvUpyrCOq6aquSFRcry5sb9V4Sn08Ab/rw3EaBWXKoOU+xQD7rwIDAQAB
o4ICkjCCAo4wHQYDVR0OBBYEFGY4UV8ylElprgAxveAtH0y9DSuYMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEwL2M1MDlk
ZS00YTA2LTRmNDQtYjEzNy1jOTk0ZmQxNzRlNmUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTAvYzUwOWRl
LTRhMDYtNGY0NC1iMTM3LWM5OTRmZDE3NGU2ZS8xL1pqaFJYektVU1dtdUFERzk0
QzBmVEwwTks1Zy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC0GCCsGAQUF
BwEHAQH/BB4wHDAaBAIAATAUMAwDBAdTqoADBANTqqADBARTqrAwDQYJKoZIhvcN
AQELBQADggEBAFX0KkI8u23bck4iIO2N9KjfWEo87vhxSQEn/DjTDoG3DX7yOgL/
nGGntWTfsPJTx4Lb6x0wIy8DJWYZpD6q8GNBgU5ZbUdUYt8aQ8j6ImlwTVxHHemP
vYcr3fGChA+pCd41Eeg/IoIYDDsBr1LmcS9NGK6+G+iJrEDBN9qpUb0VTg7QrxL1
lLpb2LLAplulzJIOcyHp8fxVuIEFBssp1E6poHicV7iS9QtZwHpPKw3cxeFK+5gC
3ZEIkwIULj5MdHXz+5fbbw6I/NL0bqWxf+Q0cVceiK1k5CNubboHDOeKOGXKKYC3
t+v2iam+vBlxGgvxUgqn22AY9YgAeZ2rlcM=
-----END CERTIFICATE-----