Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/_J8k6-8Ri5Fl5S9hypk77kMGTsI.cer
File:                     _J8k6-8Ri5Fl5S9hypk77kMGTsI.cer (raw, json)
Hash identifier:          a9+OeYhNsMo1AppxS+uSS6wc+8PNum7DwmCC3fVihS4=
Subject key identifier:   FC:9F:24:EB:EF:11:8B:91:65:E5:2F:61:CA:99:3B:EE:43:06:4E:C2
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941FFA3CC335C02245843D7D79A382E34E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/72/e6cb2b-df09-4007-8ad7-153bf7e7ec2a/1/_J8k6-8Ri5Fl5S9hypk77kMGTsI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/72/e6cb2b-df09-4007-8ad7-153bf7e7ec2a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 03:48:00 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 193.56.4.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:3c:c3:35:c0:22:45:84:3d:7d:79:a3:82:e3:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 03:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc9f24ebef118b9165e52f61ca993bee43064ec2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:35:ac:d1:aa:25:94:db:86:49:fa:9b:ad:fa:
                    fa:4f:a8:10:b7:5e:fd:db:9e:66:d5:79:79:3e:dc:
                    b2:af:82:9c:3f:f1:7a:1c:2e:60:5b:15:22:21:10:
                    b9:3c:d9:5c:07:c3:ed:d5:74:cd:b5:3d:92:0a:be:
                    ba:5c:ef:4e:ba:72:e6:85:c0:42:d0:52:7e:00:54:
                    f7:ed:88:1b:f2:50:5d:6b:9a:69:bc:81:39:b1:0a:
                    9f:01:77:ab:f7:8c:81:55:50:3b:6d:2e:7b:95:f6:
                    6c:bb:c0:14:cf:75:11:ef:71:0a:4a:4b:44:4a:ce:
                    c9:8e:2c:3a:41:a5:3e:37:e4:74:1e:8f:a8:e9:2e:
                    4b:7f:84:fe:08:90:66:58:88:7b:6d:98:b9:72:e0:
                    c5:9a:af:00:94:1f:e6:ff:2d:88:29:4d:6b:cd:13:
                    0e:f0:23:65:8a:dc:e4:cf:e1:5e:d9:f2:b1:16:b9:
                    8b:0d:aa:21:06:90:a1:1c:a0:eb:7b:22:3e:7e:91:
                    65:8d:e8:21:fd:68:c3:b4:6c:bc:b1:d7:15:7e:ec:
                    37:9e:34:76:05:9a:6c:50:d4:88:52:26:c3:4b:77:
                    df:5e:ad:ab:c3:09:2b:88:5a:51:a4:76:25:e4:9b:
                    33:6f:69:16:3f:f6:13:16:9e:d4:2f:9b:90:27:1e:
                    bc:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:9F:24:EB:EF:11:8B:91:65:E5:2F:61:CA:99:3B:EE:43:06:4E:C2
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/e6cb2b-df09-4007-8ad7-153bf7e7ec2a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/e6cb2b-df09-4007-8ad7-153bf7e7ec2a/1/_J8k6-8Ri5Fl5S9hypk77kMGTsI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:fb:7b:44:d7:e2:b6:fe:c3:be:d1:f9:b9:e9:6c:0c:51:48:
         7b:ed:4e:6c:e0:39:e4:a4:0b:5d:89:fd:3b:df:d0:3d:0a:ee:
         52:98:93:53:b7:28:80:41:57:70:ea:1e:ba:f3:4d:11:5f:29:
         39:59:b2:06:b1:42:82:31:c5:a3:7e:94:82:22:72:f1:54:64:
         72:d1:af:aa:d3:c6:91:69:6f:34:92:bf:34:ff:b1:57:ad:ff:
         87:2c:67:6b:5c:0a:0f:d4:23:5b:49:df:77:b8:b9:a2:13:a8:
         fd:b5:72:d8:17:6a:59:a6:3a:13:63:dc:69:45:3c:70:34:af:
         b6:02:8c:9b:79:c7:6d:b4:9e:17:0e:69:3b:1b:df:7f:21:c9:
         f4:67:a7:94:64:eb:f2:df:ba:fc:8a:17:35:b2:0f:bc:2a:ff:
         b7:8c:a7:f6:79:92:1c:d0:61:ef:fa:20:d5:01:52:bd:66:be:
         51:04:e3:14:65:26:ff:79:ab:95:96:6d:88:71:5a:d7:23:7b:
         16:69:56:cf:28:c8:d2:b7:ac:fd:73:bd:62:38:07:39:95:c5:
         3a:7d:40:54:5e:9c:ec:0b:7a:6a:ef:45:24:be:f8:42:e9:42:
         a0:59:85:8d:b2:ed:8d:72:56:11:84:da:12:af:13:c1:da:71:
         9e:ca:d8:a7
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQf+jzDNcAiRYQ9fXmjguNOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzlmMjRlYmVmMTE4YjkxNjVlNTJmNjFjYTk5M2JlZTQzMDY0ZWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTWs0aollNuGSfqbrfr6T6gQt179
255m1Xl5Ptyyr4KcP/F6HC5gWxUiIRC5PNlcB8Pt1XTNtT2SCr66XO9OunLmhcBC
0FJ+AFT37Ygb8lBda5ppvIE5sQqfAXer94yBVVA7bS57lfZsu8AUz3UR73EKSktE
Ss7Jjiw6QaU+N+R0Ho+o6S5Lf4T+CJBmWIh7bZi5cuDFmq8AlB/m/y2IKU1rzRMO
8CNlitzkz+Fe2fKxFrmLDaohBpChHKDreyI+fpFljegh/WjDtGy8sdcVfuw3njR2
BZpsUNSIUibDS3ffXq2rwwkriFpRpHYl5Jszb2kWP/YTFp7UL5uQJx68uwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFPyfJOvvEYuRZeUvYcqZO+5DBk7CMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzcyL2U2Y2Iy
Yi1kZjA5LTQwMDctOGFkNy0xNTNiZjdlN2VjMmEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzIvZTZjYjJi
LWRmMDktNDAwNy04YWQ3LTE1M2JmN2U3ZWMyYS8xL19KOGs2LThSaTVGbDVTOWh5
cGs3N2tNR1RzSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwTgEMA0GCSqGSIb3DQEBCwUAA4IBAQAK+3tE
1+K2/sO+0fm56WwMUUh77U5s4DnkpAtdif0739A9Cu5SmJNTtyiAQVdw6h66800R
Xyk5WbIGsUKCMcWjfpSCInLxVGRy0a+q08aRaW80kr80/7FXrf+HLGdrXAoP1CNb
Sd93uLmiE6j9tXLYF2pZpjoTY9xpRTxwNK+2AoybecdttJ4XDmk7G99/Icn0Z6eU
ZOvy37r8ihc1sg+8Kv+3jKf2eZIc0GHv+iDVAVK9Zr5RBOMUZSb/eauVlm2IcVrX
I3sWaVbPKMjSt6z9c71iOAc5lcU6fUBUXpzsC3pq70UkvvhC6UKgWYWNsu2NclYR
hNoSrxPB2nGeytin
-----END CERTIFICATE-----