Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/_tSpb-HtAo1ZEtd6UAsJR4vRgyI.cer
File:                     _tSpb-HtAo1ZEtd6UAsJR4vRgyI.cer (raw, json)
Hash identifier:          9azxiG8f7pmwgN3Bv90vlxKIRUC5d/hN6No9RjwID6M=
Subject key identifier:   FE:D4:A9:6F:E1:ED:02:8D:59:12:D7:7A:50:0B:09:47:8B:D1:83:22
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942068061316E07EA5FB84EC9D18AE19F5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c0/98183c-edc4-464d-bf45-8899d1058b64/1/_tSpb-HtAo1ZEtd6UAsJR4vRgyI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c0/98183c-edc4-464d-bf45-8899d1058b64/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 05:47:55 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 2.59.224.0/22
                          IP: 2a09:fb40::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:06:13:16:e0:7e:a5:fb:84:ec:9d:18:ae:19:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fed4a96fe1ed028d5912d77a500b09478bd18322
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:97:11:7f:99:9d:8c:7d:92:d8:8d:9b:36:be:
                    a5:8c:1e:a8:a6:e4:e6:72:7f:d4:72:84:f3:ef:58:
                    c6:53:d6:4c:1e:bb:09:8a:25:fd:1e:99:9d:87:27:
                    2b:84:ea:55:fa:38:16:45:38:d2:72:fc:51:62:61:
                    0e:61:88:b0:d5:14:64:2b:97:f6:70:4d:24:2d:25:
                    c2:ef:a6:4f:1d:ed:6f:6c:15:02:ee:f5:e9:9c:03:
                    bd:26:ec:cf:d5:02:9f:1f:45:1f:37:6d:c8:ba:e1:
                    5b:50:ce:66:28:02:35:ab:28:31:51:04:51:93:4a:
                    80:4b:de:07:4c:66:08:f0:b5:cc:88:c3:20:ff:7a:
                    12:77:e1:97:76:f0:4b:90:0d:f9:9a:da:c9:5a:7e:
                    c1:bd:84:7a:87:56:0c:a1:39:53:b8:40:20:6e:16:
                    3a:76:68:45:41:c8:c0:20:67:12:da:94:2c:b9:d1:
                    2f:e8:bd:bb:ae:60:99:ee:03:c4:73:52:7b:20:35:
                    cd:61:8d:48:8a:e4:dc:a3:c9:ce:e1:0e:58:42:d3:
                    99:a0:1e:0e:15:40:af:71:d0:c1:e0:c0:f1:0d:8f:
                    80:79:14:71:04:61:51:03:80:ce:55:b6:81:79:7f:
                    49:bb:bb:bb:04:60:f9:b0:56:0a:27:86:f5:60:6a:
                    9f:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:D4:A9:6F:E1:ED:02:8D:59:12:D7:7A:50:0B:09:47:8B:D1:83:22
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/98183c-edc4-464d-bf45-8899d1058b64/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/98183c-edc4-464d-bf45-8899d1058b64/1/_tSpb-HtAo1ZEtd6UAsJR4vRgyI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.224.0/22
                IPv6:
                  2a09:fb40::/29

    Signature Algorithm: sha256WithRSAEncryption
         5e:94:fd:15:7a:ac:79:d8:14:3b:d4:6f:8a:3c:68:37:ce:a0:
         c3:8d:c2:09:f4:58:9d:59:06:da:53:64:17:33:27:ed:02:17:
         d5:96:25:9d:69:75:49:5a:2c:ab:9f:12:15:61:94:42:95:12:
         5c:15:1e:1b:c8:6b:b0:12:db:6f:06:bb:92:be:7b:dc:ec:49:
         a3:c8:a9:1d:9b:5d:8e:ab:9e:86:14:25:3a:93:6c:04:27:9a:
         e5:0a:dd:87:20:85:07:53:c3:11:3f:22:f2:fa:42:99:45:99:
         f5:55:36:0d:f7:9b:eb:20:93:03:16:b1:c7:33:e0:f3:d4:93:
         ed:92:6d:da:e9:f1:9d:d4:77:4a:36:52:3a:c0:4b:2d:90:47:
         ca:b6:1a:03:81:27:35:2f:b2:5d:97:d3:29:5f:de:1d:d8:45:
         50:28:9f:e2:f9:42:0e:ec:c8:f8:a9:c9:4a:3c:32:29:64:8f:
         5f:c5:30:36:4e:55:0d:ee:77:db:30:87:ea:ad:09:13:2c:92:
         8f:65:e2:47:ad:ae:e9:62:ca:ee:4c:34:35:d6:86:11:6a:b4:
         77:2a:73:c9:d7:6f:30:4a:a6:96:ae:6f:b0:5d:9b:18:d7:c3:
         6a:71:a4:5a:90:ee:25:27:bc:b5:ed:91:4e:1d:f0:77:db:57:
         ee:cb:b5:92
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQgaAYTFuB+pfuE7J0Yrhn1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDU0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWQ0YTk2ZmUxZWQwMjhkNTkxMmQ3N2E1MDBiMDk0NzhiZDE4MzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5cRf5mdjH2S2I2bNr6ljB6opuTm
cn/UcoTz71jGU9ZMHrsJiiX9HpmdhycrhOpV+jgWRTjScvxRYmEOYYiw1RRkK5f2
cE0kLSXC76ZPHe1vbBUC7vXpnAO9JuzP1QKfH0UfN23IuuFbUM5mKAI1qygxUQRR
k0qAS94HTGYI8LXMiMMg/3oSd+GXdvBLkA35mtrJWn7BvYR6h1YMoTlTuEAgbhY6
dmhFQcjAIGcS2pQsudEv6L27rmCZ7gPEc1J7IDXNYY1IiuTco8nO4Q5YQtOZoB4O
FUCvcdDB4MDxDY+AeRRxBGFRA4DOVbaBeX9Ju7u7BGD5sFYKJ4b1YGqfWQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFP7UqW/h7QKNWRLXelALCUeL0YMiMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MwLzk4MTgz
Yy1lZGM0LTQ2NGQtYmY0NS04ODk5ZDEwNThiNjQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzAvOTgxODNj
LWVkYzQtNDY0ZC1iZjQ1LTg4OTlkMTA1OGI2NC8xL190U3BiLUh0QW8xWkV0ZDZV
QXNKUjR2Umd5SS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCAjvgMA0EAgACMAcDBQMqCftAMA0GCSqGSIb3
DQEBCwUAA4IBAQBelP0Veqx52BQ71G+KPGg3zqDDjcIJ9FidWQbaU2QXMyftAhfV
liWdaXVJWiyrnxIVYZRClRJcFR4byGuwEttvBruSvnvc7EmjyKkdm12Oq56GFCU6
k2wEJ5rlCt2HIIUHU8MRPyLy+kKZRZn1VTYN95vrIJMDFrHHM+Dz1JPtkm3a6fGd
1HdKNlI6wEstkEfKthoDgSc1L7Jdl9MpX94d2EVQKJ/i+UIO7Mj4qclKPDIpZI9f
xTA2TlUN7nfbMIfqrQkTLJKPZeJHra7pYsruTDQ11oYRarR3KnPJ128wSqaWrm+w
XZsY18NqcaRakO4lJ7y17ZFOHfB321fuy7WS
-----END CERTIFICATE-----