Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aJbZwUqKtdiwtAgYfs4VoNI87hw.cer
File:                     aJbZwUqKtdiwtAgYfs4VoNI87hw.cer (raw, json)
Hash identifier:          ejKQ/36F+NdaeAfcnzlMugI+WLkoW4P7DqOsbsnba5c=
Subject key identifier:   68:96:D9:C1:4A:8A:B5:D8:B0:B4:08:18:7E:CE:15:A0:D2:3C:EE:1C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194244577D09F8C1A2E970CECE941DAFDC8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/21/aa7d87-4dce-44a3-aa54-f85e33dd8946/1/aJbZwUqKtdiwtAgYfs4VoNI87hw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/21/aa7d87-4dce-44a3-aa54-f85e33dd8946/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 23:48:40 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 192.109.36.0/24
                          IP: 2001:678:b10::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:77:d0:9f:8c:1a:2e:97:0c:ec:e9:41:da:fd:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 23:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6896d9c14a8ab5d8b0b408187ece15a0d23cee1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:1d:6e:f3:2a:6d:c0:09:b0:10:af:c1:94:44:
                    15:62:28:7c:d7:fe:84:7c:64:7b:3c:d5:88:68:ae:
                    52:7d:45:dc:f7:b2:82:3d:52:81:33:27:36:b4:c6:
                    bb:0e:82:71:1f:67:f7:8f:48:b8:90:94:2a:08:98:
                    39:6e:5d:58:8a:a7:77:57:ae:1f:d7:aa:cb:6e:7e:
                    f3:23:4f:09:8f:93:53:5c:ba:de:b1:f4:86:6c:7a:
                    8a:9e:65:94:7f:95:37:f2:57:bb:40:45:8d:e6:19:
                    61:3b:a5:4c:ae:6a:60:47:44:d9:92:4d:bd:5b:95:
                    5b:8f:75:16:5b:1f:a6:e3:a7:8c:e5:e7:d3:20:19:
                    7e:29:c4:2a:d8:80:79:39:0c:3c:62:9d:cc:62:26:
                    5e:5b:29:f8:ce:2d:ca:6b:b1:30:8d:44:b4:88:67:
                    bf:d6:26:ed:3a:8c:39:f5:25:43:16:fb:e3:88:f1:
                    4c:85:54:21:26:b6:90:a8:9d:ce:30:f5:59:cb:9e:
                    d9:65:b7:c6:36:05:05:46:45:44:79:5f:de:64:9d:
                    73:a5:71:42:8a:d1:0e:93:49:4e:d3:20:66:01:b9:
                    b4:e8:0e:7b:d9:2a:f1:fd:86:77:4f:5d:6c:00:b3:
                    4f:96:f1:72:12:6e:62:ee:e4:56:ce:ea:f1:e4:be:
                    08:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:96:D9:C1:4A:8A:B5:D8:B0:B4:08:18:7E:CE:15:A0:D2:3C:EE:1C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/aa7d87-4dce-44a3-aa54-f85e33dd8946/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/aa7d87-4dce-44a3-aa54-f85e33dd8946/1/aJbZwUqKtdiwtAgYfs4VoNI87hw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.36.0/24
                IPv6:
                  2001:678:b10::/48

    Signature Algorithm: sha256WithRSAEncryption
         46:3f:e6:98:01:99:a8:be:22:43:e2:25:60:be:ac:5e:4d:00:
         9d:4f:73:2b:0b:4b:c7:fa:db:c3:46:6c:51:ca:3f:00:2b:79:
         0a:fb:ae:c1:9c:08:d6:ce:53:46:b1:43:aa:75:3e:2a:97:7f:
         c6:3a:ab:29:d0:4f:7b:4e:e9:b5:f4:55:0e:7d:3f:ae:b9:43:
         0c:36:fa:60:fa:17:5c:34:06:10:89:d6:87:2b:70:33:08:f2:
         bd:07:ba:56:65:29:32:c2:f6:b6:ad:9c:1a:f2:09:c3:6c:17:
         05:0c:b4:35:83:a5:1f:af:d9:55:70:5a:f9:37:c2:1e:b4:d1:
         32:12:db:6d:c7:e6:ea:68:34:7a:7c:83:74:26:71:45:e0:ed:
         6d:f4:c4:a9:0a:a9:47:c1:40:f3:5b:f0:55:b6:2e:98:23:db:
         35:1d:98:ab:61:d1:2d:55:08:6d:47:c7:59:6a:66:ff:9a:59:
         26:64:b5:62:e9:15:09:70:ef:13:8c:fb:40:66:9c:5c:12:cf:
         f9:ef:d2:7c:5b:ac:d8:9e:97:54:c5:69:fc:e8:f8:c7:4f:b0:
         05:41:49:5c:db:39:f8:c9:4e:8c:ec:f7:7f:f9:c0:e9:48:c9:
         a7:d6:02:a0:33:fe:0c:41:24:d1:0c:7a:49:42:65:53:56:2e:
         1a:d6:a1:7e
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgISAZQkRXfQn4waLpcM7OlB2v3IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMjM0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODk2ZDljMTRhOGFiNWQ4YjBiNDA4MTg3ZWNlMTVhMGQyM2NlZTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApB1u8yptwAmwEK/BlEQVYih81/6E
fGR7PNWIaK5SfUXc97KCPVKBMyc2tMa7DoJxH2f3j0i4kJQqCJg5bl1Yiqd3V64f
16rLbn7zI08Jj5NTXLresfSGbHqKnmWUf5U38le7QEWN5hlhO6VMrmpgR0TZkk29
W5Vbj3UWWx+m46eM5efTIBl+KcQq2IB5OQw8Yp3MYiZeWyn4zi3Ka7EwjUS0iGe/
1ibtOow59SVDFvvjiPFMhVQhJraQqJ3OMPVZy57ZZbfGNgUFRkVEeV/eZJ1zpXFC
itEOk0lO0yBmAbm06A572Srx/YZ3T11sALNPlvFyEm5i7uRWzurx5L4IiwIDAQAB
o4IClTCCApEwHQYDVR0OBBYEFGiW2cFKirXYsLQIGH7OFaDSPO4cMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzIxL2FhN2Q4
Ny00ZGNlLTQ0YTMtYWE1NC1mODVlMzNkZDg5NDYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjEvYWE3ZDg3
LTRkY2UtNDRhMy1hYTU0LWY4NWUzM2RkODk0Ni8xL2FKYlp3VXFLdGRpd3RBZ1lm
czRWb05JODdody5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUF
BwEHAQH/BCEwHzAMBAIAATAGAwQAwG0kMA8EAgACMAkDBwAgAQZ4CxAwDQYJKoZI
hvcNAQELBQADggEBAEY/5pgBmai+IkPiJWC+rF5NAJ1PcysLS8f628NGbFHKPwAr
eQr7rsGcCNbOU0axQ6p1PiqXf8Y6qynQT3tO6bX0VQ59P665Qww2+mD6F1w0BhCJ
1ocrcDMI8r0HulZlKTLC9ratnBryCcNsFwUMtDWDpR+v2VVwWvk3wh600TIS223H
5upoNHp8g3QmcUXg7W30xKkKqUfBQPNb8FW2Lpgj2zUdmKth0S1VCG1Hx1lqZv+a
WSZktWLpFQlw7xOM+0BmnFwSz/nv0nxbrNiel1TFafzo+MdPsAVBSVzbOfjJTozs
93/5wOlIyafWAqAz/gxBJNEMeklCZVNWLhrWoX4=
-----END CERTIFICATE-----