Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aZISXj1TzEgTNhBUg_z_cB_aG7M.cer
File:                     aZISXj1TzEgTNhBUg_z_cB_aG7M.cer (raw, json)
Hash identifier:          ER/ur+SBjP3hZn3FNLWEREz2bqnVQtCktqDcYxS5Wdk=
Subject key identifier:   69:92:12:5E:3D:53:CC:48:13:36:10:54:83:FC:FF:70:1F:DA:1B:B3
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019425219AEA436FB4A38807B0E600B22333
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f3/4ac957-4183-49f3-bfbe-837c5e12bd04/1/aZISXj1TzEgTNhBUg_z_cB_aG7M.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f3/4ac957-4183-49f3-bfbe-837c5e12bd04/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 03:49:06 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 209761
                          IP: 213.226.88.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:9a:ea:43:6f:b4:a3:88:07:b0:e6:00:b2:23:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 03:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6992125e3d53cc481336105483fcff701fda1bb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:2e:2e:df:ef:4f:da:90:31:05:90:9b:1e:68:
                    a0:15:9a:72:31:97:f5:b4:7f:ef:82:4b:bf:c3:c6:
                    40:6a:14:88:12:3a:91:2a:c1:4b:e8:e6:67:2f:42:
                    58:49:a6:2e:00:36:e7:08:aa:90:6b:1a:53:2c:7c:
                    5d:c3:3e:3d:71:d3:93:05:44:61:a0:c6:95:26:bd:
                    03:c6:74:1b:33:48:43:59:c2:eb:f8:74:11:f6:1c:
                    5d:bd:cb:08:e7:c7:ef:09:e1:da:78:e3:fd:ff:f6:
                    1b:ba:e0:1f:72:28:0e:57:3a:73:6a:b1:58:bb:4e:
                    f0:3e:1d:54:1b:d7:6a:3d:a9:78:7b:ce:cd:73:2e:
                    b1:91:c0:5a:46:ea:d8:85:d4:fe:19:04:b3:30:e8:
                    13:ea:31:55:76:65:1d:83:ae:09:e7:51:10:8f:27:
                    24:26:42:1e:5c:23:13:ba:67:75:b3:8b:33:bc:72:
                    f9:08:ef:00:72:e7:11:c2:ff:54:35:3f:ac:bc:ee:
                    b1:8f:28:cb:cc:d8:bd:2a:98:93:f2:3a:20:d2:33:
                    ae:28:8c:6e:99:35:bc:7f:33:b6:5d:f5:1d:29:22:
                    42:25:06:fc:10:7b:87:be:87:4e:01:64:24:d3:97:
                    e4:ad:b6:68:b2:d2:c2:26:49:7f:ba:8c:c1:f8:0a:
                    39:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:92:12:5E:3D:53:CC:48:13:36:10:54:83:FC:FF:70:1F:DA:1B:B3
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/4ac957-4183-49f3-bfbe-837c5e12bd04/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/4ac957-4183-49f3-bfbe-837c5e12bd04/1/aZISXj1TzEgTNhBUg_z_cB_aG7M.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.226.88.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  209761

    Signature Algorithm: sha256WithRSAEncryption
         82:69:0c:93:e5:c2:12:78:46:58:48:87:f1:4e:b1:99:ef:40:
         22:a2:df:11:cc:22:3a:26:ec:c1:4b:5f:d7:e3:eb:40:78:37:
         48:1c:37:f6:18:0e:52:3f:e2:c3:4f:dc:11:79:24:83:bb:2c:
         13:60:32:0d:4e:c7:a0:74:d2:c4:29:ac:d2:38:89:18:e5:d9:
         5c:fa:19:ce:13:df:5a:38:c1:ff:46:bb:c6:4b:e0:90:f6:7f:
         7b:78:32:39:f9:5f:29:ee:91:b5:6e:84:bd:aa:ba:2f:1e:87:
         d0:4e:9e:0e:6e:f5:c4:b1:a6:37:28:80:2f:b5:66:01:82:af:
         f0:55:91:b1:76:c4:61:d8:8a:71:51:71:2b:19:6f:aa:6f:ee:
         cb:bb:18:0a:60:b5:ca:6f:47:8e:56:ef:be:4f:aa:8d:b3:57:
         ea:81:14:66:e6:b0:99:d9:8b:67:60:d3:89:9e:42:2b:bf:c5:
         39:a6:ce:26:04:ed:df:de:69:46:8e:94:2d:65:0b:d4:dd:b5:
         2f:33:83:5c:68:be:f9:c6:9f:5a:35:81:5b:20:5f:0c:57:94:
         98:c2:c6:bc:b1:f4:1c:16:96:b6:bb:48:10:cc:c4:ff:b5:1e:
         81:bc:13:28:68:8f:8a:75:c4:62:e9:5d:82:26:8d:95:4f:12:
         df:79:a8:44
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQlIZrqQ2+0o4gHsOYAsiMzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDM0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTkyMTI1ZTNkNTNjYzQ4MTMzNjEwNTQ4M2ZjZmY3MDFmZGExYmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvC4u3+9P2pAxBZCbHmigFZpyMZf1
tH/vgku/w8ZAahSIEjqRKsFL6OZnL0JYSaYuADbnCKqQaxpTLHxdwz49cdOTBURh
oMaVJr0DxnQbM0hDWcLr+HQR9hxdvcsI58fvCeHaeOP9//YbuuAfcigOVzpzarFY
u07wPh1UG9dqPal4e87Ncy6xkcBaRurYhdT+GQSzMOgT6jFVdmUdg64J51EQjyck
JkIeXCMTumd1s4szvHL5CO8AcucRwv9UNT+svO6xjyjLzNi9KpiT8jog0jOuKIxu
mTW8fzO2XfUdKSJCJQb8EHuHvodOAWQk05fkrbZostLCJkl/uozB+Ao5gwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFGmSEl49U8xIEzYQVIP8/3Af2huzMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YzLzRhYzk1
Ny00MTgzLTQ5ZjMtYmZiZS04MzdjNWUxMmJkMDQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjMvNGFjOTU3
LTQxODMtNDlmMy1iZmJlLTgzN2M1ZTEyYmQwNC8xL2FaSVNYajFUekVnVE5oQlVn
X3pfY0JfYUc3TS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQC1eJYMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMzYTANBgkqhkiG9w0BAQsFAAOCAQEAgmkMk+XCEnhGWEiH8U6xme9AIqLfEcwi
OibswUtf1+PrQHg3SBw39hgOUj/iw0/cEXkkg7ssE2AyDU7HoHTSxCms0jiJGOXZ
XPoZzhPfWjjB/0a7xkvgkPZ/e3gyOflfKe6RtW6Evaq6Lx6H0E6eDm71xLGmNyiA
L7VmAYKv8FWRsXbEYdiKcVFxKxlvqm/uy7sYCmC1ym9Hjlbvvk+qjbNX6oEUZuaw
mdmLZ2DTiZ5CK7/FOabOJgTt395pRo6ULWUL1N21LzODXGi++cafWjWBWyBfDFeU
mMLGvLH0HBaWtrtIEMzE/7UegbwTKGiPinXEYuldgiaNlU8S33moRA==
-----END CERTIFICATE-----