Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/afM-l5tD6I0OXsp5h5R9sh73yrk.cer
File:                     afM-l5tD6I0OXsp5h5R9sh73yrk.cer (raw, json)
Hash identifier:          vauOXz2IqYDZ0yokMUZMbm+qiYBifk0XFSPKfsUOuxI=
Subject key identifier:   69:F3:3E:97:9B:43:E8:8D:0E:5E:CA:79:87:94:7D:B2:1E:F7:CA:B9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019423D6FBEC3E3A0B3CD64660C47F70EA6B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/22/953a61-3349-47bf-a12b-e4c69334142c/1/afM-l5tD6I0OXsp5h5R9sh73yrk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/22/953a61-3349-47bf-a12b-e4c69334142c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 21:47:59 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 195.78.46.0/23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:fb:ec:3e:3a:0b:3c:d6:46:60:c4:7f:70:ea:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 21:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69f33e979b43e88d0e5eca7987947db21ef7cab9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ba:b5:4e:6c:07:02:f5:34:01:15:85:dd:38:
                    51:a8:96:be:ed:bc:b6:5c:86:ca:91:0f:cf:c5:f0:
                    c1:94:27:d6:d8:e8:23:ea:4c:3c:e8:cf:f5:37:c1:
                    89:65:eb:2b:5f:c4:de:86:3d:24:d2:57:72:5f:97:
                    ae:ac:a0:73:e6:79:19:51:dc:fc:3b:ec:3c:e8:26:
                    0a:d3:26:f6:ba:5a:7a:11:22:e6:0b:de:23:3d:07:
                    4a:db:2b:85:f9:25:97:5a:45:ae:fa:0d:85:90:e3:
                    4c:79:27:02:f6:7e:b0:1d:62:93:75:d9:9c:a3:06:
                    36:94:e7:59:0a:7a:25:2c:78:8a:d5:59:c9:37:d1:
                    aa:ec:ea:17:e4:9d:df:41:8e:aa:47:f5:d5:f8:db:
                    aa:a3:91:54:73:c7:07:24:27:6b:bf:b3:89:8d:4c:
                    58:03:d3:64:7d:70:34:28:2a:e4:64:d7:7c:e0:d6:
                    47:65:12:63:10:c4:c7:69:c0:fb:89:c2:51:f8:aa:
                    7f:57:fb:13:60:0c:13:66:e4:f1:e5:2b:7c:e1:f6:
                    ed:72:0f:b4:cf:5d:76:97:86:d2:b3:63:eb:b3:95:
                    3b:3a:63:b4:4d:77:38:d0:c4:36:d1:9f:d2:20:5f:
                    58:e2:b3:6c:c8:fe:37:c3:c0:11:32:a0:82:c9:cb:
                    5a:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:F3:3E:97:9B:43:E8:8D:0E:5E:CA:79:87:94:7D:B2:1E:F7:CA:B9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/953a61-3349-47bf-a12b-e4c69334142c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/953a61-3349-47bf-a12b-e4c69334142c/1/afM-l5tD6I0OXsp5h5R9sh73yrk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.78.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0f:b4:10:7f:fa:4b:1e:4a:b2:43:8f:a4:43:d4:70:a9:b6:ad:
         c6:7d:87:0d:7c:be:66:ff:2b:ab:93:cc:0b:f2:03:ba:a6:4c:
         56:da:ec:97:58:b2:96:90:d4:ef:06:30:64:2d:ac:44:e8:98:
         14:0a:a6:0a:62:24:d1:de:d7:46:4c:9b:fb:cb:4b:ac:78:81:
         ce:b1:01:d8:2c:7d:f9:b7:65:ff:1e:8e:d5:a7:41:ee:e0:da:
         70:95:1f:cd:e5:fc:5f:7c:3c:4f:85:df:3f:68:8d:dc:ec:b6:
         41:95:8b:14:5a:6b:6f:7b:71:2f:75:07:c3:97:b6:94:9e:89:
         43:8f:d5:d4:de:a8:23:4f:6d:f2:a5:a2:53:1d:cc:b8:16:db:
         64:b5:3a:ca:62:ab:54:1f:c3:f9:0a:cf:d5:8b:7c:05:43:e0:
         1a:f8:5b:e0:fe:d1:33:11:43:99:ad:86:8d:ac:ac:16:69:57:
         02:96:14:98:6f:fd:ac:f0:47:8e:c5:58:d0:db:ad:95:6a:e3:
         46:16:8d:df:35:ed:11:58:b7:36:64:0b:36:b0:79:e1:7f:1d:
         78:42:3b:12:3a:af:94:46:3c:08:f9:fc:85:68:d8:f5:2e:ac:
         63:c7:75:2f:81:91:a5:bd:a7:a4:05:67:91:3c:a8:89:6d:00:
         f6:d2:e0:9a
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQj1vvsPjoLPNZGYMR/cOprMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMjE0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWYzM2U5NzliNDNlODhkMGU1ZWNhNzk4Nzk0N2RiMjFlZjdjYWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbq1TmwHAvU0ARWF3ThRqJa+7by2
XIbKkQ/PxfDBlCfW2Ogj6kw86M/1N8GJZesrX8Tehj0k0ldyX5eurKBz5nkZUdz8
O+w86CYK0yb2ulp6ESLmC94jPQdK2yuF+SWXWkWu+g2FkONMeScC9n6wHWKTddmc
owY2lOdZCnolLHiK1VnJN9Gq7OoX5J3fQY6qR/XV+Nuqo5FUc8cHJCdrv7OJjUxY
A9NkfXA0KCrkZNd84NZHZRJjEMTHacD7icJR+Kp/V/sTYAwTZuTx5St84fbtcg+0
z112l4bSs2Prs5U7OmO0TXc40MQ20Z/SIF9Y4rNsyP43w8ARMqCCyctaXQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFGnzPpebQ+iNDl7KeYeUfbIe98q5MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzIyLzk1M2E2
MS0zMzQ5LTQ3YmYtYTEyYi1lNGM2OTMzNDE0MmMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjIvOTUzYTYx
LTMzNDktNDdiZi1hMTJiLWU0YzY5MzM0MTQyYy8xL2FmTS1sNXRENkkwT1hzcDVo
NVI5c2g3M3lyay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBw04uMA0GCSqGSIb3DQEBCwUAA4IBAQAPtBB/
+kseSrJDj6RD1HCptq3GfYcNfL5m/yurk8wL8gO6pkxW2uyXWLKWkNTvBjBkLaxE
6JgUCqYKYiTR3tdGTJv7y0useIHOsQHYLH35t2X/Ho7Vp0Hu4NpwlR/N5fxffDxP
hd8/aI3c7LZBlYsUWmtve3EvdQfDl7aUnolDj9XU3qgjT23ypaJTHcy4FttktTrK
YqtUH8P5Cs/Vi3wFQ+Aa+Fvg/tEzEUOZrYaNrKwWaVcClhSYb/2s8EeOxVjQ262V
auNGFo3fNe0RWLc2ZAs2sHnhfx14QjsSOq+URjwI+fyFaNj1Lqxjx3UvgZGlvaek
BWeRPKiJbQD20uCa
-----END CERTIFICATE-----