Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aomTYnatLRhxB9-3QAeTADrBSac.cer
File:                     aomTYnatLRhxB9-3QAeTADrBSac.cer (raw, json)
Hash identifier:          gKtx7cGUQj17IxZH3MzuDpissP8nu0aDfcpked336wY=
Subject key identifier:   6A:89:93:62:76:AD:2D:18:71:07:DF:B7:40:07:93:00:3A:C1:49:A7
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194228D6FB55D132FD0A9D28BBBB184129D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ab/2ab62d-070c-4b06-b38a-73a7a4736038/1/aomTYnatLRhxB9-3QAeTADrBSac.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ab/2ab62d-070c-4b06-b38a-73a7a4736038/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 15:48:02 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 2001:67c:46c::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:6f:b5:5d:13:2f:d0:a9:d2:8b:bb:b1:84:12:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 15:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a89936276ad2d187107dfb7400793003ac149a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:df:12:d0:93:92:68:53:96:46:81:13:af:7e:
                    4c:5d:06:39:1f:50:5c:bf:55:6a:01:ea:8d:15:52:
                    bc:c0:2c:8f:6b:ff:25:95:90:ec:b9:42:0b:bf:f2:
                    cd:f4:f8:fa:de:cd:e1:74:a1:8b:90:af:34:f4:fd:
                    51:4d:ad:e5:37:f5:64:fc:98:75:e9:9f:82:9e:ba:
                    fc:1a:14:f6:ac:42:74:de:9a:28:5e:86:d1:98:b3:
                    59:46:30:24:2f:9a:58:d7:d6:be:d6:cb:0e:1c:af:
                    cc:7a:8e:be:6b:44:9a:ee:22:c8:b4:2b:00:83:12:
                    28:25:1f:01:b4:e7:9c:c2:b6:53:bf:7d:20:52:b2:
                    b1:8e:20:0d:c1:20:94:d6:5e:e3:ca:fd:0f:71:7f:
                    34:f7:8f:ea:bd:61:31:c8:30:cf:a6:5f:28:c3:68:
                    dd:20:11:53:54:c5:71:2d:18:97:f4:be:a3:6e:0d:
                    1c:61:aa:b0:a4:61:11:11:fd:2c:53:5c:fa:49:1a:
                    6f:92:2b:74:16:73:71:3a:d4:d2:42:65:6a:8d:7a:
                    cc:65:45:82:15:fb:ec:80:ae:c2:78:b2:7d:99:d9:
                    03:f2:18:e4:f4:b1:9a:bf:b7:f4:65:ea:4e:59:70:
                    ac:a9:78:40:14:f3:ab:3a:57:51:68:72:d5:ae:9e:
                    fc:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:89:93:62:76:AD:2D:18:71:07:DF:B7:40:07:93:00:3A:C1:49:A7
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/2ab62d-070c-4b06-b38a-73a7a4736038/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/2ab62d-070c-4b06-b38a-73a7a4736038/1/aomTYnatLRhxB9-3QAeTADrBSac.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:46c::/48

    Signature Algorithm: sha256WithRSAEncryption
         1e:8f:5c:ff:5c:e0:00:f2:83:42:5b:75:59:1e:2e:2a:3f:19:
         63:95:cb:fa:0c:72:fa:c3:e7:0a:bf:a7:f2:08:fb:7b:25:d2:
         08:11:48:e2:65:27:98:cd:29:93:48:21:2b:24:21:96:18:b8:
         00:1b:38:3b:79:57:d9:a2:a7:2a:cd:af:07:cb:59:3e:80:fc:
         88:a6:d7:61:27:ba:ba:3a:bf:d4:55:ec:e5:a5:92:15:f8:00:
         47:29:9c:6c:74:97:84:14:50:29:03:aa:0f:94:e1:da:0d:ce:
         75:6b:f1:4e:e8:32:a9:56:cd:23:64:ca:96:8b:6b:55:af:3d:
         1b:c8:0c:3b:c7:19:d2:de:7c:08:e2:60:c0:b3:af:e3:80:fe:
         b4:5a:d8:c9:bc:a0:15:05:81:64:3b:84:f1:cd:93:dd:44:03:
         c6:a9:05:78:21:c5:8a:48:18:c2:cb:96:69:02:d9:f3:05:98:
         b9:8d:97:60:3a:ec:34:9d:a5:4b:b8:4a:f4:f2:cb:2e:8b:ad:
         16:03:fd:38:9d:0b:14:7d:e2:8a:ee:cc:9d:72:5c:c5:8f:0e:
         7a:2e:e6:e6:28:b7:25:d1:cc:f5:d3:db:b7:5a:b9:e4:8b:b4:
         6d:18:7a:37:67:62:29:d9:79:e4:2a:1c:01:4e:67:b5:32:74:
         2a:52:a1:31
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgISAZQijW+1XRMv0KnSi7uxhBKdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTU0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTg5OTM2Mjc2YWQyZDE4NzEwN2RmYjc0MDA3OTMwMDNhYzE0OWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApt8S0JOSaFOWRoETr35MXQY5H1Bc
v1VqAeqNFVK8wCyPa/8llZDsuUILv/LN9Pj63s3hdKGLkK809P1RTa3lN/Vk/Jh1
6Z+Cnrr8GhT2rEJ03pooXobRmLNZRjAkL5pY19a+1ssOHK/Meo6+a0Sa7iLItCsA
gxIoJR8BtOecwrZTv30gUrKxjiANwSCU1l7jyv0PcX8094/qvWExyDDPpl8ow2jd
IBFTVMVxLRiX9L6jbg0cYaqwpGEREf0sU1z6SRpvkit0FnNxOtTSQmVqjXrMZUWC
FfvsgK7CeLJ9mdkD8hjk9LGav7f0ZepOWXCsqXhAFPOrOldRaHLVrp78BwIDAQAB
o4IChzCCAoMwHQYDVR0OBBYEFGqJk2J2rS0YcQfft0AHkwA6wUmnMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2FiLzJhYjYy
ZC0wNzBjLTRiMDYtYjM4YS03M2E3YTQ3MzYwMzgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWIvMmFiNjJk
LTA3MGMtNGIwNi1iMzhhLTczYTdhNDczNjAzOC8xL2FvbVRZbmF0TFJoeEI5LTNR
QWVUQURyQlNhYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfARsMA0GCSqGSIb3DQEBCwUAA4IBAQAe
j1z/XOAA8oNCW3VZHi4qPxljlcv6DHL6w+cKv6fyCPt7JdIIEUjiZSeYzSmTSCEr
JCGWGLgAGzg7eVfZoqcqza8Hy1k+gPyIptdhJ7q6Or/UVezlpZIV+ABHKZxsdJeE
FFApA6oPlOHaDc51a/FO6DKpVs0jZMqWi2tVrz0byAw7xxnS3nwI4mDAs6/jgP60
WtjJvKAVBYFkO4TxzZPdRAPGqQV4IcWKSBjCy5ZpAtnzBZi5jZdgOuw0naVLuEr0
8ssui60WA/04nQsUfeKK7sydclzFjw56LubmKLcl0cz109u3Wrnki7RtGHo3Z2Ip
2XnkKhwBTme1MnQqUqEx
-----END CERTIFICATE-----