Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c-9Luv3HPlPAmdTVLpye_6g3m08.cer
File:                     c-9Luv3HPlPAmdTVLpye_6g3m08.cer (raw, json)
Hash identifier:          yQBgCGl6zSnhe2gNddCuN4mY+D6G24Z0BDAec/w8JIk=
Subject key identifier:   73:EF:4B:BA:FD:C7:3E:53:C0:99:D4:D5:2E:9C:9E:FF:A8:37:9B:4F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941F8C870BB17CB0850AAF519BFB5006A2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/eb/362a4d-9ae6-4012-b5b8-2cc753e53955/1/c-9Luv3HPlPAmdTVLpye_6g3m08.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/eb/362a4d-9ae6-4012-b5b8-2cc753e53955/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 01:48:10 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 45.67.68.0/22
                          IP: 2a09:71c0::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:87:0b:b1:7c:b0:85:0a:af:51:9b:fb:50:06:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=73ef4bbafdc73e53c099d4d52e9c9effa8379b4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:ea:39:92:53:77:35:85:ab:03:81:77:3e:c7:
                    80:5c:74:4c:eb:97:16:4c:cb:c0:03:ff:41:dd:31:
                    4e:49:82:4e:52:cd:9a:8c:5f:32:18:26:2d:5c:cd:
                    e8:30:24:e4:0f:02:ec:cc:44:b8:33:ee:26:ac:c3:
                    58:34:40:af:9f:6d:aa:14:74:f4:e3:9a:d0:b5:d9:
                    24:cf:1c:02:5e:04:12:73:ae:fe:2a:c2:87:2d:c8:
                    b7:ae:24:c5:3c:f3:29:a4:62:50:e8:9b:26:c4:fc:
                    64:9e:ec:46:4f:5c:35:d3:8a:f6:ec:a2:c4:21:eb:
                    c0:67:a5:bf:d9:98:25:08:a1:3d:6c:c5:f9:e1:0d:
                    64:17:c9:ba:37:be:de:e0:a9:3f:66:df:c4:03:96:
                    69:b9:af:31:a9:8f:c4:d8:e7:a3:27:ec:fe:4d:6f:
                    7b:7c:0d:e8:cb:69:77:62:97:b6:2f:aa:a9:4c:c7:
                    46:a8:e0:55:f5:da:07:06:77:42:3c:95:d8:a8:91:
                    ef:d6:24:95:85:ae:41:de:fd:97:df:f6:9b:f0:62:
                    5c:ba:d3:6e:51:b3:f1:dd:8d:22:00:fa:5c:56:2d:
                    3f:09:1d:01:2e:86:92:b4:82:e7:0e:ce:c4:a7:7c:
                    81:a6:a3:97:b8:d1:ca:95:c8:92:d9:db:eb:ba:52:
                    77:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:EF:4B:BA:FD:C7:3E:53:C0:99:D4:D5:2E:9C:9E:FF:A8:37:9B:4F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/362a4d-9ae6-4012-b5b8-2cc753e53955/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/362a4d-9ae6-4012-b5b8-2cc753e53955/1/c-9Luv3HPlPAmdTVLpye_6g3m08.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.68.0/22
                IPv6:
                  2a09:71c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         13:09:db:ef:e9:7c:01:d5:4a:45:ec:94:9f:d0:d3:82:15:96:
         b0:e9:51:17:fb:7c:83:18:ec:85:b0:26:fb:bd:e0:7d:fa:a6:
         33:7d:38:6b:fd:a9:8f:8a:c1:de:07:fa:e0:43:55:56:39:35:
         ee:dc:db:d4:4d:68:e7:27:0e:9d:95:33:f2:63:c9:c5:43:c8:
         01:d5:ea:eb:6a:05:81:88:45:1a:01:4e:a1:c5:8a:c0:a3:9c:
         07:d7:8f:ed:aa:b6:24:9b:fb:08:16:0a:14:28:dd:b5:b8:55:
         01:63:58:d0:6f:b6:4a:f7:7a:52:b0:a8:17:a1:08:43:9a:0a:
         2f:ac:ff:8e:5a:3a:09:a2:8a:cf:8d:3e:9c:45:b2:b1:2a:74:
         49:b1:42:95:a2:06:9b:59:ee:00:e5:4a:b4:63:f2:65:7e:39:
         0c:13:16:c2:9f:fd:5d:fd:98:83:41:ed:d9:a9:30:81:e2:56:
         a1:82:54:08:9a:83:dc:89:f9:48:f5:bf:51:2e:0a:c7:ff:f7:
         85:d9:14:5b:be:d0:2e:f7:7d:d0:36:e4:63:ad:f0:d8:1f:a8:
         47:ba:e5:9d:fb:2f:94:5f:9e:18:73:5d:0b:96:f0:76:fc:c1:
         76:7c:31:c0:08:c1:8a:a8:d8:48:14:c1:84:86:47:98:fb:7b:
         8f:78:d9:22
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQfjIcLsXywhQqvUZv7UAaiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDE0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2VmNGJiYWZkYzczZTUzYzA5OWQ0ZDUyZTljOWVmZmE4Mzc5YjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzuo5klN3NYWrA4F3PseAXHRM65cW
TMvAA/9B3TFOSYJOUs2ajF8yGCYtXM3oMCTkDwLszES4M+4mrMNYNECvn22qFHT0
45rQtdkkzxwCXgQSc67+KsKHLci3riTFPPMppGJQ6JsmxPxknuxGT1w104r27KLE
IevAZ6W/2ZglCKE9bMX54Q1kF8m6N77e4Kk/Zt/EA5Zpua8xqY/E2OejJ+z+TW97
fA3oy2l3Ype2L6qpTMdGqOBV9doHBndCPJXYqJHv1iSVha5B3v2X3/ab8GJcutNu
UbPx3Y0iAPpcVi0/CR0BLoaStILnDs7Ep3yBpqOXuNHKlciS2dvrulJ32wIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFHPvS7r9xz5TwJnU1S6cnv+oN5tPMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ViLzM2MmE0
ZC05YWU2LTQwMTItYjViOC0yY2M3NTNlNTM5NTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWIvMzYyYTRk
LTlhZTYtNDAxMi1iNWI4LTJjYzc1M2U1Mzk1NS8xL2MtOUx1djNIUGxQQW1kVFZM
cHllXzZnM20wOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCLUNEMA0EAgACMAcDBQMqCXHAMA0GCSqGSIb3
DQEBCwUAA4IBAQATCdvv6XwB1UpF7JSf0NOCFZaw6VEX+3yDGOyFsCb7veB9+qYz
fThr/amPisHeB/rgQ1VWOTXu3NvUTWjnJw6dlTPyY8nFQ8gB1erragWBiEUaAU6h
xYrAo5wH14/tqrYkm/sIFgoUKN21uFUBY1jQb7ZK93pSsKgXoQhDmgovrP+OWjoJ
oorPjT6cRbKxKnRJsUKVogabWe4A5Uq0Y/JlfjkMExbCn/1d/ZiDQe3ZqTCB4lah
glQImoPciflI9b9RLgrH//eF2RRbvtAu933QNuRjrfDYH6hHuuWd+y+UX54Yc10L
lvB2/MF2fDHACMGKqNhIFMGEhkeY+3uPeNki
-----END CERTIFICATE-----