Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cCw58YaCB38HK2IRb9TxaQh0r5Y.cer
File:                     cCw58YaCB38HK2IRb9TxaQh0r5Y.cer (raw, json)
Hash identifier:          xghY8SmLCz9gOq4o0wXBBEZmvPI9Q8mPsc3cXrW7D1I=
Subject key identifier:   70:2C:39:F1:86:82:07:7F:07:2B:62:11:6F:D4:F1:69:08:74:AF:96
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194228DDA451D49422900CD325DF17D58A6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/66/8365af-f851-4b7c-a891-38805dbff719/1/cCw58YaCB38HK2IRb9TxaQh0r5Y.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/66/8365af-f851-4b7c-a891-38805dbff719/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 15:48:29 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 217.18.95.0/24
                          IP: 2a13:c180::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 15:28:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:da:45:1d:49:42:29:00:cd:32:5d:f1:7d:58:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 15:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=702c39f18682077f072b62116fd4f1690874af96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:68:94:c9:d8:b9:1a:1d:76:42:36:b5:80:73:
                    52:dc:1b:a2:28:d8:49:92:71:db:03:87:06:14:93:
                    95:42:75:e2:9c:16:15:30:26:5a:74:b5:b8:ab:da:
                    48:2a:d7:86:37:0e:2b:43:fa:fb:88:9c:30:52:6b:
                    d1:fb:e6:24:9b:21:fa:27:c7:8d:03:77:cd:29:c9:
                    f1:4c:cd:20:49:d8:21:5a:86:81:f0:8a:16:5c:96:
                    03:7c:46:fc:c9:8f:f9:60:77:0f:01:54:7b:43:41:
                    60:0c:1a:14:79:7d:e2:4c:a7:ff:07:2e:59:da:76:
                    b7:40:05:52:41:16:8a:07:1b:a1:2f:a4:f9:e9:db:
                    e6:63:96:61:71:ea:ac:e1:7c:b4:61:c0:bb:62:52:
                    a8:b1:e2:ba:b1:90:15:e8:93:50:4a:54:9a:06:1e:
                    ab:08:c3:2c:1a:89:57:a3:09:d8:9d:6c:fd:b5:63:
                    ac:d8:9e:f9:37:7a:d7:1e:ba:9d:cc:d3:41:1d:54:
                    64:5a:a4:39:3c:f6:36:39:be:9a:be:8f:4c:19:2b:
                    3b:03:39:0f:9b:5c:79:aa:fc:b3:59:62:65:46:7c:
                    60:6d:eb:e5:41:a1:d8:0f:d7:77:3e:0f:34:73:96:
                    b1:8f:82:4c:b5:ba:9e:6e:53:c9:0a:99:98:c1:a6:
                    9f:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:2C:39:F1:86:82:07:7F:07:2B:62:11:6F:D4:F1:69:08:74:AF:96
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/8365af-f851-4b7c-a891-38805dbff719/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/8365af-f851-4b7c-a891-38805dbff719/1/cCw58YaCB38HK2IRb9TxaQh0r5Y.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.18.95.0/24
                IPv6:
                  2a13:c180::/29

    Signature Algorithm: sha256WithRSAEncryption
         59:1b:e4:75:f0:98:e2:07:85:28:d6:fd:85:55:8a:21:4f:72:
         3e:a8:d5:53:7f:c6:ef:9b:b2:c9:4b:ff:95:c6:6c:88:6b:cb:
         a8:f9:06:4c:37:78:4d:32:5e:19:3d:1e:64:37:b5:d5:c8:b5:
         9b:02:8e:b7:33:ba:c1:2c:15:59:42:0b:70:c6:19:9c:8b:95:
         f0:cf:17:5e:99:f8:c3:e7:e2:af:cb:44:3e:e3:77:bd:f7:21:
         1c:c5:3c:34:ba:f7:87:f0:ac:4d:cf:f9:0e:ed:54:3c:eb:7a:
         27:5b:06:da:55:8e:85:71:ca:e1:80:5a:a8:d6:63:1e:5c:94:
         29:06:61:92:d3:10:8a:43:ca:d2:c9:7f:1c:0e:f7:eb:a0:a1:
         fa:89:e1:56:09:1b:b8:99:ca:94:ec:5d:85:a0:9a:8f:30:d6:
         5b:f6:7b:0a:3f:b2:9f:ba:14:15:b1:75:79:54:f0:c1:b0:26:
         0b:fd:13:0e:61:02:81:67:e5:7d:15:62:29:0c:10:ca:37:45:
         5a:c8:73:44:63:7a:06:9e:3f:f0:75:2d:b4:c3:8d:27:c3:07:
         ab:79:3b:b4:48:d1:80:e4:f7:c9:30:ca:c1:2a:92:64:dc:a4:
         d0:a3:96:96:52:9b:60:db:17:6e:cd:cd:08:48:f5:36:e1:b7:
         b5:80:52:34
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQijdpFHUlCKQDNMl3xfVimMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTU0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDJjMzlmMTg2ODIwNzdmMDcyYjYyMTE2ZmQ0ZjE2OTA4NzRhZjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6miUydi5Gh12Qja1gHNS3BuiKNhJ
knHbA4cGFJOVQnXinBYVMCZadLW4q9pIKteGNw4rQ/r7iJwwUmvR++YkmyH6J8eN
A3fNKcnxTM0gSdghWoaB8IoWXJYDfEb8yY/5YHcPAVR7Q0FgDBoUeX3iTKf/By5Z
2na3QAVSQRaKBxuhL6T56dvmY5Zhceqs4Xy0YcC7YlKoseK6sZAV6JNQSlSaBh6r
CMMsGolXownYnWz9tWOs2J75N3rXHrqdzNNBHVRkWqQ5PPY2Ob6avo9MGSs7AzkP
m1x5qvyzWWJlRnxgbevlQaHYD9d3Pg80c5axj4JMtbqeblPJCpmYwaafUwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFHAsOfGGggd/BytiEW/U8WkIdK+WMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzY2LzgzNjVh
Zi1mODUxLTRiN2MtYTg5MS0zODgwNWRiZmY3MTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjYvODM2NWFm
LWY4NTEtNGI3Yy1hODkxLTM4ODA1ZGJmZjcxOS8xL2NDdzU4WWFDQjM4SEsySVJi
OVR4YVFoMHI1WS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQA2RJfMA0EAgACMAcDBQMqE8GAMA0GCSqGSIb3
DQEBCwUAA4IBAQBZG+R18JjiB4Uo1v2FVYohT3I+qNVTf8bvm7LJS/+VxmyIa8uo
+QZMN3hNMl4ZPR5kN7XVyLWbAo63M7rBLBVZQgtwxhmci5XwzxdemfjD5+Kvy0Q+
43e99yEcxTw0uveH8KxNz/kO7VQ863onWwbaVY6FccrhgFqo1mMeXJQpBmGS0xCK
Q8rSyX8cDvfroKH6ieFWCRu4mcqU7F2FoJqPMNZb9nsKP7KfuhQVsXV5VPDBsCYL
/RMOYQKBZ+V9FWIpDBDKN0VayHNEY3oGnj/wdS20w40nwwereTu0SNGA5PfJMMrB
KpJk3KTQo5aWUptg2xduzc0ISPU24be1gFI0
-----END CERTIFICATE-----