Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cH89q67iT8Q7hlqvo_PJwvNkv8k.cer
File:                     cH89q67iT8Q7hlqvo_PJwvNkv8k.cer (raw, json)
Hash identifier:          tOjMErFzaPq6A3OaiKdZ2R04DssDZmZIp5lJ2CIEGdM=
Subject key identifier:   70:7F:3D:AB:AE:E2:4F:C4:3B:86:5A:AF:A3:F3:C9:C2:F3:64:BF:C9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942521D24B36A74A2E04723EB43BACE7C1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/eb/88cc50-2273-45ff-adb5-eccd665f1f03/1/cH89q67iT8Q7hlqvo_PJwvNkv8k.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/eb/88cc50-2273-45ff-adb5-eccd665f1f03/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 03:49:21 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 193.23.168.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 14:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:d2:4b:36:a7:4a:2e:04:72:3e:b4:3b:ac:e7:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 03:49:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=707f3dabaee24fc43b865aafa3f3c9c2f364bfc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:55:b8:e3:c6:31:6c:a3:93:c1:3d:74:10:dd:
                    57:e4:9f:ec:72:c8:2e:7c:74:13:8b:6a:d3:53:c0:
                    e5:f7:0f:27:3a:ea:7d:97:e6:d9:b6:86:9c:e2:b8:
                    7b:d1:35:d0:a1:cd:ba:e3:77:d3:f7:6a:3a:64:63:
                    0e:ae:05:dc:57:5a:69:11:44:c8:53:0f:9e:2a:39:
                    f5:fe:54:d4:9a:4a:cf:8c:8b:59:27:ad:54:a1:1d:
                    9f:7d:1c:3d:be:db:59:90:fa:30:1a:99:04:a5:f4:
                    c1:62:35:24:e4:c7:c3:f2:61:f8:c7:fd:a8:46:82:
                    c6:a5:1b:1c:5a:33:ff:ba:62:86:dc:a0:5f:2b:9c:
                    68:9b:1c:b0:dd:16:31:a9:fa:1b:54:9d:75:81:59:
                    48:8b:53:03:7a:08:53:55:de:4e:f3:7a:5d:53:48:
                    45:88:f6:a4:02:c2:96:9e:08:57:03:25:0d:eb:db:
                    0f:b8:8c:76:2c:17:c2:2e:79:81:b1:cf:83:a0:a1:
                    13:cc:33:84:8e:48:6d:a2:bd:95:c3:ad:30:48:c5:
                    f6:64:19:b3:6a:de:f1:2f:b6:67:60:db:a2:50:29:
                    4a:bf:72:d0:fe:4f:44:cb:42:b5:e7:31:c9:bf:f3:
                    f4:ae:55:6d:5e:3a:b6:06:65:16:d1:e8:6e:4e:1a:
                    39:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:7F:3D:AB:AE:E2:4F:C4:3B:86:5A:AF:A3:F3:C9:C2:F3:64:BF:C9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/88cc50-2273-45ff-adb5-eccd665f1f03/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/88cc50-2273-45ff-adb5-eccd665f1f03/1/cH89q67iT8Q7hlqvo_PJwvNkv8k.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:b4:58:57:cb:18:e7:98:c9:8a:9f:c5:f1:b2:b3:34:84:a9:
         1f:86:a9:97:3b:64:d8:dc:1c:89:9f:0b:b9:c2:4c:52:fb:fb:
         0a:1f:79:e4:5d:1b:df:70:24:0c:a3:57:de:56:26:e6:50:26:
         8a:1f:15:34:0b:a5:f3:ca:b8:1b:e8:3f:8a:f7:98:ec:73:33:
         0f:9a:8a:0a:58:2e:04:78:39:2b:1e:db:bb:22:aa:ab:2b:9b:
         d1:52:fe:8c:b3:45:93:1a:17:a3:92:3c:a5:0f:ce:7b:54:23:
         63:53:0c:33:43:99:c7:78:8c:39:80:6a:22:6a:cd:d3:0f:39:
         b0:b8:b9:5e:b3:e7:f4:2d:79:ba:d4:d9:a9:73:e0:d5:6d:40:
         5e:e8:76:ff:ff:8c:44:b4:5b:6d:96:12:8f:25:c8:b4:1c:2e:
         06:65:de:a7:5b:17:62:bf:b2:e3:fe:c1:92:e7:ce:01:5c:4a:
         7a:cd:5b:eb:64:7e:ef:22:9e:cf:76:28:f0:1d:32:84:cb:cd:
         07:87:9f:ad:8c:6a:9b:bd:b4:a3:f3:84:10:18:76:01:06:f6:
         34:b1:74:6b:5d:77:38:e6:ca:c1:4c:cd:bc:54:0b:b8:f4:b6:
         a7:62:e2:82:8c:66:ef:7c:f2:d8:20:46:05:0b:59:3e:e4:d3:
         b8:d5:41:61
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQlIdJLNqdKLgRyPrQ7rOfBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDM0OTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDdmM2RhYmFlZTI0ZmM0M2I4NjVhYWZhM2YzYzljMmYzNjRiZmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA41W448YxbKOTwT10EN1X5J/scsgu
fHQTi2rTU8Dl9w8nOup9l+bZtoac4rh70TXQoc2643fT92o6ZGMOrgXcV1ppEUTI
Uw+eKjn1/lTUmkrPjItZJ61UoR2ffRw9vttZkPowGpkEpfTBYjUk5MfD8mH4x/2o
RoLGpRscWjP/umKG3KBfK5xomxyw3RYxqfobVJ11gVlIi1MDeghTVd5O83pdU0hF
iPakAsKWnghXAyUN69sPuIx2LBfCLnmBsc+DoKETzDOEjkhtor2Vw60wSMX2ZBmz
at7xL7ZnYNuiUClKv3LQ/k9Ey0K15zHJv/P0rlVtXjq2BmUW0ehuTho5pQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFHB/Pauu4k/EO4Zar6PzycLzZL/JMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ViLzg4Y2M1
MC0yMjczLTQ1ZmYtYWRiNS1lY2NkNjY1ZjFmMDMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWIvODhjYzUw
LTIyNzMtNDVmZi1hZGI1LWVjY2Q2NjVmMWYwMy8xL2NIODlxNjdpVDhRN2hscXZv
X1BKd3ZOa3Y4ay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwReoMA0GCSqGSIb3DQEBCwUAA4IBAQA7tFhX
yxjnmMmKn8XxsrM0hKkfhqmXO2TY3ByJnwu5wkxS+/sKH3nkXRvfcCQMo1feVibm
UCaKHxU0C6Xzyrgb6D+K95jsczMPmooKWC4EeDkrHtu7IqqrK5vRUv6Ms0WTGhej
kjylD857VCNjUwwzQ5nHeIw5gGoias3TDzmwuLles+f0LXm61Nmpc+DVbUBe6Hb/
/4xEtFttlhKPJci0HC4GZd6nWxdiv7Lj/sGS584BXEp6zVvrZH7vIp7PdijwHTKE
y80Hh5+tjGqbvbSj84QQGHYBBvY0sXRrXXc45srBTM28VAu49LanYuKCjGbvfPLY
IEYFC1k+5NO41UFh
-----END CERTIFICATE-----