Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cZ5ZtQF7_mNEEZSe_y1wugoHxUA.cer
File:                     cZ5ZtQF7_mNEEZSe_y1wugoHxUA.cer (raw, json)
Hash identifier:          DquJy66NTW0BH0M48SQ+qEq1naB8/h3RaUfUOj0eRps=
Subject key identifier:   71:9E:59:B5:01:7B:FE:63:44:11:94:9E:FF:2D:70:BA:0A:07:C5:40
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194266C110212E602FEC1F267F1EE2AE5DF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/cZ5ZtQF7_mNEEZSe_y1wugoHxUA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 09:50:04 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 197271
                          IP: 46.28.56.0/21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:11:02:12:e6:02:fe:c1:f2:67:f1:ee:2a:e5:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 09:50:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=719e59b5017bfe634411949eff2d70ba0a07c540
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e7:aa:50:9f:8a:08:ac:c2:75:b3:60:c1:7a:
                    68:4d:e9:aa:e1:fb:68:98:f2:74:a2:59:05:15:e4:
                    f1:e8:b2:b1:d2:0d:7f:72:76:a7:e8:8c:41:eb:b4:
                    ae:48:c5:af:ab:24:d6:a6:e5:1f:3f:72:7b:fc:05:
                    08:ec:ef:39:0c:6c:3a:15:61:b1:0b:79:c6:aa:43:
                    29:ad:3f:cb:f6:3e:95:ab:f8:b4:72:70:58:14:ea:
                    11:c2:53:e5:1b:44:1d:0e:02:05:3e:73:82:de:e2:
                    0a:93:40:6f:0c:20:6f:7f:81:77:60:37:f2:ec:c8:
                    ca:df:ff:5a:96:3f:b9:c5:2d:07:5b:c4:51:ed:9b:
                    ac:f4:f8:04:86:ad:0b:02:d8:b7:c9:72:15:6b:20:
                    67:ee:fa:73:9c:79:69:26:2d:f3:ec:36:c1:de:e9:
                    0a:50:15:ab:b4:0c:e2:8d:76:7d:5a:9e:fb:e1:4d:
                    66:4d:ff:f3:8d:3c:3c:e9:c5:2d:98:be:55:5f:ca:
                    fe:bd:76:58:fe:8c:74:2e:43:74:8f:29:2b:50:13:
                    f8:55:f6:8d:d0:8b:d4:f2:af:71:2e:74:5b:75:81:
                    4e:16:12:5c:0c:04:1d:c2:c8:8a:f9:1a:ce:cb:06:
                    01:bb:ec:e9:33:da:b8:65:41:17:9f:d8:af:1c:9c:
                    04:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:9E:59:B5:01:7B:FE:63:44:11:94:9E:FF:2D:70:BA:0A:07:C5:40
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/cZ5ZtQF7_mNEEZSe_y1wugoHxUA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.28.56.0/21

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  197271

    Signature Algorithm: sha256WithRSAEncryption
         1e:d7:8b:62:ab:ce:91:e4:ed:a9:72:6f:e8:cc:fa:48:03:e5:
         61:ac:87:9c:8f:1f:68:b4:23:27:d9:aa:2d:c7:2f:27:f8:65:
         b6:67:5a:3f:9f:c4:07:3d:b8:88:18:de:03:4c:a5:4c:7b:bd:
         92:97:3c:77:ef:14:45:be:8d:27:46:d6:de:42:c1:fb:d3:28:
         89:7c:cb:a5:38:9b:5e:15:e5:01:a3:7b:9c:68:a0:3f:89:2a:
         c7:3f:be:1b:33:bf:4b:e2:ce:12:2d:e7:5b:32:bd:8d:f7:e8:
         e6:34:51:e9:e5:80:c4:8d:9f:f7:78:b3:05:98:23:ce:27:45:
         6f:e1:08:3a:2b:b3:98:65:db:b0:a1:80:30:da:ca:6f:3f:57:
         3a:d0:17:62:d4:09:1f:4e:2b:9d:79:20:39:c1:07:49:d6:68:
         68:26:e8:0e:dc:cb:cb:08:25:53:c1:15:a6:f0:fe:c4:ea:08:
         c5:32:6f:61:63:5b:90:c5:68:80:8e:f2:b0:57:bf:48:7d:f3:
         c5:e7:f4:09:74:ec:69:03:91:c9:7b:95:b9:19:d3:bd:b0:0d:
         68:12:b4:03:3f:31:e5:1e:62:b3:d6:61:55:1f:80:75:e5:8c:
         75:62:e3:ac:b2:db:19:00:d1:70:b7:3f:2e:cd:b8:79:26:3d:
         dd:c4:4c:a3
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQmbBECEuYC/sHyZ/HuKuXfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDk1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTllNTliNTAxN2JmZTYzNDQxMTk0OWVmZjJkNzBiYTBhMDdjNTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+eqUJ+KCKzCdbNgwXpoTemq4fto
mPJ0olkFFeTx6LKx0g1/cnan6IxB67SuSMWvqyTWpuUfP3J7/AUI7O85DGw6FWGx
C3nGqkMprT/L9j6Vq/i0cnBYFOoRwlPlG0QdDgIFPnOC3uIKk0BvDCBvf4F3YDfy
7MjK3/9alj+5xS0HW8RR7Zus9PgEhq0LAti3yXIVayBn7vpznHlpJi3z7DbB3ukK
UBWrtAzijXZ9Wp774U1mTf/zjTw86cUtmL5VX8r+vXZY/ox0LkN0jykrUBP4VfaN
0IvU8q9xLnRbdYFOFhJcDAQdwsiK+RrOywYBu+zpM9q4ZUEXn9ivHJwE5QIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFHGeWbUBe/5jRBGUnv8tcLoKB8VAMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2EzLzFmOWU2
Yy1lNmI4LTRhZDQtOTk0MS1mNDZmOWQ2NzRmNmMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTMvMWY5ZTZj
LWU2YjgtNGFkNC05OTQxLWY0NmY5ZDY3NGY2Yy8xL2NaNVp0UUY3X21ORUVaU2Vf
eTF3dWdvSHhVQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQDLhw4MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMClzANBgkqhkiG9w0BAQsFAAOCAQEAHteLYqvOkeTtqXJv6Mz6SAPlYayHnI8f
aLQjJ9mqLccvJ/hltmdaP5/EBz24iBjeA0ylTHu9kpc8d+8URb6NJ0bW3kLB+9Mo
iXzLpTibXhXlAaN7nGigP4kqxz++GzO/S+LOEi3nWzK9jffo5jRR6eWAxI2f93iz
BZgjzidFb+EIOiuzmGXbsKGAMNrKbz9XOtAXYtQJH04rnXkgOcEHSdZoaCboDtzL
ywglU8EVpvD+xOoIxTJvYWNbkMVogI7ysFe/SH3zxef0CXTsaQORyXuVuRnTvbAN
aBK0Az8x5R5is9ZhVR+AdeWMdWLjrLLbGQDRcLc/Ls24eSY93cRMow==
-----END CERTIFICATE-----