Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cl3CBR5_PY1hf1UYng7m8xdNkto.cer
File:                     cl3CBR5_PY1hf1UYng7m8xdNkto.cer (raw, json)
Hash identifier:          bB8HNS6AdzIEKgNaQN/Pigr91knkG4WFgyKKEWtZoXs=
Subject key identifier:   72:5D:C2:05:1E:7F:3D:8D:61:7F:55:18:9E:0E:E6:F3:17:4D:92:DA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194266A3A8B86E7847AD814985224DBFFF6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a8/984111-6f7c-4e69-94c9-ff0f52633527/1/cl3CBR5_PY1hf1UYng7m8xdNkto.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a8/984111-6f7c-4e69-94c9-ff0f52633527/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 09:48:03 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 214138
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:3a:8b:86:e7:84:7a:d8:14:98:52:24:db:ff:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 09:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=725dc2051e7f3d8d617f55189e0ee6f3174d92da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e7:e3:45:83:3f:7a:61:45:3b:c6:b6:6f:55:
                    2d:8a:73:ec:94:85:19:d6:95:67:c8:e7:da:63:23:
                    a7:84:6a:40:95:6d:8a:cb:db:db:b6:de:f0:36:75:
                    1b:f8:fe:3f:99:de:2d:e8:b2:08:68:d8:d8:31:04:
                    9d:25:af:1e:67:0f:b9:04:91:85:fe:9d:5b:57:81:
                    06:d1:a6:0f:0c:f0:3e:b3:ee:3a:12:12:11:fe:56:
                    8e:8a:1a:28:91:2d:cd:d5:d3:93:20:9e:ea:14:d4:
                    96:00:b5:7a:56:99:86:14:53:77:b0:d4:5f:9e:98:
                    79:d5:55:e3:b9:bf:5b:f4:eb:8e:01:63:89:e0:29:
                    b7:dc:cb:ea:24:e1:73:70:3e:e5:73:7f:d1:dc:ac:
                    dc:39:87:fd:9e:98:0a:c8:43:d1:c2:a1:f7:86:d3:
                    9c:7b:c1:89:30:68:4e:ba:26:49:6d:24:50:cd:ef:
                    73:af:66:0e:7e:c5:77:36:92:d7:6c:f8:b9:e2:d2:
                    4e:1a:b4:c5:d8:d5:a3:3e:19:c0:8a:a2:52:27:e4:
                    b7:9d:bb:d6:61:3b:a7:7b:2f:da:15:2f:f7:2e:17:
                    dc:0b:19:9f:db:dd:aa:2a:2f:19:0e:84:47:8c:49:
                    65:3d:a0:c9:b9:20:52:74:be:f4:9c:54:5d:76:0f:
                    72:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:5D:C2:05:1E:7F:3D:8D:61:7F:55:18:9E:0E:E6:F3:17:4D:92:DA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/984111-6f7c-4e69-94c9-ff0f52633527/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/984111-6f7c-4e69-94c9-ff0f52633527/1/cl3CBR5_PY1hf1UYng7m8xdNkto.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214138

    Signature Algorithm: sha256WithRSAEncryption
         9e:5e:44:33:45:cb:5f:6a:83:e7:55:3c:3c:81:30:b6:fe:28:
         46:5a:ac:38:44:81:2b:57:f0:e8:8e:54:38:1f:03:1a:bb:4d:
         d1:20:58:b4:60:86:4f:82:8c:5f:49:75:4c:fc:09:53:8f:61:
         48:53:c5:59:ae:a1:dd:75:3e:8b:bb:70:5d:55:ed:b5:06:17:
         50:45:75:8b:c1:d6:1d:78:f1:c1:0d:39:ae:b9:81:91:cf:4d:
         27:79:5c:b0:d1:4e:a9:bd:57:98:5b:92:28:0c:74:55:ae:be:
         7d:7b:2f:a6:86:ae:10:4f:6f:b4:8f:56:04:6c:ee:11:97:f9:
         00:d8:eb:5e:d6:3a:8d:d3:a2:fb:20:ea:67:b4:67:14:72:60:
         ac:66:ed:16:c3:d8:52:49:0f:b3:c0:e8:68:b5:7b:b9:5a:1d:
         35:ff:31:70:58:b0:64:67:3f:9d:b8:5f:86:6a:5e:21:17:82:
         5a:c4:c0:0f:d8:5d:ef:d5:4f:71:e1:1d:8a:9a:07:a7:c7:61:
         36:ce:e4:5f:90:9d:29:d5:fb:38:56:65:57:82:d5:5f:e4:6e:
         be:06:f8:65:a8:f4:28:fe:2b:ed:75:97:1f:04:da:19:ed:f2:
         48:49:9f:9d:b3:db:a9:cb:a3:56:93:1c:cc:a7:2d:03:30:c6:
         84:f8:be:c9
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQmajqLhueEetgUmFIk2//2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDk0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjVkYzIwNTFlN2YzZDhkNjE3ZjU1MTg5ZTBlZTZmMzE3NGQ5MmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqefjRYM/emFFO8a2b1UtinPslIUZ
1pVnyOfaYyOnhGpAlW2Ky9vbtt7wNnUb+P4/md4t6LIIaNjYMQSdJa8eZw+5BJGF
/p1bV4EG0aYPDPA+s+46EhIR/laOihookS3N1dOTIJ7qFNSWALV6VpmGFFN3sNRf
nph51VXjub9b9OuOAWOJ4Cm33MvqJOFzcD7lc3/R3KzcOYf9npgKyEPRwqH3htOc
e8GJMGhOuiZJbSRQze9zr2YOfsV3NpLXbPi54tJOGrTF2NWjPhnAiqJSJ+S3nbvW
YTuney/aFS/3LhfcCxmf292qKi8ZDoRHjEllPaDJuSBSdL70nFRddg9yWwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFHJdwgUefz2NYX9VGJ4O5vMXTZLaMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2E4Lzk4NDEx
MS02ZjdjLTRlNjktOTRjOS1mZjBmNTI2MzM1MjcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTgvOTg0MTEx
LTZmN2MtNGU2OS05NGM5LWZmMGY1MjYzMzUyNy8xL2NsM0NCUjVfUFkxaGYxVVlu
ZzdtOHhkTmt0by5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNEejANBgkqhkiG9w0BAQsFAAOCAQEAnl5EM0XLX2qD
51U8PIEwtv4oRlqsOESBK1fw6I5UOB8DGrtN0SBYtGCGT4KMX0l1TPwJU49hSFPF
Wa6h3XU+i7twXVXttQYXUEV1i8HWHXjxwQ05rrmBkc9NJ3lcsNFOqb1XmFuSKAx0
Va6+fXsvpoauEE9vtI9WBGzuEZf5ANjrXtY6jdOi+yDqZ7RnFHJgrGbtFsPYUkkP
s8DoaLV7uVodNf8xcFiwZGc/nbhfhmpeIReCWsTAD9hd79VPceEdipoHp8dhNs7k
X5CdKdX7OFZlV4LVX+Ruvgb4Zaj0KP4r7XWXHwTaGe3ySEmfnbPbqcujVpMczKct
AzDGhPi+yQ==
-----END CERTIFICATE-----