Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d13RfhRQYORZmmWRzA5orCrm7Ds.cer
File:                     d13RfhRQYORZmmWRzA5orCrm7Ds.cer (raw, json)
Hash identifier:          KcIWb26bl6i1FzfugccA85sgyUn2inUwovEJ+O4nB7A=
Subject key identifier:   77:5D:D1:7E:14:50:60:E4:59:9A:65:91:CC:0E:68:AC:2A:E6:EC:3B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194B7DC06F5439343AA02C0A058EACE5C5F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/f9719fb9-23e3-4e31-a08d-68affbad991f/0/775DD17E145060E4599A6591CC0E68AC2AE6EC3B.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/f9719fb9-23e3-4e31-a08d-68affbad991f/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Thu 30 Jan 2025 15:37:17 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 213768
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b7:dc:06:f5:43:93:43:aa:02:c0:a0:58:ea:ce:5c:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 30 15:37:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=775dd17e145060e4599a6591cc0e68ac2ae6ec3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:76:64:16:c1:51:6f:41:42:97:5f:a7:c8:14:
                    5f:76:d6:96:4d:f0:bc:7e:8e:46:86:3f:16:b6:40:
                    8a:da:b9:c7:e9:93:70:d1:fc:46:e4:de:4d:3b:d3:
                    4d:26:f6:9a:ee:30:a1:15:79:8e:fb:79:1c:bf:e3:
                    09:0c:7e:36:27:87:e2:d5:59:45:93:2c:00:17:04:
                    3b:2e:0e:eb:f6:2f:6c:44:f0:2b:ee:24:64:36:8b:
                    6d:09:6c:71:53:c6:b3:aa:2f:48:3b:de:84:8b:e0:
                    24:6a:ea:52:a1:8f:b3:a0:fe:9a:f0:1a:6b:d9:de:
                    12:11:d3:f4:b4:71:c4:c0:3c:ab:3f:88:41:df:ec:
                    19:61:68:b7:26:0e:cf:c8:6c:cf:63:5f:20:5b:90:
                    e1:5e:d0:52:eb:bf:5f:c0:a5:76:cc:2d:b4:9a:bc:
                    85:60:5e:34:52:98:69:fe:9f:fa:3f:f4:c8:2c:34:
                    4a:67:84:47:c4:47:c2:d0:2b:3d:3f:1e:90:0d:d2:
                    9f:32:5f:cf:3f:0b:9c:dc:a8:d2:1e:ec:26:0b:bc:
                    06:2d:f3:6e:b7:ef:25:65:8d:2b:0c:57:dd:81:f9:
                    a9:5f:87:7b:e1:ea:d4:c1:57:27:36:d3:ef:87:42:
                    9c:0f:6a:55:36:fc:f7:ca:de:ef:c8:57:16:65:ba:
                    c0:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:5D:D1:7E:14:50:60:E4:59:9A:65:91:CC:0E:68:AC:2A:E6:EC:3B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/f9719fb9-23e3-4e31-a08d-68affbad991f/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/f9719fb9-23e3-4e31-a08d-68affbad991f/0/775DD17E145060E4599A6591CC0E68AC2AE6EC3B.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213768

    Signature Algorithm: sha256WithRSAEncryption
         73:49:fa:e8:26:b7:1b:d9:55:78:b1:83:a2:fc:d5:ed:42:85:
         07:54:4e:a6:a5:3b:ab:8a:b5:7b:38:9c:30:15:40:b2:1b:6a:
         3d:c2:f4:7f:75:d0:b5:43:70:4f:fe:1f:75:34:1f:f3:dd:69:
         61:27:65:33:db:9b:84:92:50:b6:a2:73:90:dd:be:f6:10:b7:
         3a:05:3f:ec:33:2e:fa:07:0b:20:3d:7f:2b:6f:a4:e2:91:3c:
         b3:ca:37:02:3d:b0:6d:83:0e:5d:33:d3:35:c5:8e:a9:15:69:
         b4:0c:2c:41:0d:d2:91:85:82:97:4a:1f:ef:9d:9b:4b:a3:aa:
         17:73:d4:62:19:9a:f7:74:6b:d9:f1:fc:c4:2c:ce:23:66:9f:
         8f:de:aa:fd:13:f0:84:60:c8:f8:de:3e:96:88:fa:0d:15:04:
         19:56:27:b9:17:96:e2:20:b8:60:71:82:99:f3:c2:55:61:64:
         9a:a3:03:33:d2:a3:07:4b:1b:f1:9a:0a:a5:6b:2c:4d:5b:97:
         0b:8f:5d:f5:db:22:c9:c2:9f:36:18:92:52:51:f4:b5:28:c6:
         4a:b5:b8:62:31:29:89:f3:4d:0e:ab:a4:f6:45:2e:d5:97:0b:
         cd:a0:62:74:26:d7:03:ad:94:09:46:5e:50:cc:e0:f8:e2:ae:
         43:ed:13:01
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZS33Ab1Q5NDqgLAoFjqzlxfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTMwMTUzNzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzVkZDE3ZTE0NTA2MGU0NTk5YTY1OTFjYzBlNjhhYzJhZTZlYzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHZkFsFRb0FCl1+nyBRfdtaWTfC8
fo5Ghj8WtkCK2rnH6ZNw0fxG5N5NO9NNJvaa7jChFXmO+3kcv+MJDH42J4fi1VlF
kywAFwQ7Lg7r9i9sRPAr7iRkNottCWxxU8azqi9IO96Ei+AkaupSoY+zoP6a8Bpr
2d4SEdP0tHHEwDyrP4hB3+wZYWi3Jg7PyGzPY18gW5DhXtBS679fwKV2zC20mryF
YF40Uphp/p/6P/TILDRKZ4RHxEfC0Cs9Px6QDdKfMl/PPwuc3KjSHuwmC7wGLfNu
t+8lZY0rDFfdgfmpX4d74erUwVcnNtPvh0KcD2pVNvz3yt7vyFcWZbrAdwIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFHdd0X4UUGDkWZplkcwOaKwq5uw7MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2Y5NzE5
ZmI5LTIzZTMtNGUzMS1hMDhkLTY4YWZmYmFkOTkxZi8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZjk3
MTlmYjktMjNlMy00ZTMxLWEwOGQtNjhhZmZiYWQ5OTFmLzAvNzc1REQxN0UxNDUw
NjBFNDU5OUE2NTkxQ0MwRTY4QUMyQUU2RUMzQi5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDQwgw
DQYJKoZIhvcNAQELBQADggEBAHNJ+ugmtxvZVXixg6L81e1ChQdUTqalO6uKtXs4
nDAVQLIbaj3C9H910LVDcE/+H3U0H/PdaWEnZTPbm4SSULaic5DdvvYQtzoFP+wz
LvoHCyA9fytvpOKRPLPKNwI9sG2DDl0z0zXFjqkVabQMLEEN0pGFgpdKH++dm0uj
qhdz1GIZmvd0a9nx/MQsziNmn4/eqv0T8IRgyPjePpaI+g0VBBlWJ7kXluIguGBx
gpnzwlVhZJqjAzPSowdLG/GaCqVrLE1blwuPXfXbIsnCnzYYklJR9LUoxkq1uGIx
KYnzTQ6rpPZFLtWXC82gYnQm1wOtlAlGXlDM4PjirkPtEwE=
-----END CERTIFICATE-----