Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5LD_GkVSsfVFbysnaoH54vCKcw.cer
File:                     d5LD_GkVSsfVFbysnaoH54vCKcw.cer (raw, json)
Hash identifier:          OiMHq2iXxYHfIXinFLPUaH/SLVNdSIZNgprA546OjGs=
Subject key identifier:   77:92:C3:FC:69:15:4A:C7:D5:15:BC:AC:9D:AA:07:E7:8B:C2:29:CC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019426D9B4527681C9E33ED0005B657DD2E9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ed/52b48d-28a8-48f5-a4df-4db40a36563e/1/d5LD_GkVSsfVFbysnaoH54vCKcw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ed/52b48d-28a8-48f5-a4df-4db40a36563e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 11:49:49 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.99.56.0/22
                          IP: 2a06:10c0::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:b4:52:76:81:c9:e3:3e:d0:00:5b:65:7d:d2:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 11:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7792c3fc69154ac7d515bcac9daa07e78bc229cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:f6:cd:ff:70:3a:2d:15:09:48:2c:57:e0:fa:
                    f9:3f:56:74:c1:74:a9:4a:9a:0e:be:f0:48:5b:33:
                    d7:e2:05:e1:f3:27:50:c0:83:48:1f:76:2d:a5:fb:
                    2b:0c:fc:33:07:9e:20:57:73:91:64:3d:b8:4f:fa:
                    0c:f0:08:85:fa:61:3d:a8:53:d3:21:c0:8d:0a:57:
                    3a:9d:da:98:cb:79:72:63:b6:37:2c:c4:25:2c:cc:
                    87:4e:57:6e:10:f5:9b:80:1c:92:2b:bb:57:f7:05:
                    2c:66:3a:39:4c:11:fd:e8:2e:8a:51:0d:48:b7:76:
                    bb:1a:2c:d7:0b:fa:c0:40:1d:29:c4:5b:db:d0:b0:
                    a8:41:4f:95:b3:d3:de:b5:94:f3:3c:c0:8e:8c:85:
                    63:79:94:2e:0f:a2:c9:22:c6:2b:9b:57:ea:21:a0:
                    0e:08:d0:21:fd:cc:42:b0:1c:9b:c6:b6:60:76:a8:
                    8c:4e:9e:bb:2e:11:83:e3:77:94:02:94:57:c9:e2:
                    a9:3d:c8:f4:81:5f:1d:64:3e:39:1c:e5:ca:41:f4:
                    73:36:dd:62:19:43:30:c0:28:6e:83:74:f5:23:65:
                    56:ab:e6:39:96:bf:da:b1:72:7c:1e:12:34:5d:89:
                    1e:5f:15:b7:e2:56:04:bc:98:32:34:0f:a1:1b:2d:
                    52:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:92:C3:FC:69:15:4A:C7:D5:15:BC:AC:9D:AA:07:E7:8B:C2:29:CC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/52b48d-28a8-48f5-a4df-4db40a36563e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/52b48d-28a8-48f5-a4df-4db40a36563e/1/d5LD_GkVSsfVFbysnaoH54vCKcw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.99.56.0/22
                IPv6:
                  2a06:10c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1c:00:7e:16:0f:d5:76:d0:58:33:d0:9a:b2:1c:06:49:b8:b9:
         0b:b3:aa:84:12:03:26:8a:2a:4e:a0:49:0b:fd:83:08:52:dd:
         7d:8b:b7:5c:eb:03:7c:63:e2:06:4f:7e:4b:53:97:1f:b9:43:
         70:46:5d:f6:28:88:03:f1:12:6c:93:42:7d:5b:d5:8e:a0:fa:
         de:e0:71:53:8c:33:67:ce:4f:1f:f2:f9:1f:83:5f:ef:72:07:
         1f:4e:dd:2c:28:b8:ea:e2:7b:7a:a4:31:1f:f4:20:77:8c:80:
         5b:fa:78:20:c4:1a:5d:9b:22:46:cb:3b:e9:01:b0:22:8f:10:
         c8:9a:06:1a:09:75:fe:17:b9:e6:d6:06:f4:f9:9f:5b:ff:14:
         01:eb:6e:66:12:ea:53:70:c2:84:22:c5:75:ac:f8:52:12:f3:
         56:c3:5c:ca:44:e2:09:1c:27:95:cd:10:d1:c4:8a:30:36:47:
         6c:9c:ce:07:ae:85:cb:42:6d:01:8e:70:9a:a1:f9:8d:ca:81:
         d1:87:f3:88:f7:9b:43:0b:97:4e:d1:7e:ad:25:f4:11:08:09:
         01:75:91:5d:dc:99:db:9a:37:02:87:ec:36:1a:f8:bb:df:54:
         52:b5:d3:75:e3:a7:6f:c0:96:36:07:6d:2c:b3:99:22:a1:bf:
         30:b0:71:cf
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQm2bRSdoHJ4z7QAFtlfdLpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTE0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzkyYzNmYzY5MTU0YWM3ZDUxNWJjYWM5ZGFhMDdlNzhiYzIyOWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvbN/3A6LRUJSCxX4Pr5P1Z0wXSp
SpoOvvBIWzPX4gXh8ydQwINIH3YtpfsrDPwzB54gV3ORZD24T/oM8AiF+mE9qFPT
IcCNClc6ndqYy3lyY7Y3LMQlLMyHTlduEPWbgBySK7tX9wUsZjo5TBH96C6KUQ1I
t3a7GizXC/rAQB0pxFvb0LCoQU+Vs9PetZTzPMCOjIVjeZQuD6LJIsYrm1fqIaAO
CNAh/cxCsBybxrZgdqiMTp67LhGD43eUApRXyeKpPcj0gV8dZD45HOXKQfRzNt1i
GUMwwChug3T1I2VWq+Y5lr/asXJ8HhI0XYkeXxW34lYEvJgyNA+hGy1SyQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFHeSw/xpFUrH1RW8rJ2qB+eLwinMMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VkLzUyYjQ4
ZC0yOGE4LTQ4ZjUtYTRkZi00ZGI0MGEzNjU2M2UvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWQvNTJiNDhk
LTI4YTgtNDhmNS1hNGRmLTRkYjQwYTM2NTYzZS8xL2Q1TERfR2tWU3NmVkZieXNu
YW9INTR2Q0tjdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuWM4MA0EAgACMAcDBQMqBhDAMA0GCSqGSIb3
DQEBCwUAA4IBAQAcAH4WD9V20Fgz0JqyHAZJuLkLs6qEEgMmiipOoEkL/YMIUt19
i7dc6wN8Y+IGT35LU5cfuUNwRl32KIgD8RJsk0J9W9WOoPre4HFTjDNnzk8f8vkf
g1/vcgcfTt0sKLjq4nt6pDEf9CB3jIBb+nggxBpdmyJGyzvpAbAijxDImgYaCXX+
F7nm1gb0+Z9b/xQB625mEupTcMKEIsV1rPhSEvNWw1zKROIJHCeVzRDRxIowNkds
nM4HroXLQm0BjnCaofmNyoHRh/OI95tDC5dO0X6tJfQRCAkBdZFd3JnbmjcCh+w2
Gvi731RStdN146dvwJY2B20ss5kiob8wsHHP
-----END CERTIFICATE-----