Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5pKQpXGOP3nYPPNpHbYv8JxErI.cer
File:                     d5pKQpXGOP3nYPPNpHbYv8JxErI.cer (raw, json)
Hash identifier:          pIBTsf43FT8/hw+QqULWySYBIDkfxS7N8DYuLEVMB+E=
Subject key identifier:   77:9A:4A:42:95:C6:38:FD:E7:60:F3:CD:A4:76:D8:BF:C2:71:12:B2
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0196ED8B2EA38C3F30781B3A8EA60E269D0F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ef/fd89f9-98b6-4217-bccd-62c67d4bc546/1/d5pKQpXGOP3nYPPNpHbYv8JxErI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ef/fd89f9-98b6-4217-bccd-62c67d4bc546/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 20 May 2025 11:54:03 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 56449
                          IP: 91.225.156.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:8b:2e:a3:8c:3f:30:78:1b:3a:8e:a6:0e:26:9d:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: May 20 11:54:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=779a4a4295c638fde760f3cda476d8bfc27112b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:84:53:89:4e:56:f6:c0:a3:33:ce:65:44:00:
                    4d:1a:91:42:8a:2d:c0:15:a4:5a:ae:26:27:58:d0:
                    04:3c:7d:b4:48:d0:39:ef:60:80:70:0f:ba:66:6f:
                    93:b8:90:e7:26:fb:a7:dd:f8:d7:f0:e7:90:6e:2b:
                    55:79:69:c8:f0:ed:3c:a6:be:52:1a:a1:d1:db:75:
                    d4:c9:72:b6:2e:0e:83:66:a0:a7:f8:a1:f1:c3:79:
                    bf:75:1c:c4:c1:44:08:a3:9f:96:2f:b9:5f:f2:95:
                    c9:57:a0:32:56:7e:94:25:de:36:90:08:1d:e9:d9:
                    2b:7a:cb:d4:78:8b:f8:cd:e6:fd:55:64:72:55:9c:
                    b5:3c:bb:96:c3:83:c2:53:4c:9b:e1:cf:bf:f0:77:
                    25:3a:61:5a:81:3a:68:a4:fc:fc:6a:9d:3b:07:9f:
                    04:74:7a:40:94:83:ad:1c:ff:70:4b:42:6f:35:ae:
                    10:63:cf:bb:37:77:6f:4f:fd:0e:9a:ef:49:52:19:
                    25:1a:74:f5:8d:38:d0:da:08:55:bc:2b:4d:01:80:
                    83:f8:b8:3e:58:ad:0d:62:42:ec:0e:5e:09:ff:1c:
                    67:6c:6c:98:69:79:09:1d:c3:26:9e:e4:5a:ab:ff:
                    50:90:8d:62:24:cd:f1:69:f3:b0:61:4e:16:ce:10:
                    07:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:9A:4A:42:95:C6:38:FD:E7:60:F3:CD:A4:76:D8:BF:C2:71:12:B2
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fd89f9-98b6-4217-bccd-62c67d4bc546/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fd89f9-98b6-4217-bccd-62c67d4bc546/1/d5pKQpXGOP3nYPPNpHbYv8JxErI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.225.156.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  56449

    Signature Algorithm: sha256WithRSAEncryption
         01:40:d6:f4:e3:da:63:4e:f4:95:65:9c:34:64:f8:30:a9:ec:
         0d:ba:07:c1:52:6d:83:33:04:e1:10:92:be:60:7a:c8:37:d0:
         46:33:c4:97:50:d3:d5:fa:9b:b5:63:38:02:0d:70:1b:a6:47:
         ce:ff:63:05:96:fa:cc:bb:51:47:fa:54:99:fd:a9:31:3a:2d:
         91:96:36:d3:6c:8d:dd:b8:a9:c6:ad:56:ab:70:e3:09:db:ce:
         4e:67:5a:46:47:f5:8e:60:29:b6:24:b7:5b:7a:70:3f:3b:12:
         22:82:09:a4:f7:76:bd:29:fd:b1:2b:8c:3b:41:3c:56:c8:a1:
         fa:6b:e1:2f:63:05:84:bb:b3:9f:91:f3:75:1e:fe:5f:65:05:
         dc:35:53:40:df:75:8d:83:c9:b0:67:d4:65:01:b8:03:69:3f:
         2f:6a:ca:88:1f:a9:52:2f:43:75:ca:bc:63:bb:c2:93:a5:40:
         8f:ba:3c:f0:9a:be:1b:91:cc:42:ea:97:d2:dd:c7:57:a6:ed:
         fc:eb:f6:32:aa:2f:c9:46:14:45:10:04:2d:a1:34:76:34:59:
         f2:af:08:43:a5:45:03:b5:2e:ef:de:39:c3:f2:81:06:34:c8:
         d0:3b:e7:ea:f3:90:91:81:30:a0:17:63:96:74:19:4e:63:09:
         da:2a:53:53
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZbtiy6jjD8weBs6jqYOJp0PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNTIwMTE1NDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzlhNGE0Mjk1YzYzOGZkZTc2MGYzY2RhNDc2ZDhiZmMyNzExMmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4RTiU5W9sCjM85lRABNGpFCii3A
FaRariYnWNAEPH20SNA572CAcA+6Zm+TuJDnJvun3fjX8OeQbitVeWnI8O08pr5S
GqHR23XUyXK2Lg6DZqCn+KHxw3m/dRzEwUQIo5+WL7lf8pXJV6AyVn6UJd42kAgd
6dkresvUeIv4zeb9VWRyVZy1PLuWw4PCU0yb4c+/8HclOmFagTpopPz8ap07B58E
dHpAlIOtHP9wS0JvNa4QY8+7N3dvT/0Omu9JUhklGnT1jTjQ2ghVvCtNAYCD+Lg+
WK0NYkLsDl4J/xxnbGyYaXkJHcMmnuRaq/9QkI1iJM3xafOwYU4WzhAHuwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFHeaSkKVxjj952DzzaR22L/CcRKyMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VmL2ZkODlm
OS05OGI2LTQyMTctYmNjZC02MmM2N2Q0YmM1NDYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWYvZmQ4OWY5
LTk4YjYtNDIxNy1iY2NkLTYyYzY3ZDRiYzU0Ni8xL2Q1cEtRcFhHT1AzbllQUE5w
SGJZdjhKeEVySS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCW+GcMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDcgTANBgkqhkiG9w0BAQsFAAOCAQEAAUDW9OPaY070lWWcNGT4MKnsDboHwVJt
gzME4RCSvmB6yDfQRjPEl1DT1fqbtWM4Ag1wG6ZHzv9jBZb6zLtRR/pUmf2pMTot
kZY202yN3bipxq1Wq3DjCdvOTmdaRkf1jmAptiS3W3pwPzsSIoIJpPd2vSn9sSuM
O0E8Vsih+mvhL2MFhLuzn5HzdR7+X2UF3DVTQN91jYPJsGfUZQG4A2k/L2rKiB+p
Ui9Ddcq8Y7vCk6VAj7o88Jq+G5HMQuqX0t3HV6bt/Ov2MqovyUYURRAELaE0djRZ
8q8IQ6VFA7Uu7945w/KBBjTI0Dvn6vOQkYEwoBdjlnQZTmMJ2ipTUw==
-----END CERTIFICATE-----