Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dIZPUCPsYmPvnxb5AYf18oBh0RU.cer
File:                     dIZPUCPsYmPvnxb5AYf18oBh0RU.cer (raw, json)
Hash identifier:          JaUPJheQE/lSvrcLqCYVjsZJ3yf+E1ZNy1ekpcK1eRA=
Subject key identifier:   74:86:4F:50:23:EC:62:63:EF:9F:16:F9:01:87:F5:F2:80:61:D1:15
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420D5D065393D2328BC686AA0F7A51F05
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/01/0ca4df-2e06-4406-9688-78f02805c709/1/dIZPUCPsYmPvnxb5AYf18oBh0RU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/01/0ca4df-2e06-4406-9688-78f02805c709/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 07:47:51 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 198470
                          IP: 91.235.82.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Mar 2025 12:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:d0:65:39:3d:23:28:bc:68:6a:a0:f7:a5:1f:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74864f5023ec6263ef9f16f90187f5f28061d115
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c3:22:02:ba:25:12:9a:3b:8b:dd:e6:10:0d:
                    81:91:5e:38:c3:18:5f:31:5a:1a:fe:0b:98:86:54:
                    7b:64:ef:5d:86:9e:22:42:3e:e7:ec:ca:e3:6b:92:
                    6a:c9:36:b7:d2:76:85:c5:13:20:a1:6d:bd:3d:35:
                    61:52:a5:2c:c0:78:f6:5a:eb:d1:c2:95:1d:b9:ac:
                    25:0d:2c:2f:2f:e3:5b:af:8b:17:8c:f7:9a:1c:2d:
                    99:2b:9d:3e:d2:c2:82:91:a0:63:a0:f7:ce:3e:b9:
                    6c:11:17:c1:0e:6c:7d:7a:82:f0:ab:85:0a:e4:f8:
                    90:1f:ef:18:16:32:ca:ee:c2:00:ab:83:be:e6:5d:
                    8e:a5:d2:a7:45:84:79:68:6d:7c:6e:a8:a2:0f:5f:
                    c1:c7:96:08:f8:8c:d6:01:1c:3a:ab:a5:67:a3:5a:
                    25:ae:9f:07:ca:9e:19:43:ca:3c:20:c2:f8:52:66:
                    8e:3c:56:cd:6f:d5:01:75:f9:a7:17:72:78:f2:d7:
                    e1:07:a4:8c:b9:d1:fc:4d:8b:3c:91:74:4c:6d:16:
                    b6:01:8a:4a:1e:36:f7:0a:f1:f5:e6:7e:76:e4:c8:
                    5f:40:dd:0b:22:06:ae:7f:39:f4:59:e9:0b:a9:22:
                    5f:e0:be:62:af:55:71:0f:08:52:5e:26:5f:74:f4:
                    dc:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:86:4F:50:23:EC:62:63:EF:9F:16:F9:01:87:F5:F2:80:61:D1:15
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0ca4df-2e06-4406-9688-78f02805c709/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0ca4df-2e06-4406-9688-78f02805c709/1/dIZPUCPsYmPvnxb5AYf18oBh0RU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.82.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198470

    Signature Algorithm: sha256WithRSAEncryption
         98:b7:d2:42:e7:38:56:76:ff:91:d1:a2:7f:85:b2:38:ab:a7:
         8d:da:fe:51:1b:b2:52:64:57:6e:ae:c9:24:77:5c:90:8d:dc:
         04:65:06:71:9a:a0:90:ec:84:27:62:15:33:aa:6f:50:78:76:
         51:31:05:ea:17:95:c5:2d:fc:3c:ee:a0:a6:58:d7:3d:d4:b8:
         90:54:1e:bc:84:8b:13:1f:40:33:b3:7b:32:d3:e3:a6:36:88:
         18:57:69:62:22:5e:4e:47:68:df:28:b8:00:b8:da:e6:56:ac:
         ac:49:60:2a:6a:05:a8:5b:2f:5a:b1:95:9a:67:b5:5f:93:cb:
         3d:b3:ab:70:42:d9:d5:24:d2:31:2a:bb:7d:b0:df:30:0c:69:
         b7:83:ad:a9:19:d5:6a:b2:d7:2c:79:0a:c9:fe:5c:f8:01:22:
         a1:bf:34:26:89:c6:23:70:92:06:d6:c6:91:61:61:75:8f:2f:
         d7:c3:66:77:6c:ac:3d:19:2e:c8:e0:10:ee:a6:68:3b:3c:ed:
         ad:ba:f0:36:05:14:b8:5b:80:14:4b:92:ac:69:e9:c5:e6:a5:
         28:3d:e7:56:b1:9e:c5:ef:a3:6c:a0:ed:11:c7:45:64:99:65:
         72:81:7b:2c:59:10:55:f7:0b:24:c9:07:e3:16:cd:65:20:d5:
         2e:04:5f:1a
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQg1dBlOT0jKLxoaqD3pR8FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDc0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDg2NGY1MDIzZWM2MjYzZWY5ZjE2ZjkwMTg3ZjVmMjgwNjFkMTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsMiArolEpo7i93mEA2BkV44wxhf
MVoa/guYhlR7ZO9dhp4iQj7n7Mrja5JqyTa30naFxRMgoW29PTVhUqUswHj2WuvR
wpUduawlDSwvL+Nbr4sXjPeaHC2ZK50+0sKCkaBjoPfOPrlsERfBDmx9eoLwq4UK
5PiQH+8YFjLK7sIAq4O+5l2OpdKnRYR5aG18bqiiD1/Bx5YI+IzWARw6q6Vno1ol
rp8Hyp4ZQ8o8IML4UmaOPFbNb9UBdfmnF3J48tfhB6SMudH8TYs8kXRMbRa2AYpK
Hjb3CvH15n525MhfQN0LIgaufzn0WekLqSJf4L5ir1VxDwhSXiZfdPTc4QIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFHSGT1Aj7GJj758W+QGH9fKAYdEVMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzAxLzBjYTRk
Zi0yZTA2LTQ0MDYtOTY4OC03OGYwMjgwNWM3MDkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDEvMGNhNGRm
LTJlMDYtNDQwNi05Njg4LTc4ZjAyODA1YzcwOS8xL2RJWlBVQ1BzWW1Qdm54YjVB
WWYxOG9CaDBSVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW+tSMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMHRjANBgkqhkiG9w0BAQsFAAOCAQEAmLfSQuc4Vnb/kdGif4WyOKunjdr+URuy
UmRXbq7JJHdckI3cBGUGcZqgkOyEJ2IVM6pvUHh2UTEF6heVxS38PO6gpljXPdS4
kFQevISLEx9AM7N7MtPjpjaIGFdpYiJeTkdo3yi4ALja5lasrElgKmoFqFsvWrGV
mme1X5PLPbOrcELZ1STSMSq7fbDfMAxpt4OtqRnVarLXLHkKyf5c+AEiob80JonG
I3CSBtbGkWFhdY8v18Nmd2ysPRkuyOAQ7qZoOzztrbrwNgUUuFuAFEuSrGnpxeal
KD3nVrGexe+jbKDtEcdFZJllcoF7LFkQVfcLJMkH4xbNZSDVLgRfGg==
-----END CERTIFICATE-----