Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dNAyUoux0Vl2bNed5HhtzZYqH7s.cer
File:                     dNAyUoux0Vl2bNed5HhtzZYqH7s.cer (raw, json)
Hash identifier:          CzDZbqkQrB442zwVIknK5OxK+s36jgcH6/EZmbOfThQ=
Subject key identifier:   74:D0:32:52:8B:B1:D1:59:76:6C:D7:9D:E4:78:6D:CD:96:2A:1F:BB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194274802A04B4B1CE06CD2536729609C17
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c7/29a422-a791-4dcf-90fb-2c9127ab48c3/1/dNAyUoux0Vl2bNed5HhtzZYqH7s.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c7/29a422-a791-4dcf-90fb-2c9127ab48c3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 13:50:18 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.146.92.0/22
                          IP: 2a07:4f40::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:02:a0:4b:4b:1c:e0:6c:d2:53:67:29:60:9c:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 13:50:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74d032528bb1d159766cd79de4786dcd962a1fbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:30:99:a1:5c:29:c7:3d:5c:7f:8d:4c:aa:c8:
                    27:aa:08:65:a8:33:e7:66:85:4f:d2:bb:37:63:2a:
                    b2:10:35:0a:34:44:20:65:4a:0a:04:7b:bf:ab:9a:
                    50:31:8b:6c:24:c4:9b:ff:19:5d:03:c7:7d:70:f8:
                    df:4b:0b:63:79:1a:ec:3e:dc:a6:7c:a7:87:33:3c:
                    b8:e7:d3:59:a2:c0:5b:e4:be:3a:e5:9d:ae:77:71:
                    7e:72:b3:14:70:f6:ce:b4:2d:71:b7:52:35:cc:69:
                    48:3b:2b:c0:bb:ec:0c:be:02:c9:24:8c:29:04:69:
                    c9:50:2b:ef:95:a4:c3:b7:c2:73:f3:e8:81:a9:80:
                    0b:17:ff:97:b5:24:2f:59:ec:e9:c5:bf:34:70:f9:
                    32:bf:a2:dc:35:03:64:cd:97:d7:de:09:25:62:e8:
                    af:80:63:a7:97:4b:79:0e:66:15:22:f6:a3:dd:7d:
                    ef:3f:6c:6c:84:b4:dd:83:0c:ec:ce:47:5d:3a:76:
                    5e:69:08:ab:cd:cc:0c:aa:af:e2:80:94:57:d2:dc:
                    28:6f:76:8c:80:bf:d8:28:ac:b8:bc:b1:39:2b:84:
                    b2:00:c1:bb:02:2a:b1:40:23:4a:4d:a7:a6:d1:b9:
                    ea:9f:1d:ca:ab:66:2a:9d:22:2c:6a:e6:33:c4:e4:
                    79:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:D0:32:52:8B:B1:D1:59:76:6C:D7:9D:E4:78:6D:CD:96:2A:1F:BB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29a422-a791-4dcf-90fb-2c9127ab48c3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29a422-a791-4dcf-90fb-2c9127ab48c3/1/dNAyUoux0Vl2bNed5HhtzZYqH7s.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.92.0/22
                IPv6:
                  2a07:4f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         2f:c8:df:93:9e:8b:f7:a9:ff:f9:9c:47:86:80:97:fa:24:5c:
         28:f3:4f:b2:d2:37:09:2c:78:8a:52:fe:1e:89:7e:e4:33:5d:
         b4:c3:6e:12:18:7f:8a:9d:bc:88:ca:63:43:a8:4a:d9:9f:ec:
         c6:71:c5:42:63:65:16:73:38:72:3f:b5:c8:b9:eb:f0:39:d5:
         ac:fe:b6:01:67:fa:90:57:32:25:1e:69:fb:82:4a:09:8e:2f:
         5d:f9:de:cb:d5:a6:eb:f4:bd:f6:59:92:95:06:63:91:97:c0:
         21:94:66:21:4e:f7:f3:49:04:42:af:f2:82:94:ca:0a:34:82:
         38:02:8e:bf:82:26:d5:3f:77:99:66:27:8e:d1:92:c5:c9:f8:
         b9:f3:ed:0f:9f:b2:48:38:b5:53:46:84:c4:64:95:11:19:44:
         cc:9a:80:7e:65:6b:7c:71:5d:b0:58:d4:27:b1:f9:eb:06:ab:
         a0:fe:03:50:35:ff:cf:0e:98:89:ae:4f:5c:f8:e5:46:71:25:
         dc:cd:18:a2:07:3b:51:89:73:03:8f:e8:30:73:87:a7:04:50:
         25:95:62:8f:6d:df:b6:f2:1a:4f:b8:b2:99:4d:4d:3d:bc:fc:
         f4:70:24:d7:1a:14:92:6e:58:22:52:70:80:2b:43:89:27:7c:
         44:ec:44:2a
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQnSAKgS0sc4GzSU2cpYJwXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTM1MDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGQwMzI1MjhiYjFkMTU5NzY2Y2Q3OWRlNDc4NmRjZDk2MmExZmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9jCZoVwpxz1cf41MqsgnqghlqDPn
ZoVP0rs3YyqyEDUKNEQgZUoKBHu/q5pQMYtsJMSb/xldA8d9cPjfSwtjeRrsPtym
fKeHMzy459NZosBb5L465Z2ud3F+crMUcPbOtC1xt1I1zGlIOyvAu+wMvgLJJIwp
BGnJUCvvlaTDt8Jz8+iBqYALF/+XtSQvWezpxb80cPkyv6LcNQNkzZfX3gklYuiv
gGOnl0t5DmYVIvaj3X3vP2xshLTdgwzszkddOnZeaQirzcwMqq/igJRX0twob3aM
gL/YKKy4vLE5K4SyAMG7AiqxQCNKTaem0bnqnx3Kq2YqnSIsauYzxOR5/wIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFHTQMlKLsdFZdmzXneR4bc2WKh+7MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M3LzI5YTQy
Mi1hNzkxLTRkY2YtOTBmYi0yYzkxMjdhYjQ4YzMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzcvMjlhNDIy
LWE3OTEtNGRjZi05MGZiLTJjOTEyN2FiNDhjMy8xL2ROQXlVb3V4MFZsMmJOZWQ1
SGh0elpZcUg3cy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuZJcMA0EAgACMAcDBQMqB09AMA0GCSqGSIb3
DQEBCwUAA4IBAQAvyN+Tnov3qf/5nEeGgJf6JFwo80+y0jcJLHiKUv4eiX7kM120
w24SGH+KnbyIymNDqErZn+zGccVCY2UWczhyP7XIuevwOdWs/rYBZ/qQVzIlHmn7
gkoJji9d+d7L1abr9L32WZKVBmORl8AhlGYhTvfzSQRCr/KClMoKNII4Ao6/gibV
P3eZZieO0ZLFyfi58+0Pn7JIOLVTRoTEZJURGUTMmoB+ZWt8cV2wWNQnsfnrBqug
/gNQNf/PDpiJrk9c+OVGcSXczRiiBztRiXMDj+gwc4enBFAllWKPbd+28hpPuLKZ
TU09vPz0cCTXGhSSblgiUnCAK0OJJ3xE7EQq
-----END CERTIFICATE-----