Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dtRNl2U6BthGskQ1Nbg-jLw52Sg.cer
File:                     dtRNl2U6BthGskQ1Nbg-jLw52Sg.cer (raw, json)
Hash identifier:          vFaw3/Hm+lGbT03h1jOcRsZ0mPWJjAN3c2Ksa7a0pC4=
Subject key identifier:   76:D4:4D:97:65:3A:06:D8:46:B2:44:35:35:B8:3E:8C:BC:39:D9:28
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019421B1BF44FBB3503E00F71A65EDA9D93A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c2/6a3069-ad3c-4388-b1e8-0c27adb75cdf/1/dtRNl2U6BthGskQ1Nbg-jLw52Sg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c2/6a3069-ad3c-4388-b1e8-0c27adb75cdf/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 11:48:04 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 15779
                          IP: 194.15.208.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:bf:44:fb:b3:50:3e:00:f7:1a:65:ed:a9:d9:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 11:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=76d44d97653a06d846b2443535b83e8cbc39d928
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:4a:88:f5:aa:a5:63:10:bd:cf:75:94:f8:a2:
                    fe:1f:51:02:42:70:ca:40:59:88:6d:2c:7d:31:87:
                    88:b2:c0:69:e0:80:9c:82:aa:0c:f4:3e:cd:9e:ae:
                    46:cd:73:08:97:2c:32:10:ac:11:a7:e4:10:27:5e:
                    d0:4a:91:fd:0d:77:30:e4:52:6c:af:e4:00:16:c3:
                    3e:55:ce:d7:dd:b2:20:60:5b:7a:e2:8e:ea:60:43:
                    9a:72:91:68:83:15:b3:57:78:75:93:ea:1f:73:88:
                    92:b4:e8:1a:63:bd:c4:39:1b:bf:92:0c:64:d3:16:
                    93:2d:2c:ba:34:3b:9e:38:00:68:ec:a0:d5:a9:1d:
                    f9:b2:cf:69:7d:d5:d5:c2:a5:e3:f9:02:bd:50:10:
                    bb:c9:fc:7a:1e:09:79:04:68:6a:e8:8e:9d:d2:14:
                    58:a2:bf:81:73:12:55:49:55:64:7d:e8:55:ed:df:
                    b9:6f:18:9b:bb:3b:95:0f:6a:85:36:2c:bb:4a:f7:
                    32:86:49:ea:c1:cd:da:a6:52:a1:a9:14:3f:33:77:
                    bf:8f:9d:d1:58:1d:ae:15:5a:f8:34:57:80:f1:de:
                    46:d7:cd:0e:73:09:74:2e:72:69:4a:7d:5c:e6:49:
                    24:4b:a4:f1:28:c5:c4:d4:c0:f9:94:57:bb:57:17:
                    ed:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:D4:4D:97:65:3A:06:D8:46:B2:44:35:35:B8:3E:8C:BC:39:D9:28
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/6a3069-ad3c-4388-b1e8-0c27adb75cdf/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/6a3069-ad3c-4388-b1e8-0c27adb75cdf/1/dtRNl2U6BthGskQ1Nbg-jLw52Sg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.208.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  15779

    Signature Algorithm: sha256WithRSAEncryption
         29:fb:60:d0:13:d6:50:59:7e:88:4d:02:fc:cd:97:e7:26:73:
         0e:13:64:0f:3c:38:ec:05:3b:21:de:20:a4:c6:bd:73:ac:f9:
         15:2d:87:98:68:17:54:71:6d:5b:f7:7f:19:87:ed:4e:83:35:
         9b:01:4e:8a:00:48:21:12:5a:34:ab:3e:91:e7:51:ed:89:e9:
         e0:74:2e:5b:b3:3d:27:94:da:59:01:be:e4:b3:af:24:24:6f:
         06:64:c5:e9:46:af:83:bb:33:41:98:da:80:0a:8c:60:8d:85:
         6d:76:25:15:55:c0:63:82:63:8e:53:9e:31:a3:6b:cc:46:43:
         a4:2f:09:f2:92:47:dd:fd:56:13:ad:8b:60:50:b2:09:7c:7f:
         ad:c4:4e:f7:05:9b:12:33:d9:97:04:9c:bf:87:46:73:9b:b0:
         ce:12:48:1b:a2:47:2c:63:5d:2b:1c:08:73:ff:82:0f:10:80:
         88:49:00:8c:06:1d:c8:26:d6:fc:64:36:35:50:c2:43:27:5d:
         93:52:b6:c4:03:28:a2:6d:a3:ca:10:cf:f1:6b:9d:04:c3:6c:
         96:f9:4e:16:4d:a4:f6:c8:33:8f:6a:4f:1b:70:09:ae:6e:9d:
         46:e6:16:ab:dc:21:88:1b:15:48:24:c0:27:33:cd:49:96:05:
         bc:42:09:7f
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAZQhsb9E+7NQPgD3GmXtqdk6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTE0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmQ0NGQ5NzY1M2EwNmQ4NDZiMjQ0MzUzNWI4M2U4Y2JjMzlkOTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1UqI9aqlYxC9z3WU+KL+H1ECQnDK
QFmIbSx9MYeIssBp4ICcgqoM9D7Nnq5GzXMIlywyEKwRp+QQJ17QSpH9DXcw5FJs
r+QAFsM+Vc7X3bIgYFt64o7qYEOacpFogxWzV3h1k+ofc4iStOgaY73EORu/kgxk
0xaTLSy6NDueOABo7KDVqR35ss9pfdXVwqXj+QK9UBC7yfx6Hgl5BGhq6I6d0hRY
or+BcxJVSVVkfehV7d+5bxibuzuVD2qFNiy7Svcyhknqwc3aplKhqRQ/M3e/j53R
WB2uFVr4NFeA8d5G180Ocwl0LnJpSn1c5kkkS6TxKMXE1MD5lFe7VxftHwIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFHbUTZdlOgbYRrJENTW4Poy8OdkoMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MyLzZhMzA2
OS1hZDNjLTQzODgtYjFlOC0wYzI3YWRiNzVjZGYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzIvNmEzMDY5
LWFkM2MtNDM4OC1iMWU4LTBjMjdhZGI3NWNkZi8xL2R0Uk5sMlU2QnRoR3NrUTFO
Ymctakx3NTJTZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwg/QMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
Aj2jMA0GCSqGSIb3DQEBCwUAA4IBAQAp+2DQE9ZQWX6ITQL8zZfnJnMOE2QPPDjs
BTsh3iCkxr1zrPkVLYeYaBdUcW1b938Zh+1OgzWbAU6KAEghElo0qz6R51Htieng
dC5bsz0nlNpZAb7ks68kJG8GZMXpRq+DuzNBmNqACoxgjYVtdiUVVcBjgmOOU54x
o2vMRkOkLwnykkfd/VYTrYtgULIJfH+txE73BZsSM9mXBJy/h0Zzm7DOEkgbokcs
Y10rHAhz/4IPEICISQCMBh3IJtb8ZDY1UMJDJ12TUrbEAyiibaPKEM/xa50Ew2yW
+U4WTaT2yDOPak8bcAmubp1G5har3CGIGxVIJMAnM81JlgW8Qgl/
-----END CERTIFICATE-----