Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dxPzWC9jkBMFUwtLGTbNbmYRowo.cer
File:                     dxPzWC9jkBMFUwtLGTbNbmYRowo.cer (raw, json)
Hash identifier:          np0CaPmxyGxsF94CBz6uigR7NjuJ8owQboelotS6DoI=
Subject key identifier:   77:13:F3:58:2F:63:90:13:05:53:0B:4B:19:36:CD:6E:66:11:A3:0A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019423D6AF1215244F6A23744A1DE5C5D7B3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ea/f4d76e-34a1-4d0a-b9bd-189d53ae4e3e/1/dxPzWC9jkBMFUwtLGTbNbmYRowo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ea/f4d76e-34a1-4d0a-b9bd-189d53ae4e3e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 21:47:39 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 61329
                          IP: 194.13.120.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:af:12:15:24:4f:6a:23:74:4a:1d:e5:c5:d7:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 21:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7713f3582f63901305530b4b1936cd6e6611a30a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:8f:e8:54:06:74:61:5b:5d:48:ac:91:69:09:
                    d3:30:93:06:45:b2:60:3e:af:ec:2e:d6:bb:51:c6:
                    96:4b:44:e6:c2:55:6f:71:72:cc:3e:18:b5:d7:d9:
                    3a:34:b9:cb:fc:b5:ac:32:c5:51:d9:9d:8d:4f:33:
                    ae:01:6f:3c:53:15:b3:fa:e2:ca:65:02:90:2a:ac:
                    64:b6:4d:aa:b2:8b:92:ea:41:60:5e:24:2b:16:ef:
                    ac:ad:0a:97:b2:49:ce:49:25:ec:e5:84:da:f5:2c:
                    96:c9:e9:1e:a4:38:d3:82:a9:16:f3:7f:64:93:7a:
                    00:7a:64:d9:1f:4c:4b:5f:cc:7d:f7:da:58:d8:c9:
                    f0:06:1f:20:21:cb:0e:6f:54:6f:46:13:74:3b:60:
                    a6:33:3a:1b:92:94:c9:e3:e4:a3:4e:e6:55:25:8e:
                    dd:d9:da:b7:dd:f3:52:80:0f:e2:a7:7e:36:d4:9e:
                    eb:ac:3e:a6:91:3b:3f:1f:89:7f:78:62:12:6c:f6:
                    df:62:65:b6:c0:a8:a2:e4:6f:8a:5e:51:7b:30:5a:
                    8f:d0:9a:08:6d:fa:4e:c6:f5:d4:cc:97:1a:fa:f3:
                    56:6f:d2:6e:d5:77:81:98:f2:6c:f7:bb:ab:b0:20:
                    88:10:83:eb:4e:31:99:03:35:49:65:07:64:3b:b0:
                    39:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:13:F3:58:2F:63:90:13:05:53:0B:4B:19:36:CD:6E:66:11:A3:0A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/f4d76e-34a1-4d0a-b9bd-189d53ae4e3e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/f4d76e-34a1-4d0a-b9bd-189d53ae4e3e/1/dxPzWC9jkBMFUwtLGTbNbmYRowo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.13.120.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  61329

    Signature Algorithm: sha256WithRSAEncryption
         5f:bb:96:f5:76:d9:42:1d:89:75:49:1c:9b:56:cf:3b:40:ef:
         12:c0:e5:ec:36:34:a9:b5:74:78:fc:71:2f:8b:f3:85:5c:7f:
         71:47:e2:c0:e4:f3:41:ba:c0:95:08:4a:3c:49:20:e0:d1:08:
         74:0c:d8:ed:a2:4c:b4:83:61:7a:db:1f:70:48:fa:14:de:f8:
         40:8f:ad:03:e2:97:0c:1a:e5:d7:25:04:31:71:a8:3b:2a:d1:
         a9:42:a7:c4:67:57:6d:ea:2e:b6:e2:c0:31:7c:9a:70:2d:d8:
         c8:f9:2a:11:fb:97:64:48:3a:b3:c0:1c:01:9a:da:37:8a:33:
         aa:0a:27:57:bb:80:0b:a0:fe:10:d3:a5:21:cf:09:cb:b5:ff:
         49:af:68:bd:08:7a:96:8c:a9:b1:f5:43:6a:18:f9:85:cc:2b:
         71:e8:59:4b:1e:8a:51:67:12:72:f8:74:c2:bc:87:16:b0:6a:
         69:5e:08:4b:9e:90:5b:5a:d2:fa:1e:f3:ec:03:ab:d3:e1:3d:
         ef:d7:75:bb:5a:43:89:27:22:c9:b0:07:7e:ca:1c:34:57:37:
         28:15:a6:6e:0f:b3:10:0b:c2:a0:f7:8e:6b:f6:9b:9b:8c:c9:
         bd:c3:2a:7b:14:37:a7:f7:f2:2e:bb:01:f5:85:90:3b:42:e1:
         47:2e:bf:fa
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQj1q8SFSRPaiN0Sh3lxdezMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMjE0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzEzZjM1ODJmNjM5MDEzMDU1MzBiNGIxOTM2Y2Q2ZTY2MTFhMzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Y/oVAZ0YVtdSKyRaQnTMJMGRbJg
Pq/sLta7UcaWS0TmwlVvcXLMPhi119k6NLnL/LWsMsVR2Z2NTzOuAW88UxWz+uLK
ZQKQKqxktk2qsouS6kFgXiQrFu+srQqXsknOSSXs5YTa9SyWyekepDjTgqkW839k
k3oAemTZH0xLX8x999pY2MnwBh8gIcsOb1RvRhN0O2CmMzobkpTJ4+SjTuZVJY7d
2dq33fNSgA/ip3421J7rrD6mkTs/H4l/eGISbPbfYmW2wKii5G+KXlF7MFqP0JoI
bfpOxvXUzJca+vNWb9Ju1XeBmPJs97ursCCIEIPrTjGZAzVJZQdkO7A5/wIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFHcT81gvY5ATBVMLSxk2zW5mEaMKMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VhL2Y0ZDc2
ZS0zNGExLTRkMGEtYjliZC0xODlkNTNhZTRlM2UvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWEvZjRkNzZl
LTM0YTEtNGQwYS1iOWJkLTE4OWQ1M2FlNGUzZS8xL2R4UHpXQzlqa0JNRlV3dExH
VGJOYm1ZUm93by5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwg14MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDvkTANBgkqhkiG9w0BAQsFAAOCAQEAX7uW9XbZQh2JdUkcm1bPO0DvEsDl7DY0
qbV0ePxxL4vzhVx/cUfiwOTzQbrAlQhKPEkg4NEIdAzY7aJMtINhetsfcEj6FN74
QI+tA+KXDBrl1yUEMXGoOyrRqUKnxGdXbeoutuLAMXyacC3YyPkqEfuXZEg6s8Ac
AZraN4ozqgonV7uAC6D+ENOlIc8Jy7X/Sa9ovQh6loypsfVDahj5hcwrcehZSx6K
UWcScvh0wryHFrBqaV4IS56QW1rS+h7z7AOr0+E979d1u1pDiSciybAHfsocNFc3
KBWmbg+zEAvCoPeOa/abm4zJvcMqexQ3p/fyLrsB9YWQO0LhRy6/+g==
-----END CERTIFICATE-----