Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9bNxv0zLYi-KrCR7OdNdiTTWfE.cer
File:                     e9bNxv0zLYi-KrCR7OdNdiTTWfE.cer (raw, json)
Hash identifier:          u5JzSzRzOwIcnTdAGawY2kHYYICQxXZTycg3n5Trl2A=
Subject key identifier:   7B:D6:CD:C6:FD:33:2D:88:BE:2A:B0:91:EC:E7:4D:76:24:D3:59:F1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019427B523EFC1BAA195F30D5D4EB1A24E2C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ff/29f386-4247-4e6a-9bf1-61c4a256f9ad/1/e9bNxv0zLYi-KrCR7OdNdiTTWfE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ff/29f386-4247-4e6a-9bf1-61c4a256f9ad/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 15:49:30 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 192.112.151.0/24
                          IP: 192.112.178.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:23:ef:c1:ba:a1:95:f3:0d:5d:4e:b1:a2:4e:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 15:49:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7bd6cdc6fd332d88be2ab091ece74d7624d359f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:38:43:cb:58:e4:1c:ae:4e:3f:64:29:9b:df:
                    ee:12:4e:47:11:3b:3b:0a:ca:12:d7:89:91:60:10:
                    f1:e9:48:10:74:2c:85:2d:64:83:08:40:36:3d:0b:
                    99:72:ef:eb:ed:0f:3a:50:66:df:94:5d:b5:70:43:
                    70:3f:af:38:6e:b9:b7:25:37:27:55:d6:3a:46:04:
                    b5:85:da:0e:3a:5f:72:c1:55:2a:fd:12:00:8c:a1:
                    ff:c3:01:09:36:70:4c:37:c4:66:98:94:d5:b4:86:
                    78:28:90:1f:23:21:76:1d:47:44:68:7a:93:7a:d2:
                    77:6c:73:a1:c6:c9:04:48:1d:8e:39:ce:81:0e:27:
                    f0:59:94:fe:14:3c:8b:e5:eb:8e:93:c7:89:f1:2f:
                    22:9a:2d:e6:64:d7:e1:26:57:cd:0b:8c:44:99:16:
                    ce:29:5f:dc:5b:f8:ce:a9:6c:ad:14:4f:be:80:dc:
                    99:a3:98:40:9f:3b:18:e8:8d:dd:fc:27:dc:ca:ca:
                    52:8e:46:c6:65:c8:f8:73:8c:04:66:4f:4a:a3:8c:
                    65:ba:0a:be:f1:dd:25:3e:9a:3a:3d:de:e6:8d:2d:
                    3c:bc:de:94:98:ae:c9:cc:fd:a5:be:b7:35:c1:58:
                    ee:ca:96:cf:a6:e2:3a:07:f7:3b:d6:64:02:0e:30:
                    6f:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:D6:CD:C6:FD:33:2D:88:BE:2A:B0:91:EC:E7:4D:76:24:D3:59:F1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/29f386-4247-4e6a-9bf1-61c4a256f9ad/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/29f386-4247-4e6a-9bf1-61c4a256f9ad/1/e9bNxv0zLYi-KrCR7OdNdiTTWfE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.112.151.0/24
                  192.112.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:de:bf:54:0c:4b:71:33:93:c9:c9:9d:34:b3:14:2d:cd:ff:
         a1:b5:25:a0:97:d3:c1:a4:32:34:04:ec:20:e5:45:5a:44:aa:
         a9:77:9b:8a:87:48:41:cc:db:00:ac:0b:77:39:cc:4c:59:51:
         63:d3:31:81:13:d4:60:6a:00:ce:92:fe:69:be:8b:9a:88:a4:
         50:46:2a:8b:c0:82:a7:5f:dd:43:72:0c:93:14:a1:91:0e:3e:
         82:43:75:10:56:24:0a:ad:f4:38:41:16:06:a0:c8:ef:8e:6a:
         86:87:f6:97:d3:6d:09:8f:f0:d5:e0:27:ca:f4:73:85:6a:43:
         02:5e:bc:18:c2:bd:60:35:2c:f2:ea:b3:8a:4c:8d:ae:e3:96:
         19:b3:86:a5:3e:68:52:06:09:63:7a:74:2f:95:0c:12:10:d0:
         0b:c0:13:fb:51:24:60:76:4e:b2:34:e1:09:8b:87:5c:b8:d8:
         ed:93:98:86:65:21:bd:06:2a:c7:9a:41:65:44:44:1d:22:66:
         38:b4:6c:4e:f2:2b:60:30:c0:70:85:77:5b:53:7b:15:ca:96:
         3c:50:96:87:59:9e:1a:5d:e1:02:35:5d:7e:58:c8:7a:eb:89:
         fe:c7:1e:17:6c:16:ba:d2:5d:0a:08:25:fd:c8:ea:36:c1:cc:
         12:f4:62:7d
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAZQntSPvwbqhlfMNXU6xok4sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTU0OTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmQ2Y2RjNmZkMzMyZDg4YmUyYWIwOTFlY2U3NGQ3NjI0ZDM1OWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3jhDy1jkHK5OP2Qpm9/uEk5HETs7
CsoS14mRYBDx6UgQdCyFLWSDCEA2PQuZcu/r7Q86UGbflF21cENwP684brm3JTcn
VdY6RgS1hdoOOl9ywVUq/RIAjKH/wwEJNnBMN8RmmJTVtIZ4KJAfIyF2HUdEaHqT
etJ3bHOhxskESB2OOc6BDifwWZT+FDyL5euOk8eJ8S8imi3mZNfhJlfNC4xEmRbO
KV/cW/jOqWytFE++gNyZo5hAnzsY6I3d/CfcyspSjkbGZcj4c4wEZk9Ko4xlugq+
8d0lPpo6Pd7mjS08vN6UmK7JzP2lvrc1wVjuypbPpuI6B/c71mQCDjBvQQIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFHvWzcb9My2IviqwkeznTXYk01nxMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZmLzI5ZjM4
Ni00MjQ3LTRlNmEtOWJmMS02MWM0YTI1NmY5YWQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmYvMjlmMzg2
LTQyNDctNGU2YS05YmYxLTYxYzRhMjU2ZjlhZC8xL2U5Yk54djB6TFlpLUtyQ1I3
T2ROZGlUVFdmRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQAwHCXAwQAwHCyMA0GCSqGSIb3DQEBCwUAA4IB
AQCX3r9UDEtxM5PJyZ00sxQtzf+htSWgl9PBpDI0BOwg5UVaRKqpd5uKh0hBzNsA
rAt3OcxMWVFj0zGBE9RgagDOkv5pvouaiKRQRiqLwIKnX91DcgyTFKGRDj6CQ3UQ
ViQKrfQ4QRYGoMjvjmqGh/aX020Jj/DV4CfK9HOFakMCXrwYwr1gNSzy6rOKTI2u
45YZs4alPmhSBgljenQvlQwSENALwBP7USRgdk6yNOEJi4dcuNjtk5iGZSG9BirH
mkFlREQdImY4tGxO8itgMMBwhXdbU3sVypY8UJaHWZ4aXeECNV1+WMh664n+xx4X
bBa60l0KCCX9yOo2wcwS9GJ9
-----END CERTIFICATE-----