Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eRmmrv08qPUPyPNKs9FHklbbnXg.cer
File:                     eRmmrv08qPUPyPNKs9FHklbbnXg.cer (raw, json)
Hash identifier:          naA0lug/4pSnt8HD8X1i/rLswv8ybMdoj6neUYhWtIo=
Subject key identifier:   79:19:A6:AE:FD:3C:A8:F5:0F:C8:F3:4A:B3:D1:47:92:56:DB:9D:78
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019424B3AE1DBCC2C25B321655E92646A90B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/60/150a36-e59e-48da-ac60-911e83904ca1/1/eRmmrv08qPUPyPNKs9FHklbbnXg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/60/150a36-e59e-48da-ac60-911e83904ca1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 01:49:02 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 2001:67c:1554::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:ae:1d:bc:c2:c2:5b:32:16:55:e9:26:46:a9:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 01:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7919a6aefd3ca8f50fc8f34ab3d1479256db9d78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ca:5c:c4:ef:6c:2f:4e:b4:a4:b6:77:c9:d0:
                    b2:30:ef:0d:bd:87:e3:3b:ce:3c:34:0a:b4:a1:8d:
                    5d:63:c4:87:98:1b:aa:ec:5c:6c:43:ec:49:db:bf:
                    5d:13:89:3f:77:4a:59:53:db:cd:65:0b:6c:8c:54:
                    64:c4:ab:cf:e0:07:8d:cc:06:16:67:a3:45:c1:b3:
                    c7:9e:e7:a4:7b:e1:ff:63:2c:9c:0d:49:92:5b:43:
                    50:74:48:a9:8f:55:f9:4d:41:a3:8d:a4:9d:4f:32:
                    4b:70:b9:f9:82:5e:7a:8d:24:e3:f2:ec:3e:b7:34:
                    d7:58:e4:90:01:f8:21:39:bb:74:46:95:3a:b6:df:
                    93:b3:eb:13:58:2d:a6:1f:5f:e5:83:15:51:aa:e0:
                    a6:88:ab:b9:ee:6d:66:52:15:fc:ec:d4:fc:69:7c:
                    37:99:a6:4c:92:22:32:86:5f:3f:5b:80:39:64:28:
                    3a:f9:82:3b:e5:71:0e:82:bf:50:e0:df:e8:ae:0a:
                    85:58:3c:39:a0:ce:8d:46:d5:c9:67:4f:89:64:af:
                    2c:a5:f9:03:59:e0:1a:b3:fb:78:4e:e4:00:d8:02:
                    39:bf:87:59:6e:d6:de:9c:53:b7:01:70:ac:de:a9:
                    0d:d3:88:a7:56:6f:e8:4e:f3:64:ea:b0:84:f4:b6:
                    a2:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:19:A6:AE:FD:3C:A8:F5:0F:C8:F3:4A:B3:D1:47:92:56:DB:9D:78
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/150a36-e59e-48da-ac60-911e83904ca1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/150a36-e59e-48da-ac60-911e83904ca1/1/eRmmrv08qPUPyPNKs9FHklbbnXg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1554::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:36:ba:4b:22:ed:13:cf:4f:69:73:2f:4d:5a:ec:86:86:1f:
         1f:18:a2:87:cc:ce:5a:24:24:8e:0e:7f:d5:7e:35:64:9c:0d:
         dd:d8:93:12:be:8f:66:87:d8:d2:ce:76:ff:38:b7:90:bc:75:
         67:e4:fe:39:9b:4b:36:45:ca:cc:4b:73:d8:51:5a:60:02:ca:
         65:ea:cd:22:ac:6a:99:8a:cf:64:d2:5a:d9:e4:69:0e:ea:54:
         ef:86:0d:59:fe:09:85:33:94:96:fd:a8:b0:ae:00:02:cf:a2:
         b8:70:8b:74:d8:f8:10:86:78:9e:ab:68:cf:dc:1e:c4:41:c2:
         3d:a1:96:94:b1:8a:3c:b6:05:e0:bf:a9:93:28:69:c5:70:72:
         45:4f:3b:2a:10:fd:75:85:82:de:23:16:2a:3c:e7:05:fb:3f:
         0b:d7:34:03:72:f1:a5:c2:2d:8c:0e:f4:9a:67:cd:eb:aa:c3:
         48:00:bd:48:49:be:ae:31:d0:9f:87:13:13:a1:8c:ec:57:fa:
         02:34:9a:63:f8:e6:1c:b4:4a:17:62:94:b9:13:2d:7d:7d:5a:
         e4:e8:75:76:c7:0a:6c:61:1c:cc:47:25:6a:34:3c:1a:82:04:
         bd:01:1a:2b:90:f1:80:3c:de:e9:8b:b8:db:32:f0:31:d8:47:
         96:a6:2f:d0
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgISAZQks64dvMLCWzIWVekmRqkLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDE0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTE5YTZhZWZkM2NhOGY1MGZjOGYzNGFiM2QxNDc5MjU2ZGI5ZDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMpcxO9sL060pLZ3ydCyMO8NvYfj
O848NAq0oY1dY8SHmBuq7FxsQ+xJ279dE4k/d0pZU9vNZQtsjFRkxKvP4AeNzAYW
Z6NFwbPHnueke+H/YyycDUmSW0NQdEipj1X5TUGjjaSdTzJLcLn5gl56jSTj8uw+
tzTXWOSQAfghObt0RpU6tt+Ts+sTWC2mH1/lgxVRquCmiKu57m1mUhX87NT8aXw3
maZMkiIyhl8/W4A5ZCg6+YI75XEOgr9Q4N/orgqFWDw5oM6NRtXJZ0+JZK8spfkD
WeAas/t4TuQA2AI5v4dZbtbenFO3AXCs3qkN04inVm/oTvNk6rCE9Lai/QIDAQAB
o4IChzCCAoMwHQYDVR0OBBYEFHkZpq79PKj1D8jzSrPRR5JW2514MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzYwLzE1MGEz
Ni1lNTllLTQ4ZGEtYWM2MC05MTFlODM5MDRjYTEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjAvMTUwYTM2
LWU1OWUtNDhkYS1hYzYwLTkxMWU4MzkwNGNhMS8xL2VSbW1ydjA4cVBVUHlQTktz
OUZIa2xiYm5YZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBVUMA0GCSqGSIb3DQEBCwUAA4IBAQAL
NrpLIu0Tz09pcy9NWuyGhh8fGKKHzM5aJCSODn/VfjVknA3d2JMSvo9mh9jSznb/
OLeQvHVn5P45m0s2RcrMS3PYUVpgAspl6s0irGqZis9k0lrZ5GkO6lTvhg1Z/gmF
M5SW/aiwrgACz6K4cIt02PgQhnieq2jP3B7EQcI9oZaUsYo8tgXgv6mTKGnFcHJF
TzsqEP11hYLeIxYqPOcF+z8L1zQDcvGlwi2MDvSaZ83rqsNIAL1ISb6uMdCfhxMT
oYzsV/oCNJpj+OYctEoXYpS5Ey19fVrk6HV2xwpsYRzMRyVqNDwaggS9ARorkPGA
PN7pi7jbMvAx2EeWpi/Q
-----END CERTIFICATE-----