Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fiR7mB00T2vEwetCMx0jKDgWE3w.cer
File:                     fiR7mB00T2vEwetCMx0jKDgWE3w.cer (raw, json)
Hash identifier:          kmblmF9YI3rGKD+Mb4h4hr5EjxjkfUFsdzt0cn/iZHU=
Subject key identifier:   7E:24:7B:98:1D:34:4F:6B:C4:C1:EB:42:33:1D:23:28:38:16:13:7C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194214440BFB7E9A77611AC05DCEC0DB4CA
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/87/83fe09-b50f-42e0-995d-4daff4350001/1/fiR7mB00T2vEwetCMx0jKDgWE3w.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/87/83fe09-b50f-42e0-995d-4daff4350001/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 09:48:28 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 47860
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:40:bf:b7:e9:a7:76:11:ac:05:dc:ec:0d:b4:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 09:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e247b981d344f6bc4c1eb42331d23283816137c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:09:ed:3d:8a:5e:77:76:1f:af:af:68:bc:ed:
                    25:66:64:42:d9:df:d9:d4:a1:71:f0:2b:0f:13:63:
                    30:da:a7:31:3c:f1:4c:48:22:d6:ea:53:cc:bf:5d:
                    20:b0:a7:45:35:d7:c4:b1:f1:dc:f3:bd:a6:36:b3:
                    41:d2:bd:f7:0b:a4:17:f2:fa:62:ba:81:4a:a7:34:
                    dc:52:ba:60:5a:4a:cf:d5:4d:91:56:45:41:9d:1e:
                    62:c0:6b:53:9c:da:4f:64:dc:23:9d:a9:ef:87:0d:
                    ef:2d:fa:5a:21:a2:01:d9:30:3d:b2:f2:9b:45:eb:
                    a0:63:ff:56:48:06:ef:fe:3f:d6:95:f1:96:18:e6:
                    fb:55:fb:30:2f:1b:81:34:4f:a9:94:52:91:62:2c:
                    3e:6f:54:27:a1:d8:ec:27:6b:2f:7c:60:13:2f:a0:
                    e8:4b:17:77:30:7a:ff:f4:36:0b:1d:24:0a:08:e2:
                    57:42:2d:89:b5:ca:3b:dd:f4:df:eb:ef:12:cb:5a:
                    80:af:e8:b6:0d:86:d4:5b:f8:fe:27:ad:73:b3:4c:
                    c8:ac:1e:80:85:33:7d:e3:dd:cc:a7:13:c9:dd:91:
                    2d:9f:9c:b0:d8:c5:9b:e9:5e:2f:b0:e0:af:9a:59:
                    0b:06:92:b1:93:19:d4:71:57:ab:66:aa:1f:7d:2e:
                    3f:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:24:7B:98:1D:34:4F:6B:C4:C1:EB:42:33:1D:23:28:38:16:13:7C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/83fe09-b50f-42e0-995d-4daff4350001/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/83fe09-b50f-42e0-995d-4daff4350001/1/fiR7mB00T2vEwetCMx0jKDgWE3w.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  47860

    Signature Algorithm: sha256WithRSAEncryption
         a8:dd:d4:08:41:94:86:92:26:11:30:04:a4:ef:f0:17:03:67:
         4d:76:e2:4f:9e:ec:bb:85:25:4a:9c:01:6a:20:0a:ff:4c:3a:
         00:f3:3d:41:28:c4:bf:df:08:65:a2:4b:43:fc:05:31:55:fa:
         33:ab:11:90:14:0e:ef:60:c4:28:4b:16:92:57:11:56:ba:cf:
         b9:34:42:bb:85:61:56:f3:d9:1e:dc:de:b5:ea:c7:a4:be:e7:
         9a:34:46:52:49:0f:bd:12:8b:55:ec:7b:cd:42:67:77:38:20:
         c4:79:9f:b7:95:0b:1e:91:e7:ec:7a:10:5d:bf:0f:1f:80:85:
         08:c1:79:7b:c2:55:a3:4d:25:e1:73:8b:b0:43:ca:05:c7:aa:
         e2:f9:6f:3e:cb:7d:48:4a:d4:96:55:f2:ee:bd:db:b5:08:14:
         7a:d1:ef:40:a8:6b:8d:74:da:87:f8:1e:b2:da:1a:62:18:f0:
         97:b0:de:7c:69:7b:ce:fc:9a:9d:32:5f:2d:92:ab:f7:2d:fd:
         d8:ac:13:ba:0f:f4:8a:a2:ea:1c:c4:64:b8:42:01:eb:5f:95:
         d6:00:29:08:17:d3:ec:27:49:85:a4:27:6b:55:92:f3:bd:56:
         dc:86:97:77:44:95:82:b0:f7:75:4f:bd:19:fd:55:f5:22:0c:
         1d:54:33:57
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQhREC/t+mndhGsBdzsDbTKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDk0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTI0N2I5ODFkMzQ0ZjZiYzRjMWViNDIzMzFkMjMyODM4MTYxMzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwntPYped3Yfr69ovO0lZmRC2d/Z
1KFx8CsPE2Mw2qcxPPFMSCLW6lPMv10gsKdFNdfEsfHc872mNrNB0r33C6QX8vpi
uoFKpzTcUrpgWkrP1U2RVkVBnR5iwGtTnNpPZNwjnanvhw3vLfpaIaIB2TA9svKb
ReugY/9WSAbv/j/WlfGWGOb7VfswLxuBNE+plFKRYiw+b1QnodjsJ2svfGATL6Do
Sxd3MHr/9DYLHSQKCOJXQi2Jtco73fTf6+8Sy1qAr+i2DYbUW/j+J61zs0zIrB6A
hTN9493MpxPJ3ZEtn5yw2MWb6V4vsOCvmlkLBpKxkxnUcVerZqoffS4/aQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFH4ke5gdNE9rxMHrQjMdIyg4FhN8MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg3LzgzZmUw
OS1iNTBmLTQyZTAtOTk1ZC00ZGFmZjQzNTAwMDEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODcvODNmZTA5
LWI1MGYtNDJlMC05OTVkLTRkYWZmNDM1MDAwMS8xL2ZpUjdtQjAwVDJ2RXdldENN
eDBqS0RnV0Uzdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwC69DANBgkqhkiG9w0BAQsFAAOCAQEAqN3UCEGUhpIm
ETAEpO/wFwNnTXbiT57su4UlSpwBaiAK/0w6APM9QSjEv98IZaJLQ/wFMVX6M6sR
kBQO72DEKEsWklcRVrrPuTRCu4VhVvPZHtzeterHpL7nmjRGUkkPvRKLVex7zUJn
dzggxHmft5ULHpHn7HoQXb8PH4CFCMF5e8JVo00l4XOLsEPKBceq4vlvPst9SErU
llXy7r3btQgUetHvQKhrjXTah/gestoaYhjwl7DefGl7zvyanTJfLZKr9y392KwT
ug/0iqLqHMRkuEIB61+V1gApCBfT7CdJhaQna1WS871W3IaXd0SVgrD3dU+9Gf1V
9SIMHVQzVw==
-----END CERTIFICATE-----