Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/g2ZqPhT6cQhbh1-Yx1bd4cQPxrs.cer
File:                     g2ZqPhT6cQhbh1-Yx1bd4cQPxrs.cer (raw, json)
Hash identifier:          18/nDQQJDH1KtRhR6E5QDWS0YqIjkJ65KdMGMyce1Sk=
Subject key identifier:   83:66:6A:3E:14:FA:71:08:5B:87:5F:98:C7:56:DD:E1:C4:0F:C6:BB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0196E8C02072B4CF9F12631DE87F66618FA4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/bfbe5957-324b-4d45-9b5b-d091cc750589/0/83666A3E14FA71085B875F98C756DDE1C40FC6BB.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/bfbe5957-324b-4d45-9b5b-d091cc750589/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Mon 19 May 2025 13:33:47 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 213768
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e8:c0:20:72:b4:cf:9f:12:63:1d:e8:7f:66:61:8f:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: May 19 13:33:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83666a3e14fa71085b875f98c756dde1c40fc6bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:4a:85:3e:a7:d6:84:ea:d3:45:62:4d:c1:5f:
                    89:52:83:44:fc:be:38:0f:f1:11:06:bf:7b:8f:02:
                    3c:36:5d:b0:70:df:68:b0:88:e3:ea:8c:00:a9:17:
                    36:80:02:25:56:0e:36:a2:d9:ae:68:21:98:ae:22:
                    db:a6:a7:f2:63:95:9d:b5:71:8d:77:4a:51:e2:86:
                    7a:ab:1e:35:ee:4c:8a:40:62:ac:5c:b1:2e:d3:6d:
                    46:0c:68:b4:63:bf:f2:84:cc:3c:de:b6:8e:21:0d:
                    da:0c:94:a5:fa:df:e6:ad:76:99:62:06:e2:39:17:
                    8a:3e:2a:9b:c2:06:e4:24:a8:d9:f1:2a:9a:01:9f:
                    5a:cf:a1:ae:dd:d4:de:17:fc:1f:3c:20:c1:25:a1:
                    36:b2:82:3e:29:63:94:f4:bc:ec:bb:f6:4c:b0:9e:
                    6d:5f:31:34:bf:bb:88:39:e5:46:b5:76:d5:46:2b:
                    65:bd:b4:e3:51:b3:aa:f6:41:96:6d:06:90:6f:f6:
                    32:0a:a0:5e:cc:1e:6f:45:4d:7a:b0:ce:7b:2f:81:
                    57:1b:ea:b7:8f:de:57:91:c2:ed:91:ac:3e:8c:6d:
                    1a:de:d9:c8:fd:80:d8:50:e3:58:bd:0d:4e:6d:ae:
                    43:73:c3:df:c3:82:e6:13:16:d8:f1:65:c3:31:5b:
                    e4:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:66:6A:3E:14:FA:71:08:5B:87:5F:98:C7:56:DD:E1:C4:0F:C6:BB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/bfbe5957-324b-4d45-9b5b-d091cc750589/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/bfbe5957-324b-4d45-9b5b-d091cc750589/0/83666A3E14FA71085B875F98C756DDE1C40FC6BB.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213768

    Signature Algorithm: sha256WithRSAEncryption
         ab:2c:26:9e:2c:3d:c8:9e:38:2f:83:04:04:2d:1a:82:81:ea:
         51:49:1b:2b:b6:38:3e:71:70:e8:b4:b6:57:00:21:a7:34:c5:
         41:36:4a:1b:3a:02:b1:b0:5a:16:50:c6:90:e1:99:17:c2:41:
         13:89:73:2c:0e:d0:a8:ba:96:80:fe:7f:13:ac:12:80:03:d3:
         18:80:44:71:9c:6a:10:f0:47:82:68:d7:3f:1b:33:4a:ea:de:
         07:1e:99:2b:2e:3e:63:99:c4:9e:5a:c2:b4:bf:80:b4:96:4a:
         99:a5:60:bd:ce:74:5f:91:ff:ab:3e:dd:fb:60:2f:1a:aa:27:
         22:42:d1:95:e0:26:82:57:1a:84:5a:47:58:63:e3:99:5e:f6:
         cc:f1:0a:90:97:30:73:8f:35:e0:fd:96:89:16:a4:cc:4a:de:
         22:22:2d:00:f5:85:1d:60:d1:9c:a7:85:9d:57:a2:9e:a7:d3:
         34:de:63:8c:af:83:c9:54:2f:cb:e7:09:e7:68:4e:97:5c:4b:
         19:8f:95:a9:8c:d4:a2:d3:da:54:f2:7f:99:61:8c:01:6e:8d:
         83:6d:82:76:fd:e7:c9:c8:98:a1:a6:16:40:6e:2b:25:58:35:
         6a:f8:c6:e0:fd:1a:0a:4c:66:97:77:92:9b:d5:f9:91:75:de:
         9e:fe:40:7d
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZbowCBytM+fEmMd6H9mYY+kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNTE5MTMzMzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzY2NmEzZTE0ZmE3MTA4NWI4NzVmOThjNzU2ZGRlMWM0MGZjNmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA70qFPqfWhOrTRWJNwV+JUoNE/L44
D/ERBr97jwI8Nl2wcN9osIjj6owAqRc2gAIlVg42otmuaCGYriLbpqfyY5WdtXGN
d0pR4oZ6qx417kyKQGKsXLEu021GDGi0Y7/yhMw83raOIQ3aDJSl+t/mrXaZYgbi
OReKPiqbwgbkJKjZ8SqaAZ9az6Gu3dTeF/wfPCDBJaE2soI+KWOU9Lzsu/ZMsJ5t
XzE0v7uIOeVGtXbVRitlvbTjUbOq9kGWbQaQb/YyCqBezB5vRU16sM57L4FXG+q3
j95XkcLtkaw+jG0a3tnI/YDYUONYvQ1Oba5Dc8Pfw4LmExbY8WXDMVvk2wIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFINmaj4U+nEIW4dfmMdW3eHED8a7MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2JmYmU1
OTU3LTMyNGItNGQ0NS05YjViLWQwOTFjYzc1MDU4OS8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmZi
ZTU5NTctMzI0Yi00ZDQ1LTliNWItZDA5MWNjNzUwNTg5LzAvODM2NjZBM0UxNEZB
NzEwODVCODc1Rjk4Qzc1NkRERTFDNDBGQzZCQi5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDQwgw
DQYJKoZIhvcNAQELBQADggEBAKssJp4sPcieOC+DBAQtGoKB6lFJGyu2OD5xcOi0
tlcAIac0xUE2Shs6ArGwWhZQxpDhmRfCQROJcywO0Ki6loD+fxOsEoAD0xiARHGc
ahDwR4Jo1z8bM0rq3gcemSsuPmOZxJ5awrS/gLSWSpmlYL3OdF+R/6s+3ftgLxqq
JyJC0ZXgJoJXGoRaR1hj45le9szxCpCXMHOPNeD9lokWpMxK3iIiLQD1hR1g0Zyn
hZ1Xop6n0zTeY4yvg8lUL8vnCedoTpdcSxmPlamM1KLT2lTyf5lhjAFujYNtgnb9
58nImKGmFkBuKyVYNWr4xuD9GgpMZpd3kpvV+ZF13p7+QH0=
-----END CERTIFICATE-----