Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/gbZaIw1pJ9usIBCX-Uni6qJzEiA.cer
File:                     gbZaIw1pJ9usIBCX-Uni6qJzEiA.cer (raw, json)
Hash identifier:          7Fn/EZBzz0M15cz2tiBYCJUpYQRB6kK9wqsI2dtamB0=
Subject key identifier:   81:B6:5A:23:0D:69:27:DB:AC:20:10:97:F9:49:E2:EA:A2:73:12:20
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019422FB1F28439570525A7BB040155EFAC3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/27/cdecd2-38d6-40cf-ab02-dab9dc6dc4c9/1/gbZaIw1pJ9usIBCX-Uni6qJzEiA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/27/cdecd2-38d6-40cf-ab02-dab9dc6dc4c9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 17:47:50 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 203218
                          IP: 2001:67c:2d80::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:1f:28:43:95:70:52:5a:7b:b0:40:15:5e:fa:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 17:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=81b65a230d6927dbac201097f949e2eaa2731220
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:19:3a:41:50:d5:0e:8a:18:9f:79:12:75:ce:
                    0b:11:58:ef:48:5e:cc:5a:b9:ad:e0:63:09:81:75:
                    36:39:fa:0c:87:e1:cd:e9:09:9c:6d:1a:83:ac:0e:
                    cb:43:2e:45:57:ed:a9:d8:8e:cf:b0:ea:10:54:19:
                    c4:6d:bf:c2:d3:a5:df:35:bf:6b:a6:64:b6:54:87:
                    61:ee:d2:ec:69:b8:8e:63:35:33:92:ea:a6:9d:d1:
                    5b:89:19:e4:1a:8b:5e:33:18:97:08:43:1e:92:92:
                    39:49:55:9f:4a:ef:86:13:57:1c:94:0f:1f:79:85:
                    43:1f:47:43:e6:04:b9:69:92:34:d9:0d:b8:d8:0e:
                    bc:d6:2a:c9:4a:8f:47:ce:7b:ee:82:0e:9a:46:02:
                    31:8a:11:5a:a4:04:9d:2d:8f:5e:e9:d5:8b:56:f0:
                    7f:b5:a2:dd:22:68:af:af:e4:43:75:b2:db:b6:65:
                    36:df:6c:d4:b5:cb:80:1b:5d:2e:31:f2:9a:f1:4e:
                    2e:b5:4f:ae:08:5c:12:67:c0:19:df:27:db:57:5e:
                    45:84:5c:a7:ef:43:24:c8:98:9a:a0:4d:1e:7e:71:
                    77:73:80:2a:17:4d:60:eb:65:f9:bb:74:9a:9a:e1:
                    e9:ff:00:e1:13:b3:ab:1e:1b:ce:ea:01:66:3e:37:
                    8f:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:B6:5A:23:0D:69:27:DB:AC:20:10:97:F9:49:E2:EA:A2:73:12:20
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/cdecd2-38d6-40cf-ab02-dab9dc6dc4c9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/cdecd2-38d6-40cf-ab02-dab9dc6dc4c9/1/gbZaIw1pJ9usIBCX-Uni6qJzEiA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2d80::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  203218

    Signature Algorithm: sha256WithRSAEncryption
         35:16:b6:ba:34:a2:0c:85:aa:c9:fb:e7:da:71:79:4b:dc:84:
         d4:b9:35:97:26:55:99:af:d4:31:2a:4c:4b:40:58:51:67:26:
         f7:99:22:05:9b:1f:f5:5a:84:d8:37:16:d9:eb:95:6c:c3:7e:
         50:29:60:63:48:49:37:cf:94:29:85:2d:fe:58:72:a7:d7:9c:
         aa:e2:c1:b6:e1:27:48:92:a6:aa:f7:8d:b4:8c:30:93:cc:3a:
         80:6a:7e:24:e4:ee:e0:6b:0a:03:0f:c9:c0:50:cd:72:2e:55:
         7a:ab:17:d5:46:98:c3:dd:1b:dd:69:45:7d:d5:50:1d:b0:eb:
         07:7a:26:c4:7a:f1:82:8d:bf:be:96:70:73:12:ca:ca:27:3f:
         da:6c:ec:48:7c:d7:b3:c8:b1:6b:a2:6e:80:df:87:64:73:3c:
         a2:a6:e5:a7:ff:9f:af:56:cd:dd:c4:9c:c9:4b:c0:1d:3b:5d:
         f6:46:eb:4e:34:73:b0:c1:64:a6:45:bb:58:a4:ae:6e:5b:f8:
         7e:d7:f2:09:94:b7:99:83:eb:1e:52:78:6b:2c:e6:ea:d5:b8:
         39:d9:fd:6f:32:40:fc:23:6a:48:77:99:bb:d6:1f:87:65:7a:
         ff:df:d4:7f:cb:8a:80:a1:d3:fd:99:91:4b:ce:d1:2d:0a:a9:
         99:5b:76:24
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZQi+x8oQ5VwUlp7sEAVXvrDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTc0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWI2NWEyMzBkNjkyN2RiYWMyMDEwOTdmOTQ5ZTJlYWEyNzMxMjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxk6QVDVDooYn3kSdc4LEVjvSF7M
Wrmt4GMJgXU2OfoMh+HN6QmcbRqDrA7LQy5FV+2p2I7PsOoQVBnEbb/C06XfNb9r
pmS2VIdh7tLsabiOYzUzkuqmndFbiRnkGoteMxiXCEMekpI5SVWfSu+GE1cclA8f
eYVDH0dD5gS5aZI02Q242A681irJSo9Hznvugg6aRgIxihFapASdLY9e6dWLVvB/
taLdImivr+RDdbLbtmU232zUtcuAG10uMfKa8U4utU+uCFwSZ8AZ3yfbV15FhFyn
70MkyJiaoE0efnF3c4AqF01g62X5u3SamuHp/wDhE7OrHhvO6gFmPjeP6wIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFIG2WiMNaSfbrCAQl/lJ4uqicxIgMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzI3L2NkZWNk
Mi0zOGQ2LTQwY2YtYWIwMi1kYWI5ZGM2ZGM0YzkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjcvY2RlY2Qy
LTM4ZDYtNDBjZi1hYjAyLWRhYjlkYzZkYzRjOS8xL2diWmFJdzFwSjl1c0lCQ1gt
VW5pNnFKekVpQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC2AMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwMZ0jANBgkqhkiG9w0BAQsFAAOCAQEANRa2ujSiDIWqyfvn2nF5S9yE1Lk1
lyZVma/UMSpMS0BYUWcm95kiBZsf9VqE2DcW2euVbMN+UClgY0hJN8+UKYUt/lhy
p9ecquLBtuEnSJKmqveNtIwwk8w6gGp+JOTu4GsKAw/JwFDNci5VeqsX1UaYw90b
3WlFfdVQHbDrB3omxHrxgo2/vpZwcxLKyic/2mzsSHzXs8ixa6JugN+HZHM8oqbl
p/+fr1bN3cScyUvAHTtd9kbrTjRzsMFkpkW7WKSublv4ftfyCZS3mYPrHlJ4ayzm
6tW4Odn9bzJA/CNqSHeZu9Yfh2V6/9/Uf8uKgKHT/ZmRS87RLQqpmVt2JA==
-----END CERTIFICATE-----