Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/gd8f5SA1TdO7PpJkp2z1PrB9sHI.cer
File:                     gd8f5SA1TdO7PpJkp2z1PrB9sHI.cer (raw, json)
Hash identifier:          BnxUQQ3rzcSXrKMU5Ih0Gz4GEi06CA86Pb5aEy67eWM=
Subject key identifier:   81:DF:1F:E5:20:35:4D:D3:BB:3E:92:64:A7:6C:F5:3E:B0:7D:B0:72
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941F8C883ECC006FD9D0DD170C4D082952
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/88/ad975c-2011-4b9c-ad3e-53f07b1f621e/1/gd8f5SA1TdO7PpJkp2z1PrB9sHI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/88/ad975c-2011-4b9c-ad3e-53f07b1f621e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 01:48:11 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 210086
                          IP: 85.117.248.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:88:3e:cc:00:6f:d9:d0:dd:17:0c:4d:08:29:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=81df1fe520354dd3bb3e9264a76cf53eb07db072
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:98:9f:dd:16:eb:07:6c:ba:82:be:07:2d:40:
                    4c:34:52:11:a4:4d:83:69:de:58:47:2c:2f:6c:26:
                    45:06:06:4d:7f:fd:49:02:6a:9c:24:7a:32:4a:d2:
                    7e:0a:4c:b0:7f:10:ef:b6:43:81:20:5c:79:e3:c0:
                    ae:ad:a8:78:e9:a3:d2:af:d0:c2:90:d6:df:d0:e1:
                    fb:0f:ae:58:c8:14:66:5e:78:0d:ba:05:6d:77:a0:
                    d7:db:dc:5f:7e:87:64:a3:3c:eb:cc:69:c3:f2:e1:
                    e3:bc:b5:da:44:fe:92:45:8b:1c:eb:68:98:0f:c3:
                    50:ca:5a:f2:29:5e:0c:5b:5b:c9:24:d9:e9:7c:21:
                    1e:c6:73:48:2d:d7:14:11:16:d7:0e:7e:eb:75:4b:
                    15:45:5f:2e:30:33:f5:56:bb:07:dd:16:5d:b2:d0:
                    a7:c6:f3:de:98:fb:aa:d0:8f:1a:ce:57:01:97:83:
                    6d:76:7d:06:d0:80:a6:6b:ee:54:ab:1d:7c:ac:62:
                    11:68:22:b8:d5:37:7d:05:c6:f9:2e:03:6c:37:0a:
                    4a:c8:be:07:9c:5a:f8:b7:b7:07:d0:98:18:71:d5:
                    6e:76:14:98:9c:65:2b:f2:0b:d5:59:40:0d:f5:66:
                    91:1b:2b:4f:24:11:5f:8d:d3:22:f1:da:ff:b7:0c:
                    ed:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:DF:1F:E5:20:35:4D:D3:BB:3E:92:64:A7:6C:F5:3E:B0:7D:B0:72
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/ad975c-2011-4b9c-ad3e-53f07b1f621e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/ad975c-2011-4b9c-ad3e-53f07b1f621e/1/gd8f5SA1TdO7PpJkp2z1PrB9sHI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.117.248.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210086

    Signature Algorithm: sha256WithRSAEncryption
         54:c3:ab:56:d6:e5:48:2d:a9:9a:7c:bc:f6:bc:bb:30:27:4e:
         5c:9b:1c:a4:d4:24:56:98:e9:88:ad:dd:9a:69:33:ac:54:92:
         db:f0:25:c9:b3:39:ae:f3:b9:fa:04:07:ed:d7:cc:a1:c5:e1:
         eb:30:49:17:5b:10:f1:97:9a:19:f2:09:e2:93:29:e4:ac:6a:
         ff:12:d1:d3:08:12:85:01:14:de:c4:cd:75:6f:af:b2:04:b4:
         6f:2d:1f:5c:92:a3:bb:60:25:dc:3a:59:8f:4e:59:ba:93:61:
         ce:c4:8a:79:64:93:32:e2:43:a8:7c:1a:8a:bd:2a:42:b3:e5:
         1a:92:90:28:89:75:1b:56:6c:3d:a2:54:ee:94:99:88:21:c4:
         22:4e:cf:69:09:70:03:e6:41:66:9c:f0:4b:76:e7:57:44:5e:
         94:67:bb:e5:04:17:58:c0:b6:c3:8f:65:60:a2:ec:c5:f0:ce:
         19:a5:4c:82:50:af:c9:75:3c:66:6f:b2:4d:8f:fc:73:9c:0f:
         42:09:01:40:04:7d:0b:79:43:e5:fc:69:4a:50:2b:b7:5b:58:
         df:da:52:96:cd:21:21:c5:5d:4c:60:29:a2:61:ea:5c:03:58:
         ef:83:e7:1d:bb:e5:ad:0c:24:87:65:98:4f:07:98:f8:da:ea:
         15:b3:99:3a
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQfjIg+zABv2dDdFwxNCClSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWRmMWZlNTIwMzU0ZGQzYmIzZTkyNjRhNzZjZjUzZWIwN2RiMDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJif3RbrB2y6gr4HLUBMNFIRpE2D
ad5YRywvbCZFBgZNf/1JAmqcJHoyStJ+CkywfxDvtkOBIFx548Curah46aPSr9DC
kNbf0OH7D65YyBRmXngNugVtd6DX29xffodkozzrzGnD8uHjvLXaRP6SRYsc62iY
D8NQylryKV4MW1vJJNnpfCEexnNILdcUERbXDn7rdUsVRV8uMDP1VrsH3RZdstCn
xvPemPuq0I8azlcBl4Ntdn0G0ICma+5Uqx18rGIRaCK41Td9Bcb5LgNsNwpKyL4H
nFr4t7cH0JgYcdVudhSYnGUr8gvVWUAN9WaRGytPJBFfjdMi8dr/twztoQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFIHfH+UgNU3Tuz6SZKds9T6wfbByMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg4L2FkOTc1
Yy0yMDExLTRiOWMtYWQzZS01M2YwN2IxZjYyMWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODgvYWQ5NzVj
LTIwMTEtNGI5Yy1hZDNlLTUzZjA3YjFmNjIxZS8xL2dkOGY1U0ExVGRPN1BwSmtw
MnoxUHJCOXNISS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCVXX4MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwM0pjANBgkqhkiG9w0BAQsFAAOCAQEAVMOrVtblSC2pmny89ry7MCdOXJscpNQk
VpjpiK3dmmkzrFSS2/AlybM5rvO5+gQH7dfMocXh6zBJF1sQ8ZeaGfIJ4pMp5Kxq
/xLR0wgShQEU3sTNdW+vsgS0by0fXJKju2Al3DpZj05ZupNhzsSKeWSTMuJDqHwa
ir0qQrPlGpKQKIl1G1ZsPaJU7pSZiCHEIk7PaQlwA+ZBZpzwS3bnV0RelGe75QQX
WMC2w49lYKLsxfDOGaVMglCvyXU8Zm+yTY/8c5wPQgkBQAR9C3lD5fxpSlArt1tY
39pSls0hIcVdTGApomHqXANY74PnHbvlrQwkh2WYTweY+NrqFbOZOg==
-----END CERTIFICATE-----