Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/geTmB1l46pR2tkHOAIx4erKOXRM.cer
File:                     geTmB1l46pR2tkHOAIx4erKOXRM.cer (raw, json)
Hash identifier:          YaS08GO5tbtSyLa/OMCx3Q94mr7NlmCbUeoXva6bIL0=
Subject key identifier:   81:E4:E6:07:59:78:EA:94:76:B6:41:CE:00:8C:78:7A:B2:8E:5D:13
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194221FE0E8E9E8DA0F021B1472079685C6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4d/793709-ee58-4f76-b308-862b86b6e642/1/geTmB1l46pR2tkHOAIx4erKOXRM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4d/793709-ee58-4f76-b308-862b86b6e642/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 13:48:22 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.65.188.0/22
                          IP: 2a03:1c20::/32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:e0:e8:e9:e8:da:0f:02:1b:14:72:07:96:85:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 13:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=81e4e6075978ea9476b641ce008c787ab28e5d13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:8f:32:c1:14:e5:1a:09:4d:db:15:4e:35:23:
                    ed:c3:ef:4a:38:f8:36:69:06:55:56:37:7c:b9:d0:
                    28:9d:4d:25:6d:48:e6:9f:15:cf:59:5e:2e:d2:80:
                    10:00:a0:9e:23:dc:8e:7b:de:ae:c7:62:75:b6:16:
                    61:70:83:dc:48:ff:78:94:b6:d5:c6:b9:77:d3:02:
                    6a:4b:37:23:16:c7:40:a1:18:4d:e1:c4:8d:7c:21:
                    7d:5f:0e:a4:97:45:47:85:91:54:4a:6d:36:09:e2:
                    e5:04:ba:d2:70:d7:0a:e3:74:a2:9c:a8:06:a3:4f:
                    8b:3a:1f:dd:b5:92:5d:e4:07:4e:e6:4a:68:6b:f9:
                    47:e8:51:b6:c9:e7:16:62:a5:6b:a3:40:eb:97:62:
                    82:8b:6c:cb:12:f5:9d:a6:f4:af:38:5b:32:f0:15:
                    96:d7:bb:85:0b:52:0f:9a:9f:d4:f1:ad:a0:5d:c9:
                    a6:6d:8c:af:95:63:5f:e3:5f:de:0c:92:1c:82:6f:
                    4c:c2:73:52:15:bf:31:74:02:95:ee:94:a9:16:76:
                    bf:cf:7e:db:ac:41:02:f1:5d:76:91:71:00:47:00:
                    f7:b1:60:ad:12:cd:e1:7a:10:1e:df:6d:a1:95:7e:
                    74:db:e9:be:5b:33:32:d8:6b:45:a8:16:22:a1:0a:
                    1c:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:E4:E6:07:59:78:EA:94:76:B6:41:CE:00:8C:78:7A:B2:8E:5D:13
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/793709-ee58-4f76-b308-862b86b6e642/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/793709-ee58-4f76-b308-862b86b6e642/1/geTmB1l46pR2tkHOAIx4erKOXRM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.188.0/22
                IPv6:
                  2a03:1c20::/32

    Signature Algorithm: sha256WithRSAEncryption
         35:28:72:7f:2e:cd:0d:fd:94:b0:a9:ec:d6:d2:e0:0f:c2:cb:
         b6:72:11:b8:f2:bb:d3:1c:e2:0c:0f:28:c9:c8:6f:a3:50:67:
         8d:55:6d:6d:50:24:81:ff:31:94:4b:91:8b:32:9f:a2:0b:da:
         da:a7:90:3a:cb:1d:72:fa:71:b6:37:04:a8:33:d1:48:15:02:
         db:2f:50:24:0d:13:37:d1:df:f2:dc:23:da:2f:be:e7:54:75:
         e8:fa:2b:da:b4:aa:82:dd:1b:8d:70:0e:7e:6f:f4:08:2a:5f:
         0e:d5:ae:cf:7b:82:c2:83:b7:55:7c:86:25:93:e7:76:ef:fb:
         de:6d:89:59:af:6b:73:06:c4:2b:bd:b1:24:79:1a:3d:18:d5:
         7c:0b:6f:9d:5f:e3:5d:fd:86:2a:d3:e5:df:ee:66:21:79:73:
         c1:0b:5c:e1:10:a5:d0:0e:a3:96:a0:64:c1:d0:26:49:5f:9a:
         96:8a:fa:d6:52:6f:80:d6:72:d2:c3:0e:42:86:bf:a0:78:aa:
         2e:96:11:46:25:d2:40:55:59:b0:66:95:e9:f1:40:1a:d2:d7:
         a6:d5:11:14:e8:69:0c:b2:d6:5f:3b:c9:0b:4d:ad:d7:89:ed:
         8e:d1:3a:52:9c:a2:1b:d6:5f:19:3c:22:a1:02:c1:43:2e:ec:
         ab:eb:75:ac
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQiH+Do6ejaDwIbFHIHloXGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTM0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWU0ZTYwNzU5NzhlYTk0NzZiNjQxY2UwMDhjNzg3YWIyOGU1ZDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2I8ywRTlGglN2xVONSPtw+9KOPg2
aQZVVjd8udAonU0lbUjmnxXPWV4u0oAQAKCeI9yOe96ux2J1thZhcIPcSP94lLbV
xrl30wJqSzcjFsdAoRhN4cSNfCF9Xw6kl0VHhZFUSm02CeLlBLrScNcK43SinKgG
o0+LOh/dtZJd5AdO5kpoa/lH6FG2yecWYqVro0Drl2KCi2zLEvWdpvSvOFsy8BWW
17uFC1IPmp/U8a2gXcmmbYyvlWNf41/eDJIcgm9MwnNSFb8xdAKV7pSpFna/z37b
rEEC8V12kXEARwD3sWCtEs3hehAe322hlX502+m+WzMy2GtFqBYioQocdwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFIHk5gdZeOqUdrZBzgCMeHqyjl0TMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRkLzc5Mzcw
OS1lZTU4LTRmNzYtYjMwOC04NjJiODZiNmU2NDIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGQvNzkzNzA5
LWVlNTgtNGY3Ni1iMzA4LTg2MmI4NmI2ZTY0Mi8xL2dlVG1CMWw0NnBSMnRrSE9B
SXg0ZXJLT1hSTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuUG8MA0EAgACMAcDBQAqAxwgMA0GCSqGSIb3
DQEBCwUAA4IBAQA1KHJ/Ls0N/ZSwqezW0uAPwsu2chG48rvTHOIMDyjJyG+jUGeN
VW1tUCSB/zGUS5GLMp+iC9rap5A6yx1y+nG2NwSoM9FIFQLbL1AkDRM30d/y3CPa
L77nVHXo+ivatKqC3RuNcA5+b/QIKl8O1a7Pe4LCg7dVfIYlk+d27/vebYlZr2tz
BsQrvbEkeRo9GNV8C2+dX+Nd/YYq0+Xf7mYheXPBC1zhEKXQDqOWoGTB0CZJX5qW
ivrWUm+A1nLSww5Chr+geKoulhFGJdJAVVmwZpXp8UAa0tem1REU6GkMstZfO8kL
Ta3Xie2O0TpSnKIb1l8ZPCKhAsFDLuyr63Ws
-----END CERTIFICATE-----