Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/hUkvKmkQQzxbzYJpxEDowceADWs.cer
File:                     hUkvKmkQQzxbzYJpxEDowceADWs.cer (raw, json)
Hash identifier:          Y67Nz3cVa/imZleO5xTmtW865iqlT/thgcUPogZBNOg=
Subject key identifier:   85:49:2F:2A:69:10:43:3C:5B:CD:82:69:C4:40:E8:C1:C7:80:0D:6B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019424B2812C733CFC20DECDDD0CFB9B3F8D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4f/b38228-0875-491c-9d4f-d6a9a28284cf/1/hUkvKmkQQzxbzYJpxEDowceADWs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4f/b38228-0875-491c-9d4f-d6a9a28284cf/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 01:47:45 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 198435
                          IP: 85.208.248.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:81:2c:73:3c:fc:20:de:cd:dd:0c:fb:9b:3f:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 01:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85492f2a6910433c5bcd8269c440e8c1c7800d6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c3:b9:7d:e2:71:8f:45:c2:ea:05:7d:46:ca:
                    49:6c:60:46:f6:08:0e:7a:a4:d4:f0:99:78:8c:90:
                    1e:4e:20:3e:69:03:6d:86:03:5b:bc:df:ca:e3:d8:
                    3e:68:9d:b0:02:5d:1a:65:e9:3e:0b:cf:e5:54:e6:
                    fe:fe:4d:b2:ca:1a:de:dd:b3:3d:7f:21:7d:32:d3:
                    bf:bc:c5:cb:61:83:01:a4:7f:e8:50:0c:16:6b:26:
                    46:a3:b5:78:e6:65:cd:c3:f6:c0:7f:41:0e:f9:4c:
                    5f:76:e9:3a:c0:e8:72:6d:33:0a:f2:b7:32:42:a2:
                    e6:cd:81:e7:65:09:10:26:ec:00:55:1b:20:fd:22:
                    29:bd:70:a4:92:63:e9:96:93:39:8d:47:ff:29:7a:
                    bc:43:cf:e8:e6:75:1b:9c:d8:99:37:19:0a:55:d9:
                    00:d2:d8:b9:8a:5a:44:9c:5a:f2:45:d7:28:8c:5b:
                    19:12:4a:b9:df:ee:6c:14:11:f2:12:36:f1:bf:22:
                    10:01:7f:df:b8:9f:a3:77:ed:3a:56:ac:c8:21:9c:
                    4f:d4:89:54:5b:95:38:69:c6:f6:9b:a0:8b:27:bb:
                    05:d4:44:d4:21:2b:2d:c0:cd:22:7d:b8:0a:9f:7d:
                    ec:05:f7:cb:7d:ed:02:ab:de:bd:68:09:51:10:f8:
                    00:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:49:2F:2A:69:10:43:3C:5B:CD:82:69:C4:40:E8:C1:C7:80:0D:6B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/b38228-0875-491c-9d4f-d6a9a28284cf/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/b38228-0875-491c-9d4f-d6a9a28284cf/1/hUkvKmkQQzxbzYJpxEDowceADWs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.248.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198435

    Signature Algorithm: sha256WithRSAEncryption
         45:06:5a:30:a6:24:cc:ef:fa:b7:28:37:5f:bb:b2:16:11:c3:
         88:d1:eb:f8:a2:8b:84:4f:9d:40:28:e1:7c:6b:e8:0d:f3:a9:
         e7:16:fd:94:e8:a2:70:98:b2:bb:b1:77:e5:fe:dd:a0:0a:cb:
         70:8d:28:de:ab:03:11:19:cb:7d:03:be:a8:41:e7:c0:6a:98:
         f3:c9:55:e4:d5:f9:83:d8:99:bb:1f:b2:55:d9:4b:49:21:3e:
         d1:8c:cf:32:2b:fe:01:94:15:92:e8:40:7c:d8:55:4e:cf:49:
         bf:4b:10:3b:4f:ad:98:cc:16:27:ea:98:da:90:74:1b:49:f4:
         2b:f6:ac:54:ca:a2:71:7b:43:7b:10:f7:2c:c1:c6:8d:93:9c:
         b8:6a:3b:55:be:7a:39:b5:d0:02:69:d9:74:ab:70:6b:df:43:
         5d:28:cb:24:a6:a3:3b:c6:7a:a2:c4:8d:0e:2b:e0:b7:1d:5e:
         ac:b0:71:f9:7e:8a:90:b3:dc:30:fb:d9:ce:e3:b4:d7:d0:13:
         4b:25:2f:11:4d:f3:4e:09:e3:8c:e1:d4:6b:6d:25:00:19:f8:
         6a:a7:87:ef:f0:f7:82:01:55:05:69:87:c5:a8:7b:94:ef:64:
         8f:9b:66:c5:f8:39:c9:33:7e:32:ed:aa:f4:6b:00:de:6a:41:
         1e:4d:16:39
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQksoEsczz8IN7N3Qz7mz+NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDE0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTQ5MmYyYTY5MTA0MzNjNWJjZDgyNjljNDQwZThjMWM3ODAwZDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMO5feJxj0XC6gV9RspJbGBG9ggO
eqTU8Jl4jJAeTiA+aQNthgNbvN/K49g+aJ2wAl0aZek+C8/lVOb+/k2yyhre3bM9
fyF9MtO/vMXLYYMBpH/oUAwWayZGo7V45mXNw/bAf0EO+Uxfduk6wOhybTMK8rcy
QqLmzYHnZQkQJuwAVRsg/SIpvXCkkmPplpM5jUf/KXq8Q8/o5nUbnNiZNxkKVdkA
0ti5ilpEnFryRdcojFsZEkq53+5sFBHyEjbxvyIQAX/fuJ+jd+06VqzIIZxP1IlU
W5U4acb2m6CLJ7sF1ETUISstwM0ifbgKn33sBffLfe0Cq969aAlREPgAbwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFIVJLyppEEM8W82CacRA6MHHgA1rMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRmL2IzODIy
OC0wODc1LTQ5MWMtOWQ0Zi1kNmE5YTI4Mjg0Y2YvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGYvYjM4MjI4
LTA4NzUtNDkxYy05ZDRmLWQ2YTlhMjgyODRjZi8xL2hVa3ZLbWtRUXp4YnpZSnB4
RURvd2NlQURXcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCVdD4MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMHIzANBgkqhkiG9w0BAQsFAAOCAQEARQZaMKYkzO/6tyg3X7uyFhHDiNHr+KKL
hE+dQCjhfGvoDfOp5xb9lOiicJiyu7F35f7doArLcI0o3qsDERnLfQO+qEHnwGqY
88lV5NX5g9iZux+yVdlLSSE+0YzPMiv+AZQVkuhAfNhVTs9Jv0sQO0+tmMwWJ+qY
2pB0G0n0K/asVMqicXtDexD3LMHGjZOcuGo7Vb56ObXQAmnZdKtwa99DXSjLJKaj
O8Z6osSNDivgtx1erLBx+X6KkLPcMPvZzuO019ATSyUvEU3zTgnjjOHUa20lABn4
aqeH7/D3ggFVBWmHxah7lO9kj5tmxfg5yTN+Mu2q9GsA3mpBHk0WOQ==
-----END CERTIFICATE-----