Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/hmdXn-dB-sMpnUGRvAONcQxDg3g.cer
File:                     hmdXn-dB-sMpnUGRvAONcQxDg3g.cer (raw, json)
Hash identifier:          vaUw6dMw72xpPt55LupxcaaqorWrcbQRM0wF2xmDMcU=
Subject key identifier:   86:67:57:9F:E7:41:FA:C3:29:9D:41:91:BC:03:8D:71:0C:43:83:78
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194228DF6DDFA2210B266EC0BFC152381A3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/13/3bf430-00b1-4853-a239-2f165418eb68/1/hmdXn-dB-sMpnUGRvAONcQxDg3g.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/13/3bf430-00b1-4853-a239-2f165418eb68/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 15:48:36 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 198015
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:f6:dd:fa:22:10:b2:66:ec:0b:fc:15:23:81:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 15:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8667579fe741fac3299d4191bc038d710c438378
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:6e:e2:40:b6:e3:4a:0e:6f:d1:49:b0:1d:ce:
                    39:d3:f9:3c:a9:e5:d1:42:76:81:a9:e7:c3:77:c3:
                    59:c3:5a:81:d0:00:d7:9f:e3:3f:a1:2d:bc:eb:c3:
                    05:be:bd:55:ac:a8:b8:ab:18:03:4d:8b:19:7c:2a:
                    01:d5:a0:62:5f:cb:e2:89:be:31:03:94:6f:03:46:
                    d3:a3:3c:00:04:1d:27:1b:c0:bd:9c:15:32:47:fd:
                    f8:f7:c7:34:c3:ee:34:e3:bf:b4:ec:77:aa:33:96:
                    26:2c:c9:c8:97:62:fa:00:74:58:87:a4:ca:9b:70:
                    4a:ea:c0:ee:5e:15:bf:77:90:44:70:99:f3:4d:aa:
                    d2:10:b0:d3:17:11:a0:66:73:0e:d2:72:2a:8b:9f:
                    e7:ee:b8:5b:55:ac:26:d3:f7:69:c4:e7:40:55:57:
                    60:90:a0:b3:51:35:1f:b1:e7:f1:bc:77:c9:31:b4:
                    36:ab:b1:1a:94:f3:f5:f8:c2:09:ac:d4:bc:a6:f0:
                    46:9a:f9:55:da:92:23:70:fa:c6:34:ec:5f:d3:64:
                    ec:40:71:a6:fb:e4:2e:14:cb:d0:4b:6d:ee:7d:fc:
                    38:52:d9:49:c1:75:b0:49:37:d0:60:2d:c9:9b:87:
                    8c:b3:7c:81:62:24:86:40:f6:44:b7:58:87:80:35:
                    3f:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:67:57:9F:E7:41:FA:C3:29:9D:41:91:BC:03:8D:71:0C:43:83:78
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/3bf430-00b1-4853-a239-2f165418eb68/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/3bf430-00b1-4853-a239-2f165418eb68/1/hmdXn-dB-sMpnUGRvAONcQxDg3g.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198015

    Signature Algorithm: sha256WithRSAEncryption
         24:42:7e:76:b1:bc:7a:68:39:62:58:5d:96:90:9c:9a:7d:f9:
         9f:03:c4:eb:8c:fd:04:a5:3f:b2:93:eb:eb:d7:10:2d:04:d5:
         c1:4c:3b:9f:30:ff:63:ea:bb:51:75:02:24:41:12:9a:41:c8:
         e0:6f:90:d8:a2:e3:c5:3d:24:0f:37:4b:f3:49:36:0d:18:a5:
         83:54:b9:ea:91:f4:a2:aa:68:f9:11:95:4a:23:9f:49:31:60:
         0a:c3:1d:27:4c:dc:c4:13:af:87:e3:f8:a7:ee:43:d2:f2:c1:
         80:eb:b2:81:a2:12:ce:f5:d4:91:0b:69:63:b9:03:eb:e4:e2:
         8b:dd:69:09:b7:37:19:10:7a:40:9d:83:d0:47:ee:c2:b6:51:
         a4:b6:d7:b5:43:81:aa:47:f0:a2:12:22:30:6e:ee:43:e7:e6:
         4f:f6:aa:fc:7a:72:04:9b:af:84:dd:a0:b9:b8:50:74:5b:a1:
         c5:a7:fc:c3:63:f6:b6:bc:27:2b:b5:83:88:e4:da:eb:cc:f1:
         02:13:1b:b3:6d:ba:e9:bf:8a:09:c6:f1:a9:d5:2f:7c:c6:bb:
         95:fc:98:8a:62:03:a3:69:e9:3b:b7:2e:2f:01:fa:a5:6d:78:
         ad:06:87:57:b8:83:60:c4:28:6e:9d:ba:fd:43:12:05:31:f9:
         df:7f:8e:a2
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQijfbd+iIQsmbsC/wVI4GjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTU0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjY3NTc5ZmU3NDFmYWMzMjk5ZDQxOTFiYzAzOGQ3MTBjNDM4Mzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz27iQLbjSg5v0UmwHc450/k8qeXR
QnaBqefDd8NZw1qB0ADXn+M/oS2868MFvr1VrKi4qxgDTYsZfCoB1aBiX8viib4x
A5RvA0bTozwABB0nG8C9nBUyR/3498c0w+4047+07HeqM5YmLMnIl2L6AHRYh6TK
m3BK6sDuXhW/d5BEcJnzTarSELDTFxGgZnMO0nIqi5/n7rhbVawm0/dpxOdAVVdg
kKCzUTUfsefxvHfJMbQ2q7EalPP1+MIJrNS8pvBGmvlV2pIjcPrGNOxf02TsQHGm
++QuFMvQS23uffw4UtlJwXWwSTfQYC3Jm4eMs3yBYiSGQPZEt1iHgDU/ZwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFIZnV5/nQfrDKZ1BkbwDjXEMQ4N4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEzLzNiZjQz
MC0wMGIxLTQ4NTMtYTIzOS0yZjE2NTQxOGViNjgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTMvM2JmNDMw
LTAwYjEtNDg1My1hMjM5LTJmMTY1NDE4ZWI2OC8xL2htZFhuLWRCLXNNcG5VR1J2
QU9OY1F4RGczZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMFfzANBgkqhkiG9w0BAQsFAAOCAQEAJEJ+drG8emg5
YlhdlpCcmn35nwPE64z9BKU/spPr69cQLQTVwUw7nzD/Y+q7UXUCJEESmkHI4G+Q
2KLjxT0kDzdL80k2DRilg1S56pH0oqpo+RGVSiOfSTFgCsMdJ0zcxBOvh+P4p+5D
0vLBgOuygaISzvXUkQtpY7kD6+Tii91pCbc3GRB6QJ2D0EfuwrZRpLbXtUOBqkfw
ohIiMG7uQ+fmT/aq/HpyBJuvhN2gubhQdFuhxaf8w2P2trwnK7WDiOTa68zxAhMb
s2266b+KCcbxqdUvfMa7lfyYimIDo2npO7cuLwH6pW14rQaHV7iDYMQobp26/UMS
BTH533+Oog==
-----END CERTIFICATE-----