Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/hvH06JS38tbeGWF30OzA3s4oaZY.cer
File:                     hvH06JS38tbeGWF30OzA3s4oaZY.cer (raw, json)
Hash identifier:          9/RzTVrGYJpaGOvi+TJRO5LijqHPnwIrTFwCWk3t0ao=
Subject key identifier:   86:F1:F4:E8:94:B7:F2:D6:DE:19:61:77:D0:EC:C0:DE:CE:28:69:96
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019424B3959A14647DC1EA47F93E786D518A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8a/8b0b93-867e-4062-a65b-66775b0ab7d1/1/hvH06JS38tbeGWF30OzA3s4oaZY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8a/8b0b93-867e-4062-a65b-66775b0ab7d1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 01:48:56 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 57974
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:95:9a:14:64:7d:c1:ea:47:f9:3e:78:6d:51:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 01:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86f1f4e894b7f2d6de196177d0ecc0dece286996
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:49:a1:f8:96:f3:cc:fc:6d:5e:e7:91:2e:f7:
                    24:e0:4e:0c:04:45:8b:90:1a:61:dc:c1:4f:a3:96:
                    fc:7a:99:10:e3:e6:0b:7d:72:3d:c8:db:61:63:1f:
                    47:2a:45:e8:96:04:d4:75:14:b6:59:6c:be:18:f6:
                    47:85:39:b5:1d:c5:84:c3:f0:68:0d:f9:c0:9c:5c:
                    4b:ee:2c:83:48:6c:ce:98:61:5e:19:7b:31:70:97:
                    be:98:e5:13:8a:86:e9:30:4f:f1:42:0b:e5:9e:e5:
                    be:41:60:6e:1c:f4:9e:a5:99:a8:cd:3c:0a:ad:a4:
                    ac:98:46:62:e6:a8:e8:0e:ca:fb:fa:a0:b6:68:4e:
                    34:fb:5a:38:55:b2:3b:11:cf:dd:ec:6d:d9:ed:25:
                    9f:16:9e:8e:1a:5a:95:e5:00:fe:ae:8e:11:e4:60:
                    9f:47:43:f4:64:b9:c1:d0:de:cd:b4:da:ee:2d:d0:
                    0c:85:e5:01:b8:00:df:07:7f:1d:c8:94:54:12:c4:
                    67:12:42:0d:d7:52:ce:34:95:f6:e3:2b:67:3d:01:
                    cb:69:44:fe:40:11:50:3d:27:61:dc:5d:69:ac:32:
                    c0:28:49:26:00:ce:85:60:22:76:ff:5a:44:7c:2e:
                    e3:da:68:e1:83:0d:65:80:27:a3:f5:71:aa:85:4e:
                    e8:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:F1:F4:E8:94:B7:F2:D6:DE:19:61:77:D0:EC:C0:DE:CE:28:69:96
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/8b0b93-867e-4062-a65b-66775b0ab7d1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/8b0b93-867e-4062-a65b-66775b0ab7d1/1/hvH06JS38tbeGWF30OzA3s4oaZY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  57974

    Signature Algorithm: sha256WithRSAEncryption
         9b:d3:75:a3:69:b9:0f:a2:3d:99:38:89:8d:bf:54:eb:2d:6a:
         9f:9a:2c:a5:30:a0:6c:eb:6f:2a:8a:2b:24:4c:40:4d:c5:26:
         c4:4d:2c:be:34:ac:a2:9f:b5:7f:82:9c:c2:09:e1:83:59:1d:
         2f:52:e4:bd:04:08:e0:67:cd:2f:83:f6:6e:7d:6f:e7:32:bc:
         56:3a:bc:f4:3f:83:90:d9:c9:7c:0f:d7:86:f6:e2:f0:d5:dd:
         98:95:a3:e6:1d:e7:9d:8e:86:cb:95:7f:7a:35:ff:cf:c3:46:
         86:02:71:64:6c:7c:14:49:b9:f8:4e:fe:7f:01:84:9c:b7:53:
         cf:0c:39:23:13:bf:98:56:89:58:bd:6f:76:46:6d:e2:73:c3:
         19:de:cb:be:cf:c6:b7:65:ea:a1:9b:7a:77:c9:00:7d:60:2b:
         a0:68:8f:d8:7c:96:fd:91:c4:93:e9:89:8c:e6:71:eb:fd:9b:
         3c:2e:15:ba:b6:23:9e:35:b8:2e:55:68:01:44:63:e7:c6:4b:
         0b:4e:1a:00:25:88:44:4e:9a:ed:21:eb:04:1c:d7:ea:8e:03:
         ca:20:c6:65:44:a1:3c:91:bc:0c:8d:9a:d7:fe:71:20:6d:8e:
         b1:60:a5:e0:a1:fb:49:2c:4e:36:6e:ee:cb:ca:d7:92:ef:7d:
         d7:de:83:fe
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQks5WaFGR9wepH+T54bVGKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDE0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmYxZjRlODk0YjdmMmQ2ZGUxOTYxNzdkMGVjYzBkZWNlMjg2OTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0mh+JbzzPxtXueRLvck4E4MBEWL
kBph3MFPo5b8epkQ4+YLfXI9yNthYx9HKkXolgTUdRS2WWy+GPZHhTm1HcWEw/Bo
DfnAnFxL7iyDSGzOmGFeGXsxcJe+mOUTiobpME/xQgvlnuW+QWBuHPSepZmozTwK
raSsmEZi5qjoDsr7+qC2aE40+1o4VbI7Ec/d7G3Z7SWfFp6OGlqV5QD+ro4R5GCf
R0P0ZLnB0N7NtNruLdAMheUBuADfB38dyJRUEsRnEkIN11LONJX24ytnPQHLaUT+
QBFQPSdh3F1prDLAKEkmAM6FYCJ2/1pEfC7j2mjhgw1lgCej9XGqhU7ouwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFIbx9OiUt/LW3hlhd9DswN7OKGmWMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhhLzhiMGI5
My04NjdlLTQwNjItYTY1Yi02Njc3NWIwYWI3ZDEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGEvOGIwYjkz
LTg2N2UtNDA2Mi1hNjViLTY2Nzc1YjBhYjdkMS8xL2h2SDA2SlMzOHRiZUdXRjMw
T3pBM3M0b2FaWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwDidjANBgkqhkiG9w0BAQsFAAOCAQEAm9N1o2m5D6I9
mTiJjb9U6y1qn5ospTCgbOtvKoorJExATcUmxE0svjSsop+1f4Kcwgnhg1kdL1Lk
vQQI4GfNL4P2bn1v5zK8Vjq89D+DkNnJfA/Xhvbi8NXdmJWj5h3nnY6Gy5V/ejX/
z8NGhgJxZGx8FEm5+E7+fwGEnLdTzww5IxO/mFaJWL1vdkZt4nPDGd7Lvs/Gt2Xq
oZt6d8kAfWAroGiP2HyW/ZHEk+mJjOZx6/2bPC4VurYjnjW4LlVoAURj58ZLC04a
ACWIRE6a7SHrBBzX6o4DyiDGZUShPJG8DI2a1/5xIG2OsWCl4KH7SSxONm7uy8rX
ku99196D/g==
-----END CERTIFICATE-----