Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/i29IgAONVauY18tm38-ol7e6Eeg.cer
File:                     i29IgAONVauY18tm38-ol7e6Eeg.cer (raw, json)
Hash identifier:          pWcR+BhML4QmOaTFc6k9otMqlMH5WtO0Y7CKREB8VyQ=
Subject key identifier:   8B:6F:48:80:03:8D:55:AB:98:D7:CB:66:DF:CF:A8:97:B7:BA:11:E8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420D62755C1BBC5C8C5E1EF54002C91D0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f4/d0c38d-9f02-418b-96b2-fb3111dbd1ca/1/i29IgAONVauY18tm38-ol7e6Eeg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f4/d0c38d-9f02-418b-96b2-fb3111dbd1ca/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 07:48:13 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 203045
                          IP: 2001:678:140::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:27:55:c1:bb:c5:c8:c5:e1:ef:54:00:2c:91:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b6f4880038d55ab98d7cb66dfcfa897b7ba11e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:e0:09:9a:b3:dc:96:f6:3c:45:96:00:38:85:
                    55:47:c8:d0:1f:8b:8e:bb:76:5e:85:57:c8:5d:06:
                    97:44:fb:c1:51:c7:97:f7:40:d5:f0:9f:fe:e9:9c:
                    ef:54:04:30:d7:41:4a:8c:2e:b9:f6:3f:b4:ee:9c:
                    1b:d7:b3:7e:c7:9a:ab:fa:f4:45:37:4d:e6:20:87:
                    03:c9:e8:67:0b:7c:0b:38:f9:9a:0b:5c:67:73:45:
                    10:68:14:61:c5:48:96:5c:86:b7:08:c2:ec:16:6a:
                    cc:ee:fb:a6:46:b4:1a:a8:20:97:b2:69:be:f4:cb:
                    31:ae:3b:dd:45:25:bf:cc:c0:89:1b:97:99:b1:14:
                    ef:55:ce:18:75:ad:59:55:2b:91:89:76:87:31:2c:
                    0b:5e:a7:67:5c:71:00:eb:18:25:b2:51:e0:2a:95:
                    4c:2c:9e:3f:3f:83:8a:44:b6:4b:4a:33:06:4f:c6:
                    00:8f:2d:a6:7d:e3:83:a7:80:1c:2c:34:56:51:ac:
                    01:df:67:ac:4a:5f:5f:a5:75:96:14:69:14:92:40:
                    9d:32:0d:09:e1:f8:7d:a4:85:8f:6b:62:31:dc:4c:
                    12:01:ff:f6:3c:11:fa:78:0c:7d:a3:85:ec:d1:64:
                    8f:69:8e:ca:2e:b5:34:c4:d6:8c:19:8c:b4:28:55:
                    2c:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:6F:48:80:03:8D:55:AB:98:D7:CB:66:DF:CF:A8:97:B7:BA:11:E8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/d0c38d-9f02-418b-96b2-fb3111dbd1ca/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/d0c38d-9f02-418b-96b2-fb3111dbd1ca/1/i29IgAONVauY18tm38-ol7e6Eeg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:140::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  203045

    Signature Algorithm: sha256WithRSAEncryption
         79:a9:04:04:a3:ca:0d:89:7b:c1:60:94:60:91:7d:32:52:c2:
         4b:08:b0:e5:48:25:40:17:23:dc:58:cb:2f:61:a2:74:a4:6c:
         91:33:0c:e8:79:c2:94:e6:37:ab:4f:73:b2:90:d5:44:cb:3e:
         7a:b9:96:96:bd:3e:bb:9c:d1:c4:5c:8c:a4:e5:6c:22:65:93:
         ab:68:fd:a6:7c:7b:d8:84:09:f6:9d:61:ce:8d:fe:9e:e2:99:
         eb:72:b1:6a:5b:db:fd:79:ba:cc:3d:ef:aa:7a:a9:9e:36:3d:
         dc:15:a2:70:1b:c9:8f:00:1b:8c:a9:1d:2f:24:54:4e:4f:bd:
         ac:0d:05:fb:63:31:3f:93:5d:f5:8b:70:97:f7:10:13:b0:03:
         24:2f:ae:42:1c:24:cd:45:08:70:d9:11:0a:be:b3:e6:71:21:
         e7:fc:2a:6b:d8:27:fd:44:f1:65:ad:36:23:11:ae:35:c1:de:
         84:8a:19:e6:a7:96:a3:63:e3:d9:27:c5:e5:c6:c7:50:fc:39:
         9a:51:e4:4c:e1:25:da:41:79:87:f6:d7:f5:01:20:aa:ec:36:
         bf:39:e8:bd:21:a7:e5:3b:7a:f3:23:42:d4:40:47:00:89:4b:
         a0:ce:8f:07:a0:a3:bb:45:76:8b:64:3d:44:57:9c:8d:ff:ce:
         db:29:db:be
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZQg1idVwbvFyMXh71QALJHQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDc0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjZmNDg4MDAzOGQ1NWFiOThkN2NiNjZkZmNmYTg5N2I3YmExMWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4OAJmrPclvY8RZYAOIVVR8jQH4uO
u3ZehVfIXQaXRPvBUceX90DV8J/+6ZzvVAQw10FKjC659j+07pwb17N+x5qr+vRF
N03mIIcDyehnC3wLOPmaC1xnc0UQaBRhxUiWXIa3CMLsFmrM7vumRrQaqCCXsmm+
9MsxrjvdRSW/zMCJG5eZsRTvVc4Yda1ZVSuRiXaHMSwLXqdnXHEA6xglslHgKpVM
LJ4/P4OKRLZLSjMGT8YAjy2mfeODp4AcLDRWUawB32esSl9fpXWWFGkUkkCdMg0J
4fh9pIWPa2Ix3EwSAf/2PBH6eAx9o4Xs0WSPaY7KLrU0xNaMGYy0KFUsYwIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFItvSIADjVWrmNfLZt/PqJe3uhHoMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y0L2QwYzM4
ZC05ZjAyLTQxOGItOTZiMi1mYjMxMTFkYmQxY2EvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjQvZDBjMzhk
LTlmMDItNDE4Yi05NmIyLWZiMzExMWRiZDFjYS8xL2kyOUlnQU9OVmF1WTE4dG0z
OC1vbDdlNkVlZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAFAMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwMZJTANBgkqhkiG9w0BAQsFAAOCAQEAeakEBKPKDYl7wWCUYJF9MlLCSwiw
5UglQBcj3FjLL2GidKRskTMM6HnClOY3q09zspDVRMs+ermWlr0+u5zRxFyMpOVs
ImWTq2j9pnx72IQJ9p1hzo3+nuKZ63Kxalvb/Xm6zD3vqnqpnjY93BWicBvJjwAb
jKkdLyRUTk+9rA0F+2MxP5Nd9Ytwl/cQE7ADJC+uQhwkzUUIcNkRCr6z5nEh5/wq
a9gn/UTxZa02IxGuNcHehIoZ5qeWo2Pj2SfF5cbHUPw5mlHkTOEl2kF5h/bX9QEg
quw2vznovSGn5Tt68yNC1EBHAIlLoM6PB6Cju0V2i2Q9RFecjf/O2ynbvg==
-----END CERTIFICATE-----