Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/iBmVbdzq4CLP4SPaNzxrERZANo0.cer
File:                     iBmVbdzq4CLP4SPaNzxrERZANo0.cer (raw, json)
Hash identifier:          RfVi8TFlJefb8fPWOXI4Kle5U4Cdhyjs8j0YWVVSTTc=
Subject key identifier:   88:19:95:6D:DC:EA:E0:22:CF:E1:23:DA:37:3C:6B:11:16:40:36:8D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194228E1704C0B75427A3FE657948E8BB59
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/37/988768-f17b-4f59-be09-2deb14c290ed/1/iBmVbdzq4CLP4SPaNzxrERZANo0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/37/988768-f17b-4f59-be09-2deb14c290ed/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 15:48:44 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 2600
                          IP: 212.109.224.0/19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:17:04:c0:b7:54:27:a3:fe:65:79:48:e8:bb:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 15:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8819956ddceae022cfe123da373c6b111640368d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:4a:62:8a:bf:b9:3e:57:58:ae:42:c2:65:50:
                    81:88:41:88:0f:5c:9c:dc:e5:ba:28:73:cd:19:4d:
                    be:ff:41:cc:a3:16:46:03:99:7a:be:87:5f:49:bf:
                    39:ec:7a:5b:a4:77:99:5f:a8:47:34:e3:1a:4f:cc:
                    20:03:97:03:9e:bc:1f:1b:49:95:80:0e:a0:12:7e:
                    88:68:be:9e:89:cb:41:d4:b9:7f:26:42:ef:4c:dc:
                    5b:2d:5b:7b:dd:89:38:d8:d5:5b:93:73:f6:4d:67:
                    57:56:85:a5:f0:b9:aa:c6:17:07:d2:73:5f:3f:8b:
                    1c:54:58:31:d7:ce:8a:42:4f:73:0e:0b:d8:c9:70:
                    ba:0b:08:fe:ed:49:03:b3:a6:2e:c0:30:95:d0:0b:
                    56:9b:97:0c:7b:55:a3:48:9b:8d:51:2b:fb:17:bf:
                    a6:52:d0:46:d7:d2:b1:6b:58:67:4e:d7:11:05:9c:
                    b3:21:8e:42:c9:9c:60:7d:23:53:c7:10:a1:36:d0:
                    d6:e7:76:4b:2e:1c:1b:a3:8e:07:b3:6f:b9:fe:7d:
                    2b:55:f8:5c:3f:75:ca:46:7e:4f:21:a4:eb:f2:ad:
                    94:83:8a:fa:5c:ce:f7:94:1e:85:12:fb:41:27:f5:
                    21:cb:51:56:2a:ee:98:37:6c:f1:9e:f2:88:4c:66:
                    01:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:19:95:6D:DC:EA:E0:22:CF:E1:23:DA:37:3C:6B:11:16:40:36:8D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/988768-f17b-4f59-be09-2deb14c290ed/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/988768-f17b-4f59-be09-2deb14c290ed/1/iBmVbdzq4CLP4SPaNzxrERZANo0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.109.224.0/19

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  2600

    Signature Algorithm: sha256WithRSAEncryption
         21:68:cc:88:70:e6:7b:99:93:2e:63:55:83:67:50:0c:41:20:
         f4:04:e8:c6:a8:63:39:64:fc:b2:57:ba:e9:22:37:4a:90:59:
         d8:e9:bc:2e:cb:b8:3e:75:2e:e0:cb:fb:fc:99:62:cb:fb:83:
         1b:28:e6:b9:55:d2:9b:da:39:96:86:67:a1:bb:a2:2a:dd:64:
         89:04:f2:5e:24:71:d0:2b:bb:8c:91:40:f4:98:07:4d:f7:76:
         eb:35:58:80:a2:38:a7:eb:df:8e:40:75:2a:86:c0:b6:3c:3f:
         4f:8f:b0:21:a5:95:fd:29:a1:ee:a3:92:4f:6e:6f:d7:83:a3:
         54:43:16:e9:cf:52:b5:4f:21:09:f4:e7:b3:60:48:97:49:23:
         00:7d:a8:f9:7f:13:95:49:2e:93:e3:a5:0a:99:f9:c3:3b:af:
         39:bd:51:9a:74:09:03:cc:41:33:4f:6f:32:b6:99:3f:36:e2:
         7d:87:7b:79:e0:3e:98:40:f3:3e:64:f0:67:9f:ba:f1:d6:7d:
         7d:35:ff:77:04:8a:17:1a:cc:98:b9:6d:5d:96:94:1c:2b:cd:
         32:1b:91:d3:a3:b0:b2:68:6a:f0:bf:fa:2a:7f:9f:6c:2c:7d:
         5a:c2:f0:cb:fd:6c:e8:db:91:16:d8:90:fd:fd:5f:bd:d2:c8:
         25:d4:2d:ef
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAZQijhcEwLdUJ6P+ZXlI6LtZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTU0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODE5OTU2ZGRjZWFlMDIyY2ZlMTIzZGEzNzNjNmIxMTE2NDAzNjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3kpiir+5PldYrkLCZVCBiEGID1yc
3OW6KHPNGU2+/0HMoxZGA5l6vodfSb857HpbpHeZX6hHNOMaT8wgA5cDnrwfG0mV
gA6gEn6IaL6eictB1Ll/JkLvTNxbLVt73Yk42NVbk3P2TWdXVoWl8LmqxhcH0nNf
P4scVFgx186KQk9zDgvYyXC6Cwj+7UkDs6YuwDCV0AtWm5cMe1WjSJuNUSv7F7+m
UtBG19Kxa1hnTtcRBZyzIY5CyZxgfSNTxxChNtDW53ZLLhwbo44Hs2+5/n0rVfhc
P3XKRn5PIaTr8q2Ug4r6XM73lB6FEvtBJ/Uhy1FWKu6YN2zxnvKITGYB/QIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFIgZlW3c6uAiz+Ej2jc8axEWQDaNMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM3Lzk4ODc2
OC1mMTdiLTRmNTktYmUwOS0yZGViMTRjMjkwZWQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzcvOTg4NzY4
LWYxN2ItNGY1OS1iZTA5LTJkZWIxNGMyOTBlZC8xL2lCbVZiZHpxNENMUDRTUGFO
enhyRVJaQU5vMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQF1G3gMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AgooMA0GCSqGSIb3DQEBCwUAA4IBAQAhaMyIcOZ7mZMuY1WDZ1AMQSD0BOjGqGM5
ZPyyV7rpIjdKkFnY6bwuy7g+dS7gy/v8mWLL+4MbKOa5VdKb2jmWhmehu6Iq3WSJ
BPJeJHHQK7uMkUD0mAdN93brNViAojin69+OQHUqhsC2PD9Pj7AhpZX9KaHuo5JP
bm/Xg6NUQxbpz1K1TyEJ9OezYEiXSSMAfaj5fxOVSS6T46UKmfnDO685vVGadAkD
zEEzT28ytpk/NuJ9h3t54D6YQPM+ZPBnn7rx1n19Nf93BIoXGsyYuW1dlpQcK80y
G5HTo7CyaGrwv/oqf59sLH1awvDL/Wzo25EW2JD9/V+90sgl1C3v
-----END CERTIFICATE-----