Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/iZFbtGEcVfYprTpMz-NXwECh3BI.cer
File:                     iZFbtGEcVfYprTpMz-NXwECh3BI.cer (raw, json)
Hash identifier:          KGesnoRPkmbwTz8NEzyjaBmtoRgCcvyWuHgw11fKP6I=
Subject key identifier:   89:91:5B:B4:61:1C:55:F6:29:AD:3A:4C:CF:E3:57:C0:40:A1:DC:12
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941F8CA852592CD556E09772ECAD72DE88
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b0/74ac9d-2a53-4ae5-ba72-62afcb9972d7/1/iZFbtGEcVfYprTpMz-NXwECh3BI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b0/74ac9d-2a53-4ae5-ba72-62afcb9972d7/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 01:48:19 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 199344
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:a8:52:59:2c:d5:56:e0:97:72:ec:ad:72:de:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=89915bb4611c55f629ad3a4ccfe357c040a1dc12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:80:1a:ac:60:c2:16:a1:2b:9f:0f:5b:53:8e:
                    18:b9:29:53:d3:af:77:b0:41:83:67:61:93:93:db:
                    83:d1:c6:df:da:78:a0:a4:15:9b:e3:88:bb:93:2e:
                    0a:04:34:69:08:c5:2f:72:fe:d9:b1:7e:64:cb:d1:
                    41:6b:16:d4:f4:52:b2:1e:28:74:0d:e5:43:31:36:
                    d8:bc:35:1c:44:6b:a4:69:41:55:68:cf:1a:1f:0f:
                    ff:e7:f4:b1:b1:01:73:19:4e:e7:23:f6:77:65:f8:
                    aa:89:f5:03:5b:1d:73:43:60:9a:d5:96:17:14:b2:
                    1a:44:15:49:64:cd:73:ee:2a:17:1d:88:0f:f1:a2:
                    13:30:3b:f3:e0:b2:04:42:a0:bb:55:fc:d7:3d:41:
                    3a:be:50:44:4e:8d:7b:c5:08:d0:25:44:81:f6:0b:
                    82:f9:8a:9d:27:98:d6:4c:a5:cd:69:1f:86:a3:1a:
                    44:49:7f:38:14:51:43:44:e0:74:93:c3:99:2a:4c:
                    fb:15:a1:66:4f:19:0f:f8:86:b3:b2:8e:80:ec:5a:
                    2c:29:82:f6:0a:83:50:da:48:e6:e2:4f:84:81:3d:
                    4c:28:16:96:2b:60:06:da:af:d6:f1:e6:2f:78:c3:
                    12:1e:fe:6a:fe:c0:7f:20:56:6c:74:9a:40:ed:c9:
                    06:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:91:5B:B4:61:1C:55:F6:29:AD:3A:4C:CF:E3:57:C0:40:A1:DC:12
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/74ac9d-2a53-4ae5-ba72-62afcb9972d7/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/74ac9d-2a53-4ae5-ba72-62afcb9972d7/1/iZFbtGEcVfYprTpMz-NXwECh3BI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  199344

    Signature Algorithm: sha256WithRSAEncryption
         9a:a8:02:23:70:85:32:54:b9:48:ed:93:82:7c:b6:2f:82:7f:
         e5:8c:14:34:ff:91:19:1d:fc:a2:14:8d:4b:04:46:77:e5:c2:
         96:6f:90:02:38:ac:53:18:58:c9:95:95:8e:08:d4:10:7a:25:
         af:11:88:ff:33:20:ad:5a:2e:44:98:ca:31:b5:67:3e:89:cc:
         cc:45:dd:39:15:1a:00:6f:ef:ba:42:37:96:12:68:56:cf:c5:
         7c:6e:a2:5e:c0:e4:38:c0:6d:87:41:da:90:2f:46:fd:68:8e:
         e7:bc:af:3c:8a:e0:b5:e5:9e:5a:32:e8:d8:09:8b:e6:71:f1:
         2a:45:b8:98:a4:1f:a0:54:8a:7a:8c:8f:81:a6:5d:ec:a1:2a:
         06:a7:ca:f8:a9:17:ac:85:43:2e:3f:6f:a7:a3:da:a4:29:6d:
         46:ae:03:8a:10:63:12:3e:90:27:9c:bc:c2:d8:ed:ba:84:c0:
         a4:d5:25:07:53:c1:56:df:50:48:9f:24:d9:db:f7:4f:0f:af:
         cf:59:29:af:9c:f6:f6:36:93:9b:9c:20:87:3e:ea:58:90:22:
         af:57:ae:3b:bf:7d:5a:c7:64:d4:02:e9:9d:f4:a7:c5:c7:f4:
         46:2a:9d:c9:f1:31:86:f6:41:e3:c9:4a:75:e6:5e:b4:b7:1e:
         e9:8d:c2:7b
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQfjKhSWSzVVuCXcuytct6IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDE0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTkxNWJiNDYxMWM1NWY2MjlhZDNhNGNjZmUzNTdjMDQwYTFkYzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4AarGDCFqErnw9bU44YuSlT0693
sEGDZ2GTk9uD0cbf2nigpBWb44i7ky4KBDRpCMUvcv7ZsX5ky9FBaxbU9FKyHih0
DeVDMTbYvDUcRGukaUFVaM8aHw//5/SxsQFzGU7nI/Z3ZfiqifUDWx1zQ2Ca1ZYX
FLIaRBVJZM1z7ioXHYgP8aITMDvz4LIEQqC7VfzXPUE6vlBETo17xQjQJUSB9guC
+YqdJ5jWTKXNaR+GoxpESX84FFFDROB0k8OZKkz7FaFmTxkP+Iazso6A7FosKYL2
CoNQ2kjm4k+EgT1MKBaWK2AG2q/W8eYveMMSHv5q/sB/IFZsdJpA7ckGyQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFImRW7RhHFX2Ka06TM/jV8BAodwSMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2IwLzc0YWM5
ZC0yYTUzLTRhZTUtYmE3Mi02MmFmY2I5OTcyZDcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjAvNzRhYzlk
LTJhNTMtNGFlNS1iYTcyLTYyYWZjYjk5NzJkNy8xL2laRmJ0R0VjVmZZcHJUcE16
LU5Yd0VDaDNCSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMKsDANBgkqhkiG9w0BAQsFAAOCAQEAmqgCI3CFMlS5
SO2Tgny2L4J/5YwUNP+RGR38ohSNSwRGd+XClm+QAjisUxhYyZWVjgjUEHolrxGI
/zMgrVouRJjKMbVnPonMzEXdORUaAG/vukI3lhJoVs/FfG6iXsDkOMBth0HakC9G
/WiO57yvPIrgteWeWjLo2AmL5nHxKkW4mKQfoFSKeoyPgaZd7KEqBqfK+KkXrIVD
Lj9vp6PapCltRq4DihBjEj6QJ5y8wtjtuoTApNUlB1PBVt9QSJ8k2dv3Tw+vz1kp
r5z29jaTm5wghz7qWJAir1euO799Wsdk1ALpnfSnxcf0RiqdyfExhvZB48lKdeZe
tLce6Y3Cew==
-----END CERTIFICATE-----