Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ij8nyT77e7wLCv6OzCT3A50nUQg.cer
File:                     ij8nyT77e7wLCv6OzCT3A50nUQg.cer (raw, json)
Hash identifier:          f4NApQUX8Ka9h8hc+WBUK+OO11l3ZD5FrzLj1TMFAjM=
Subject key identifier:   8A:3F:27:C9:3E:FB:7B:BC:0B:0A:FE:8E:CC:24:F7:03:9D:27:51:08
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194236A20C06A5B11D0E64C4F271BD924CB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/44/2c9a24-8560-4307-acc7-ebf834fe9a15/1/ij8nyT77e7wLCv6OzCT3A50nUQg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/44/2c9a24-8560-4307-acc7-ebf834fe9a15/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 19:49:05 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 2001:67c:f00::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:20:c0:6a:5b:11:d0:e6:4c:4f:27:1b:d9:24:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 19:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a3f27c93efb7bbc0b0afe8ecc24f7039d275108
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:05:cd:67:a3:0f:87:f1:25:72:f8:00:86:ed:
                    9f:dc:7d:21:7b:a2:65:6b:8b:0e:56:35:a9:d5:ca:
                    7c:2c:7f:cf:cf:4b:8c:c3:d5:18:95:d6:bc:6f:f3:
                    6a:b8:5f:e5:f5:88:57:1c:ae:50:c8:b4:19:19:98:
                    fc:e0:80:99:e7:1c:16:02:1f:6b:47:20:9d:dc:f0:
                    07:d0:7f:21:30:f4:92:40:d0:2f:f1:f1:a1:2a:66:
                    15:86:be:64:f8:c4:16:98:ad:44:9f:45:45:96:1f:
                    8d:8d:e9:7b:af:ea:dd:da:5a:6b:16:45:ba:0a:e7:
                    e2:f9:00:d1:f0:e3:08:7f:ae:f7:ae:0b:40:45:37:
                    18:ad:67:95:ba:fd:7f:a5:20:51:e9:b6:a0:4f:13:
                    f9:74:e9:cd:9a:94:28:98:59:c0:a4:a2:2b:0e:ea:
                    94:06:49:c0:38:f9:1b:21:a7:88:cd:c4:f9:59:f1:
                    f4:b4:59:94:46:4a:7e:b7:be:9d:d8:ff:a1:9c:7b:
                    24:a5:06:74:7d:15:5a:a4:70:1f:ee:9e:9b:77:f1:
                    ee:bc:0f:2e:6c:9c:0a:c0:d5:c3:64:a7:4f:dc:62:
                    4f:53:b9:9b:c4:9f:cf:69:5c:57:03:75:11:c9:0a:
                    a5:3e:db:91:81:76:bc:84:20:33:48:0b:10:97:22:
                    25:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:3F:27:C9:3E:FB:7B:BC:0B:0A:FE:8E:CC:24:F7:03:9D:27:51:08
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/2c9a24-8560-4307-acc7-ebf834fe9a15/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/2c9a24-8560-4307-acc7-ebf834fe9a15/1/ij8nyT77e7wLCv6OzCT3A50nUQg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:f00::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:c1:65:27:1e:33:c7:87:55:f7:82:2a:0b:ee:92:62:82:84:
         af:3e:6b:7f:6b:d8:9c:5a:ee:46:61:a9:cf:ce:70:3a:bd:12:
         89:71:8c:d5:70:9e:2b:92:c8:35:70:3b:2a:08:81:30:0e:ca:
         e7:cf:d3:db:be:ee:65:0b:6e:12:93:9c:c7:07:29:f0:e8:f1:
         08:a6:06:ec:26:14:03:ec:f8:37:d8:11:dd:0f:e4:b7:36:83:
         91:6e:d1:70:37:17:ac:58:bd:88:15:44:58:f1:83:af:ab:02:
         ea:64:f2:47:47:1b:f8:22:2a:cd:7d:c0:a7:5c:f6:16:f9:f9:
         c9:4c:67:26:dd:36:34:2c:10:3b:2f:83:49:7d:84:a2:ba:99:
         7c:95:55:15:00:93:ea:52:bd:21:83:89:08:f4:7f:6f:4a:2f:
         13:b1:19:23:06:df:0a:a0:f1:ec:7a:8e:70:13:bc:dc:b7:7a:
         84:2d:f2:59:7f:34:83:11:0a:38:a7:5c:a3:64:2d:e6:35:af:
         2a:12:68:a2:05:c0:58:48:36:40:ad:72:63:2c:16:7e:ac:18:
         ca:c9:60:14:1d:48:05:76:f2:d1:4e:34:5d:b5:ed:9e:61:ee:
         4c:66:60:ff:6d:bf:88:ea:f8:26:0d:3b:0a:97:04:6e:39:10:
         b4:17:e8:55
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgISAZQjaiDAalsR0OZMTycb2STLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTk0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTNmMjdjOTNlZmI3YmJjMGIwYWZlOGVjYzI0ZjcwMzlkMjc1MTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgXNZ6MPh/ElcvgAhu2f3H0he6Jl
a4sOVjWp1cp8LH/Pz0uMw9UYlda8b/NquF/l9YhXHK5QyLQZGZj84ICZ5xwWAh9r
RyCd3PAH0H8hMPSSQNAv8fGhKmYVhr5k+MQWmK1En0VFlh+Njel7r+rd2lprFkW6
Cufi+QDR8OMIf673rgtARTcYrWeVuv1/pSBR6bagTxP5dOnNmpQomFnApKIrDuqU
BknAOPkbIaeIzcT5WfH0tFmURkp+t76d2P+hnHskpQZ0fRVapHAf7p6bd/HuvA8u
bJwKwNXDZKdP3GJPU7mbxJ/PaVxXA3URyQqlPtuRgXa8hCAzSAsQlyIldwIDAQAB
o4IChzCCAoMwHQYDVR0OBBYEFIo/J8k++3u8Cwr+jswk9wOdJ1EIMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ0LzJjOWEy
NC04NTYwLTQzMDctYWNjNy1lYmY4MzRmZTlhMTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDQvMmM5YTI0
LTg1NjAtNDMwNy1hY2M3LWViZjgzNGZlOWExNS8xL2lqOG55VDc3ZTd3TEN2Nk96
Q1QzQTUwblVRZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA8AMA0GCSqGSIb3DQEBCwUAA4IBAQAd
wWUnHjPHh1X3gioL7pJigoSvPmt/a9icWu5GYanPznA6vRKJcYzVcJ4rksg1cDsq
CIEwDsrnz9Pbvu5lC24Sk5zHBynw6PEIpgbsJhQD7Pg32BHdD+S3NoORbtFwNxes
WL2IFURY8YOvqwLqZPJHRxv4IirNfcCnXPYW+fnJTGcm3TY0LBA7L4NJfYSiupl8
lVUVAJPqUr0hg4kI9H9vSi8TsRkjBt8KoPHseo5wE7zct3qELfJZfzSDEQo4p1yj
ZC3mNa8qEmiiBcBYSDZArXJjLBZ+rBjKyWAUHUgFdvLRTjRdte2eYe5MZmD/bb+I
6vgmDTsKlwRuORC0F+hV
-----END CERTIFICATE-----