Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ikHi8tFFLnxMwH2_p4OdWN9X8hg.cer
File:                     ikHi8tFFLnxMwH2_p4OdWN9X8hg.cer (raw, json)
Hash identifier:          dqpsTUJeYo7X6J1gZOEKp4L4rJQ8sHNJqQs3wFHbIdw=
Subject key identifier:   8A:41:E2:F2:D1:45:2E:7C:4C:C0:7D:BF:A7:83:9D:58:DF:57:F2:18
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019427B54510D2DE10D23086A91E974B9140
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a0/bf69c4-d64a-4340-9bf1-364854cbc0e8/1/ikHi8tFFLnxMwH2_p4OdWN9X8hg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a0/bf69c4-d64a-4340-9bf1-364854cbc0e8/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 15:49:38 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 50197
                          IP: 193.104.59.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:45:10:d2:de:10:d2:30:86:a9:1e:97:4b:91:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 15:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a41e2f2d1452e7c4cc07dbfa7839d58df57f218
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:bc:ba:e4:e5:f9:e0:f6:c6:2e:bb:3b:ac:ea:
                    f5:64:d9:06:0b:f6:5a:19:a4:5b:a1:53:51:6e:6a:
                    8d:30:e7:0f:3a:68:5e:a8:bc:ef:d2:c7:61:e0:04:
                    94:72:e0:91:fe:3c:7a:a7:69:82:8b:1f:c5:82:b8:
                    0c:44:5a:e9:5d:44:71:08:e5:dd:ec:c6:1a:f5:bd:
                    4c:97:27:64:34:e5:48:3f:61:58:47:0b:fa:73:a1:
                    f6:71:71:6b:4e:3d:53:b9:48:eb:fb:ca:9c:9d:a9:
                    ec:9f:cc:e0:1d:d2:e2:0a:73:53:42:a6:84:43:b9:
                    02:41:80:fd:f5:4b:33:91:b4:d8:35:8c:46:31:83:
                    c1:49:f4:d6:12:78:32:db:68:e1:95:e7:76:73:fd:
                    9b:26:d4:81:f7:c4:6a:cf:1b:71:57:f3:64:3e:36:
                    72:c1:2d:7e:69:4c:02:6a:66:cb:29:34:22:66:a4:
                    50:e1:d6:18:58:44:64:e6:ca:4f:47:88:f4:11:42:
                    62:01:34:bc:49:30:78:24:7c:14:12:36:94:65:2a:
                    24:81:66:6e:35:c3:11:e4:29:a7:eb:12:ff:58:0d:
                    0f:48:2f:24:ba:2c:0d:68:60:8b:1d:96:4a:51:9b:
                    57:61:ef:97:42:18:e6:ac:b4:86:cd:52:a2:b1:cf:
                    ac:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:41:E2:F2:D1:45:2E:7C:4C:C0:7D:BF:A7:83:9D:58:DF:57:F2:18
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/bf69c4-d64a-4340-9bf1-364854cbc0e8/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/bf69c4-d64a-4340-9bf1-364854cbc0e8/1/ikHi8tFFLnxMwH2_p4OdWN9X8hg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.59.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  50197

    Signature Algorithm: sha256WithRSAEncryption
         80:02:f1:7b:ff:86:7f:c8:e9:22:7e:7f:42:d6:54:5b:df:8a:
         f9:10:95:f5:e9:b0:56:58:5f:ed:97:0f:56:03:1b:4c:fd:76:
         41:6e:1f:38:26:5e:38:23:75:f5:b3:41:1a:9c:1e:bb:38:eb:
         9e:4e:e3:be:25:d0:2f:2d:36:28:35:8a:38:27:ee:bf:8b:6f:
         d7:bc:9f:c8:bd:13:ca:38:ad:0c:28:f9:fa:ae:7a:5e:0c:76:
         1d:6f:54:7e:4d:18:54:33:8e:c6:dd:3c:48:de:a0:ed:c2:4d:
         d1:00:48:79:81:fe:2a:fa:31:91:c2:64:bd:0b:b2:24:81:48:
         b7:b8:cf:b4:bb:f6:bf:a4:d7:4f:fe:1f:d6:6b:1a:5e:0d:58:
         ce:45:04:7b:c7:44:1b:fb:bb:29:d8:fd:f9:8c:1b:5f:16:2d:
         f7:de:47:70:83:1e:af:37:e6:4b:50:3f:ff:ae:17:14:71:d9:
         9a:40:0b:c2:2f:d8:7f:f4:fe:a3:00:08:f6:d0:a2:f5:bf:9d:
         b0:1a:1e:e4:e7:13:6a:47:6d:95:c3:30:48:8d:48:1c:fd:be:
         b7:d1:fa:24:7c:ab:f5:8e:31:9a:fa:81:76:ed:45:20:34:24:
         9d:69:04:46:66:ae:d3:de:3e:34:8e:3e:e8:a4:ad:22:9b:01:
         1a:f2:27:ac
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQntUUQ0t4Q0jCGqR6XS5FAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTU0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTQxZTJmMmQxNDUyZTdjNGNjMDdkYmZhNzgzOWQ1OGRmNTdmMjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7y65OX54PbGLrs7rOr1ZNkGC/Za
GaRboVNRbmqNMOcPOmheqLzv0sdh4ASUcuCR/jx6p2mCix/FgrgMRFrpXURxCOXd
7MYa9b1MlydkNOVIP2FYRwv6c6H2cXFrTj1TuUjr+8qcnansn8zgHdLiCnNTQqaE
Q7kCQYD99UszkbTYNYxGMYPBSfTWEngy22jhled2c/2bJtSB98RqzxtxV/NkPjZy
wS1+aUwCambLKTQiZqRQ4dYYWERk5spPR4j0EUJiATS8STB4JHwUEjaUZSokgWZu
NcMR5Cmn6xL/WA0PSC8kuiwNaGCLHZZKUZtXYe+XQhjmrLSGzVKisc+sOwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFIpB4vLRRS58TMB9v6eDnVjfV/IYMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2EwL2JmNjlj
NC1kNjRhLTQzNDAtOWJmMS0zNjQ4NTRjYmMwZTgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTAvYmY2OWM0
LWQ2NGEtNDM0MC05YmYxLTM2NDg1NGNiYzBlOC8xL2lrSGk4dEZGTG54TXdIMl9w
NE9kV045WDhoZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwWg7MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDEFTANBgkqhkiG9w0BAQsFAAOCAQEAgALxe/+Gf8jpIn5/QtZUW9+K+RCV9emw
Vlhf7ZcPVgMbTP12QW4fOCZeOCN19bNBGpweuzjrnk7jviXQLy02KDWKOCfuv4tv
17yfyL0TyjitDCj5+q56Xgx2HW9Ufk0YVDOOxt08SN6g7cJN0QBIeYH+KvoxkcJk
vQuyJIFIt7jPtLv2v6TXT/4f1msaXg1YzkUEe8dEG/u7Kdj9+YwbXxYt995HcIMe
rzfmS1A//64XFHHZmkALwi/Yf/T+owAI9tCi9b+dsBoe5OcTakdtlcMwSI1IHP2+
t9H6JHyr9Y4xmvqBdu1FIDQknWkERmau094+NI4+6KStIpsBGvInrA==
-----END CERTIFICATE-----