Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/jBPrj9nY20toqWnI_91IRoAqsKs.cer
File:                     jBPrj9nY20toqWnI_91IRoAqsKs.cer (raw, json)
Hash identifier:          Cgmyiq5vX5XMLXQzcHYDbwJz3EfhSk6FyWtrYoSuHqo=
Subject key identifier:   8C:13:EB:8F:D9:D8:DB:4B:68:A9:69:C8:FF:DD:48:46:80:2A:B0:AB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194258FAF00A4031FD1E8C6B6084DD64C1B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/18/8adf7e-2ded-424d-8951-e682bcb9a63a/1/jBPrj9nY20toqWnI_91IRoAqsKs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/18/8adf7e-2ded-424d-8951-e682bcb9a63a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 05:49:21 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 200856
                          IP: 2001:67c:b24::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:af:00:a4:03:1f:d1:e8:c6:b6:08:4d:d6:4c:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 05:49:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c13eb8fd9d8db4b68a969c8ffdd4846802ab0ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:41:4f:ff:bc:dc:ff:62:46:f5:e3:31:94:cc:
                    1b:36:d3:1f:d8:f1:5e:ba:39:73:91:3b:b6:9d:50:
                    b3:66:38:4d:69:ec:fd:46:2e:76:54:aa:10:41:f3:
                    00:02:d5:c4:8c:0a:92:12:19:f8:dd:df:ce:9d:3b:
                    e4:23:ca:3d:71:73:d9:67:6d:65:04:bf:c6:dc:49:
                    01:52:f2:a3:f3:2e:d5:bd:f7:01:77:8f:f7:e4:cf:
                    36:56:8e:1a:4e:0c:6c:c1:8b:2c:0d:31:36:13:79:
                    bf:44:a6:21:02:6f:82:51:57:3e:53:32:1c:72:d6:
                    ae:4e:bd:57:80:ca:7d:a9:51:89:87:e8:5f:a5:ec:
                    bc:e2:43:40:8a:60:e4:89:e8:e5:f4:0b:23:09:b7:
                    f7:a9:e7:1f:50:ef:78:ee:4f:1d:49:87:c2:4f:6d:
                    96:4b:42:25:ec:b0:2d:58:1c:53:3c:f9:4b:bd:0d:
                    d5:85:84:58:f5:cf:7a:81:ab:17:23:f2:4a:7b:01:
                    6f:54:b2:4c:c6:d7:28:5d:90:9e:6a:2e:59:c3:4d:
                    6e:f5:c2:e0:f2:cf:72:ef:90:ff:2e:4e:29:b0:8f:
                    cd:65:f1:92:a3:fa:b7:cf:88:4b:8a:60:28:ad:ee:
                    11:1f:36:ef:ae:20:8b:da:a9:7f:bd:ba:c9:28:11:
                    39:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:13:EB:8F:D9:D8:DB:4B:68:A9:69:C8:FF:DD:48:46:80:2A:B0:AB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/8adf7e-2ded-424d-8951-e682bcb9a63a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/8adf7e-2ded-424d-8951-e682bcb9a63a/1/jBPrj9nY20toqWnI_91IRoAqsKs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b24::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  200856

    Signature Algorithm: sha256WithRSAEncryption
         5b:79:55:f0:41:91:73:2b:04:de:6f:99:84:74:f3:19:28:07:
         a4:19:4e:50:bf:0b:b3:d2:59:ba:98:7e:42:7a:21:3b:66:a3:
         1f:b8:30:9e:35:73:8c:b3:08:ae:2b:b6:55:6d:73:ce:a9:16:
         53:53:f6:a0:e1:a3:af:25:05:dc:ab:d2:8d:3c:db:c1:c3:54:
         08:0c:28:aa:9d:87:ce:2c:57:3d:c1:54:c5:b4:e3:9c:cd:a4:
         b2:1a:80:79:44:f3:95:02:37:52:aa:1d:82:e6:27:17:39:74:
         57:ac:5c:ec:68:f3:0f:5b:ee:fc:45:7e:a3:2c:a1:6d:59:48:
         4e:9b:16:50:fe:22:c0:59:36:f6:13:3b:49:ef:72:c2:d2:fc:
         d6:48:7e:78:37:ec:e5:f4:66:6f:a0:7b:b1:4a:66:09:54:75:
         df:27:ae:1c:ea:d3:32:5c:a6:0a:2a:5b:87:bb:b7:2c:92:7f:
         6d:6f:0d:42:82:a8:c2:69:1c:ac:8d:75:b0:47:82:1b:8e:02:
         b0:7d:0f:43:9b:5b:7a:9e:39:40:e3:3e:68:a0:62:a3:3b:20:
         38:1a:bf:88:cb:58:55:c0:81:6b:cf:94:13:94:ca:31:58:8a:
         90:e9:73:13:98:8c:88:39:08:b7:f5:61:df:bf:80:ab:5c:a0:
         81:76:44:e4
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZQlj68ApAMf0ejGtghN1kwbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDU0OTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzEzZWI4ZmQ5ZDhkYjRiNjhhOTY5YzhmZmRkNDg0NjgwMmFiMGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUFP/7zc/2JG9eMxlMwbNtMf2PFe
ujlzkTu2nVCzZjhNaez9Ri52VKoQQfMAAtXEjAqSEhn43d/OnTvkI8o9cXPZZ21l
BL/G3EkBUvKj8y7VvfcBd4/35M82Vo4aTgxswYssDTE2E3m/RKYhAm+CUVc+UzIc
ctauTr1XgMp9qVGJh+hfpey84kNAimDkiejl9AsjCbf3qecfUO947k8dSYfCT22W
S0Il7LAtWBxTPPlLvQ3VhYRY9c96gasXI/JKewFvVLJMxtcoXZCeai5Zw01u9cLg
8s9y75D/Lk4psI/NZfGSo/q3z4hLimAore4RHzbvriCL2ql/vbrJKBE55QIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFIwT64/Z2NtLaKlpyP/dSEaAKrCrMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE4LzhhZGY3
ZS0yZGVkLTQyNGQtODk1MS1lNjgyYmNiOWE2M2EvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTgvOGFkZjdl
LTJkZWQtNDI0ZC04OTUxLWU2ODJiY2I5YTYzYS8xL2pCUHJqOW5ZMjB0b3FXbklf
OTFJUm9BcXNLcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAskMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwMQmDANBgkqhkiG9w0BAQsFAAOCAQEAW3lV8EGRcysE3m+ZhHTzGSgHpBlO
UL8Ls9JZuph+QnohO2ajH7gwnjVzjLMIriu2VW1zzqkWU1P2oOGjryUF3KvSjTzb
wcNUCAwoqp2HzixXPcFUxbTjnM2kshqAeUTzlQI3UqodguYnFzl0V6xc7GjzD1vu
/EV+oyyhbVlITpsWUP4iwFk29hM7Se9ywtL81kh+eDfs5fRmb6B7sUpmCVR13yeu
HOrTMlymCipbh7u3LJJ/bW8NQoKowmkcrI11sEeCG44CsH0PQ5tbep45QOM+aKBi
ozsgOBq/iMtYVcCBa8+UE5TKMViKkOlzE5iMiDkIt/Vh37+Aq1yggXZE5A==
-----END CERTIFICATE-----