Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/jm11tOSYb6zLYUszTkXV4Dk1Kpw.cer
File:                     jm11tOSYb6zLYUszTkXV4Dk1Kpw.cer (raw, json)
Hash identifier:          skEiAd9btugOkMlMf+iv92Vr4vTy1eZIju3eZJaYEnY=
Subject key identifier:   8E:6D:75:B4:E4:98:6F:AC:CB:61:4B:33:4E:45:D5:E0:39:35:2A:9C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019426D920459EA720721328ADE52B7551F9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f9/aca994-f3c0-45a4-a642-6d7602d24c83/1/jm11tOSYb6zLYUszTkXV4Dk1Kpw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f9/aca994-f3c0-45a4-a642-6d7602d24c83/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 11:49:11 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 20691
                          IP: 91.209.188.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:20:45:9e:a7:20:72:13:28:ad:e5:2b:75:51:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 11:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e6d75b4e4986faccb614b334e45d5e039352a9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:e6:c7:29:07:1b:fa:8e:c1:6a:81:67:53:1a:
                    bd:8c:78:f4:a5:d2:6a:f8:63:a6:d1:de:54:af:d3:
                    36:16:d7:df:1a:97:44:45:88:a6:26:c6:76:2a:d5:
                    25:a9:e7:5b:9d:52:fa:6a:82:72:b4:65:36:76:1a:
                    f9:c1:a1:2b:b6:bf:a8:f2:fb:b2:f0:65:ec:bd:5b:
                    cf:f7:eb:ec:30:6a:71:29:12:70:e3:62:bb:18:fb:
                    d9:18:60:ec:1f:c2:87:c8:da:56:81:da:bb:48:b0:
                    dd:b2:16:77:27:e0:20:e8:85:4e:88:89:3e:0a:f0:
                    43:53:b4:81:d1:ab:87:f6:c9:8c:1a:c5:33:ee:32:
                    d6:72:a1:b4:54:28:dc:48:b6:3e:ef:9a:21:5d:7d:
                    b9:3b:89:2e:2f:36:44:16:11:f9:b7:f1:cb:03:28:
                    21:eb:e1:db:d2:a2:4b:e3:92:40:e3:55:5e:e4:52:
                    d3:ee:3d:ee:71:76:9e:30:dc:fc:68:3c:fc:4b:8c:
                    1c:79:39:46:db:d5:25:1d:33:a4:95:cc:c6:69:10:
                    e4:e3:59:86:47:40:55:7a:d9:61:34:94:02:03:46:
                    d9:02:50:6f:75:eb:4c:68:a6:5f:fe:35:2b:c6:81:
                    72:38:87:6e:6e:12:b0:32:91:a1:4d:a0:59:29:d5:
                    29:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:6D:75:B4:E4:98:6F:AC:CB:61:4B:33:4E:45:D5:E0:39:35:2A:9C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/aca994-f3c0-45a4-a642-6d7602d24c83/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/aca994-f3c0-45a4-a642-6d7602d24c83/1/jm11tOSYb6zLYUszTkXV4Dk1Kpw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.188.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  20691

    Signature Algorithm: sha256WithRSAEncryption
         91:16:b6:4e:d3:1c:33:b3:77:21:65:4a:9c:9e:c9:7a:e7:42:
         25:3b:2f:54:3c:8d:a5:e0:7b:1b:6a:36:f8:cb:82:e3:c6:c6:
         f1:d5:9f:0e:10:b3:0a:fd:18:fd:fb:79:be:6d:89:07:e6:8c:
         3b:f7:88:e6:7f:ef:20:cd:4b:dd:ba:18:45:40:10:e6:36:77:
         80:7e:6b:cd:b6:3a:ca:7c:8f:ec:e4:4e:e8:d5:05:c8:93:5b:
         4e:31:48:8f:47:4e:27:ab:ff:b2:43:c2:f1:88:cb:ef:f2:e1:
         b7:aa:4d:6d:4e:34:67:0f:c1:0c:81:c3:57:84:dd:73:bd:ed:
         9d:5d:fc:96:d7:4c:26:d8:ba:ae:47:b2:0a:42:43:89:3e:16:
         e2:28:f8:90:d8:3f:4e:c2:f0:9b:92:c4:11:c1:3d:f7:0e:a6:
         d9:b2:c8:89:66:f2:3e:4f:41:41:66:52:a7:00:16:c3:4c:fe:
         48:78:8f:ee:ca:47:41:93:96:5d:5c:eb:c2:87:9d:33:7d:6d:
         89:0a:57:1a:91:5c:84:c4:a7:6d:d5:b6:62:fe:fe:73:0f:59:
         07:77:d9:9c:2b:1b:b9:c6:eb:7c:65:f6:e8:5f:13:ca:f6:2a:
         54:2b:2e:95:19:ad:e1:29:72:67:4c:8b:31:7b:a2:b5:88:f9:
         9d:1a:83:5e
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAZQm2SBFnqcgchMoreUrdVH5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTE0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTZkNzViNGU0OTg2ZmFjY2I2MTRiMzM0ZTQ1ZDVlMDM5MzUyYTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ebHKQcb+o7BaoFnUxq9jHj0pdJq
+GOm0d5Ur9M2FtffGpdERYimJsZ2KtUlqedbnVL6aoJytGU2dhr5waErtr+o8vuy
8GXsvVvP9+vsMGpxKRJw42K7GPvZGGDsH8KHyNpWgdq7SLDdshZ3J+Ag6IVOiIk+
CvBDU7SB0auH9smMGsUz7jLWcqG0VCjcSLY+75ohXX25O4kuLzZEFhH5t/HLAygh
6+Hb0qJL45JA41Ve5FLT7j3ucXaeMNz8aDz8S4wceTlG29UlHTOklczGaRDk41mG
R0BVetlhNJQCA0bZAlBvdetMaKZf/jUrxoFyOIdubhKwMpGhTaBZKdUpyQIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFI5tdbTkmG+sy2FLM05F1eA5NSqcMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y5L2FjYTk5
NC1mM2MwLTQ1YTQtYTY0Mi02ZDc2MDJkMjRjODMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjkvYWNhOTk0
LWYzYzAtNDVhNC1hNjQyLTZkNzYwMmQyNGM4My8xL2ptMTF0T1NZYjZ6TFlVc3pU
a1hWNERrMUtwdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9G8MBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AlDTMA0GCSqGSIb3DQEBCwUAA4IBAQCRFrZO0xwzs3chZUqcnsl650IlOy9UPI2l
4Hsbajb4y4Ljxsbx1Z8OELMK/Rj9+3m+bYkH5ow794jmf+8gzUvduhhFQBDmNneA
fmvNtjrKfI/s5E7o1QXIk1tOMUiPR04nq/+yQ8LxiMvv8uG3qk1tTjRnD8EMgcNX
hN1zve2dXfyW10wm2LquR7IKQkOJPhbiKPiQ2D9OwvCbksQRwT33DqbZssiJZvI+
T0FBZlKnABbDTP5IeI/uykdBk5ZdXOvCh50zfW2JClcakVyExKdt1bZi/v5zD1kH
d9mcKxu5xut8ZfboXxPK9ipUKy6VGa3hKXJnTIsxe6K1iPmdGoNe
-----END CERTIFICATE-----