Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/jxpRl9YyTu7SVrJoYeGiSshjXTc.cer
File:                     jxpRl9YyTu7SVrJoYeGiSshjXTc.cer (raw, json)
Hash identifier:          Zl72r9/hjli1tzRHsS6xIdrI6mNlt5wdjRIG37ryE+w=
Subject key identifier:   8F:1A:51:97:D6:32:4E:EE:D2:56:B2:68:61:E1:A2:4A:C8:63:5D:37
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194258FADD2F3DE4D075013996937329F64
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8d/f15e4d-80c3-4ca0-8790-a4de9dff5ed2/1/jxpRl9YyTu7SVrJoYeGiSshjXTc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8d/f15e4d-80c3-4ca0-8790-a4de9dff5ed2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 05:49:20 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 214017
                          IP: 2001:67c:f3c::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:ad:d2:f3:de:4d:07:50:13:99:69:37:32:9f:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 05:49:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f1a5197d6324eeed256b26861e1a24ac8635d37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:a4:20:1e:2f:37:c6:10:b9:75:d9:af:21:30:
                    92:f5:d1:8a:1d:1e:fa:c8:68:8b:c0:29:81:cb:34:
                    a1:6f:65:93:66:5f:5d:e6:d4:27:37:b2:bb:e0:06:
                    ae:d9:98:8b:cc:fe:41:25:ab:0c:be:2b:06:a2:fa:
                    06:69:cb:e8:fc:95:d7:b6:d3:75:66:cd:e1:be:51:
                    5c:68:94:ad:46:17:ba:84:76:dc:ca:c5:f8:66:49:
                    20:f6:43:c3:7e:7a:af:17:41:10:3b:10:e9:25:da:
                    64:f7:a0:5d:8e:df:dd:88:a6:58:81:bc:8e:66:e0:
                    e9:f3:5a:dd:c5:3e:3d:00:ca:3c:6d:48:a6:6b:46:
                    ee:e1:ea:da:2b:ff:2d:6d:dc:d7:48:59:69:41:1a:
                    1e:d7:a5:91:0d:62:69:34:ba:42:c3:e3:3d:4c:6c:
                    c1:7e:ec:e0:b4:9e:49:13:8e:8a:ff:33:bf:95:60:
                    1f:92:90:73:0b:e0:73:33:9b:f5:9c:c5:e6:cc:42:
                    21:8c:9c:d7:cd:f5:bd:83:be:76:37:7b:87:85:54:
                    c6:f6:0e:78:58:ad:b5:d6:4b:62:01:a6:6b:42:13:
                    05:f2:6b:ba:25:d1:cc:1f:5d:85:e8:2f:ac:2c:d2:
                    d1:b3:20:80:eb:31:8a:f3:33:ab:2b:6c:5a:d8:4d:
                    9f:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:1A:51:97:D6:32:4E:EE:D2:56:B2:68:61:E1:A2:4A:C8:63:5D:37
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/f15e4d-80c3-4ca0-8790-a4de9dff5ed2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/f15e4d-80c3-4ca0-8790-a4de9dff5ed2/1/jxpRl9YyTu7SVrJoYeGiSshjXTc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:f3c::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214017

    Signature Algorithm: sha256WithRSAEncryption
         57:94:4c:55:de:66:e3:a4:3e:fd:cf:de:45:30:fe:35:94:3c:
         4e:08:ee:06:f6:42:4b:7e:42:a8:5c:38:05:a3:8e:63:be:4b:
         f6:13:9d:ea:67:94:af:18:b7:ae:96:a8:cf:d4:bd:db:51:aa:
         01:2d:08:de:30:fa:77:2f:66:2e:f9:ec:56:45:80:5d:32:f7:
         05:e8:67:50:96:5a:16:00:94:ef:02:5e:90:81:b8:19:48:d5:
         36:a4:f1:b9:1b:e6:d7:0a:7e:da:d6:72:a5:48:2e:a7:ee:10:
         78:b2:d2:71:a3:b6:96:00:80:4d:d0:a1:89:55:50:5a:9a:f5:
         f5:7f:06:38:76:a5:88:94:61:8d:22:df:69:26:b1:c0:1b:4e:
         40:2e:0d:4c:06:68:de:ed:b5:93:ef:7a:22:d5:93:f7:95:ca:
         78:5e:f6:26:1d:32:66:7d:cc:c0:15:86:7d:d8:9c:b1:60:74:
         f9:d2:ba:22:fc:d6:f7:3b:2d:df:7b:bb:bd:d3:ce:3a:03:61:
         d0:1b:a1:11:4f:c7:d8:6d:6a:01:68:0f:1c:d0:17:17:e3:f4:
         91:80:68:96:c4:e4:86:36:8f:5f:05:3b:5a:18:45:1d:c9:98:
         07:3a:5a:c0:0f:3d:e0:f3:cc:46:d7:56:ea:30:f4:41:71:bf:
         82:1c:d5:3d
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZQlj63S895NB1ATmWk3Mp9kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDU0OTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjFhNTE5N2Q2MzI0ZWVlZDI1NmIyNjg2MWUxYTI0YWM4NjM1ZDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqQgHi83xhC5ddmvITCS9dGKHR76
yGiLwCmByzShb2WTZl9d5tQnN7K74Aau2ZiLzP5BJasMvisGovoGacvo/JXXttN1
Zs3hvlFcaJStRhe6hHbcysX4Zkkg9kPDfnqvF0EQOxDpJdpk96Bdjt/diKZYgbyO
ZuDp81rdxT49AMo8bUima0bu4eraK/8tbdzXSFlpQRoe16WRDWJpNLpCw+M9TGzB
fuzgtJ5JE46K/zO/lWAfkpBzC+BzM5v1nMXmzEIhjJzXzfW9g752N3uHhVTG9g54
WK211ktiAaZrQhMF8mu6JdHMH12F6C+sLNLRsyCA6zGK8zOrK2xa2E2f2wIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFI8aUZfWMk7u0layaGHhokrIY103MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhkL2YxNWU0
ZC04MGMzLTRjYTAtODc5MC1hNGRlOWRmZjVlZDIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGQvZjE1ZTRk
LTgwYzMtNGNhMC04NzkwLWE0ZGU5ZGZmNWVkMi8xL2p4cFJsOVl5VHU3U1ZySm9Z
ZUdpU3NoalhUYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA88MBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwNEATANBgkqhkiG9w0BAQsFAAOCAQEAV5RMVd5m46Q+/c/eRTD+NZQ8Tgju
BvZCS35CqFw4BaOOY75L9hOd6meUrxi3rpaoz9S921GqAS0I3jD6dy9mLvnsVkWA
XTL3BehnUJZaFgCU7wJekIG4GUjVNqTxuRvm1wp+2tZypUgup+4QeLLScaO2lgCA
TdChiVVQWpr19X8GOHaliJRhjSLfaSaxwBtOQC4NTAZo3u21k+96ItWT95XKeF72
Jh0yZn3MwBWGfdicsWB0+dK6IvzW9zst33u7vdPOOgNh0BuhEU/H2G1qAWgPHNAX
F+P0kYBolsTkhjaPXwU7WhhFHcmYBzpawA894PPMRtdW6jD0QXG/ghzVPQ==
-----END CERTIFICATE-----