Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/kFHan04DQdDI3l6sVMY6EenvW18.cer
File:                     kFHan04DQdDI3l6sVMY6EenvW18.cer (raw, json)
Hash identifier:          +J73vaxoTtBA711m+hGk9gpm9nV6VlII+PhAOlqjerY=
Subject key identifier:   90:51:DA:9F:4E:03:41:D0:C8:DE:5E:AC:54:C6:3A:11:E9:EF:5B:5F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019422FAFB8C5FCF2F92B34E5E88832C3F1C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/26/3bc1c4-2b7b-40ee-9181-9b34428ed424/1/kFHan04DQdDI3l6sVMY6EenvW18.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/26/3bc1c4-2b7b-40ee-9181-9b34428ed424/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 17:47:41 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 193.41.71.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fa:fb:8c:5f:cf:2f:92:b3:4e:5e:88:83:2c:3f:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 17:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9051da9f4e0341d0c8de5eac54c63a11e9ef5b5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:4f:17:5b:47:e7:bf:06:a1:a6:d8:da:ae:56:
                    eb:1e:ed:3d:b2:9b:49:28:cd:20:70:19:9c:da:4e:
                    8b:c5:1e:50:9f:ba:8b:41:52:ed:09:6f:17:d0:8a:
                    92:0d:21:71:c1:61:bc:2e:d9:16:40:89:60:3c:3d:
                    43:94:25:b3:48:d6:a9:a2:21:f0:ae:57:fe:5c:63:
                    a3:15:52:7d:b2:ac:3f:90:24:8d:e7:1e:8a:64:25:
                    b6:e6:5a:70:b6:94:69:f0:8f:30:5f:a6:b3:a7:6e:
                    9c:30:f2:92:1b:15:4c:91:a0:3f:aa:fb:9e:6f:c4:
                    25:62:a9:76:4a:c7:c1:ec:51:a9:44:b9:70:ac:bd:
                    29:1a:55:02:99:45:5e:ba:26:e4:2a:7e:40:29:7d:
                    4c:96:1e:ee:d8:e6:e2:3d:e6:eb:6d:01:e6:f3:37:
                    7f:16:9f:f7:08:c5:39:1a:88:ea:cf:2a:8b:cf:cc:
                    6e:a8:89:56:20:45:7a:b5:ed:62:08:54:c4:cb:11:
                    2f:67:82:fc:be:55:ce:b8:a5:ca:58:b5:c8:0d:cf:
                    64:e1:42:c1:25:6e:9e:76:7c:0e:93:e9:6c:22:57:
                    c4:08:8c:94:70:0d:90:b4:e5:fa:8c:e1:5f:91:c6:
                    4f:ef:2a:f1:e5:ec:25:7a:9a:37:05:ab:9b:46:a0:
                    7a:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:51:DA:9F:4E:03:41:D0:C8:DE:5E:AC:54:C6:3A:11:E9:EF:5B:5F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bc1c4-2b7b-40ee-9181-9b34428ed424/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bc1c4-2b7b-40ee-9181-9b34428ed424/1/kFHan04DQdDI3l6sVMY6EenvW18.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:1b:84:bb:5a:73:a1:89:76:d6:33:d9:b6:91:a3:9e:78:e4:
         79:65:d3:25:65:ee:b6:cb:45:e4:f4:93:c8:7a:13:e6:a1:45:
         80:72:1d:b9:b2:d8:07:0f:f7:23:07:4b:50:d9:e1:55:6c:61:
         68:9d:69:99:f4:d7:1e:94:9c:51:45:84:29:7a:32:b2:e3:6c:
         57:7e:26:dc:92:e2:f0:dc:79:4e:98:9d:59:0c:ec:5f:f3:07:
         3d:06:5b:e2:3d:83:db:e1:02:8c:f5:1a:e5:8e:83:d1:2e:6a:
         a7:92:c9:7e:2c:88:9e:71:ed:24:f2:52:4e:99:fc:31:2d:45:
         9d:3c:5c:3a:26:22:b7:0f:fd:b4:63:51:a4:aa:7c:50:b8:64:
         59:e1:09:30:06:8b:da:52:5c:be:d1:32:46:d8:53:4a:78:d7:
         35:df:29:07:0f:a7:96:eb:f0:a0:fd:59:2c:e1:c5:9f:40:f2:
         09:d9:5e:0d:64:97:1b:47:5d:2e:a0:2b:5c:31:50:dc:61:22:
         2b:0d:bc:0d:3f:8e:d0:f6:6e:bf:ef:f9:c2:cf:6b:b6:a9:c9:
         c6:13:c4:6f:c9:06:cd:51:97:55:03:11:8e:3a:e5:66:e2:24:
         f6:61:cc:0c:95:12:1f:90:d4:4f:79:b8:01:9f:8b:35:e0:9c:
         33:9f:d6:01
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQi+vuMX88vkrNOXoiDLD8cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTc0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDUxZGE5ZjRlMDM0MWQwYzhkZTVlYWM1NGM2M2ExMWU5ZWY1YjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu08XW0fnvwahptjarlbrHu09sptJ
KM0gcBmc2k6LxR5Qn7qLQVLtCW8X0IqSDSFxwWG8LtkWQIlgPD1DlCWzSNapoiHw
rlf+XGOjFVJ9sqw/kCSN5x6KZCW25lpwtpRp8I8wX6azp26cMPKSGxVMkaA/qvue
b8QlYql2SsfB7FGpRLlwrL0pGlUCmUVeuibkKn5AKX1Mlh7u2ObiPebrbQHm8zd/
Fp/3CMU5GojqzyqLz8xuqIlWIEV6te1iCFTEyxEvZ4L8vlXOuKXKWLXIDc9k4ULB
JW6ednwOk+lsIlfECIyUcA2QtOX6jOFfkcZP7yrx5ewlepo3BaubRqB6fwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFJBR2p9OA0HQyN5erFTGOhHp71tfMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzI2LzNiYzFj
NC0yYjdiLTQwZWUtOTE4MS05YjM0NDI4ZWQ0MjQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjYvM2JjMWM0
LTJiN2ItNDBlZS05MTgxLTliMzQ0MjhlZDQyNC8xL2tGSGFuMDREUWRESTNsNnNW
TVk2RWVudlcxOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwSlHMA0GCSqGSIb3DQEBCwUAA4IBAQBgG4S7
WnOhiXbWM9m2kaOeeOR5ZdMlZe62y0Xk9JPIehPmoUWAch25stgHD/cjB0tQ2eFV
bGFonWmZ9NcelJxRRYQpejKy42xXfibckuLw3HlOmJ1ZDOxf8wc9BlviPYPb4QKM
9RrljoPRLmqnksl+LIiece0k8lJOmfwxLUWdPFw6JiK3D/20Y1GkqnxQuGRZ4Qkw
BovaUly+0TJG2FNKeNc13ykHD6eW6/Cg/Vks4cWfQPIJ2V4NZJcbR10uoCtcMVDc
YSIrDbwNP47Q9m6/7/nCz2u2qcnGE8RvyQbNUZdVAxGOOuVm4iT2YcwMlRIfkNRP
ebgBn4s14Jwzn9YB
-----END CERTIFICATE-----