Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/kYngbIh9P-3oj3F7_6Q8jMhmx6U.cer
File:                     kYngbIh9P-3oj3F7_6Q8jMhmx6U.cer (raw, json)
Hash identifier:          4I6+1PIQotFqMjFLBsSSSPteRUlvM1UwlR6jLoc8SGs=
Subject key identifier:   91:89:E0:6C:88:7D:3F:ED:E8:8F:71:7B:FF:A4:3C:8C:C8:66:C7:A5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019685BA2D2E7C62FFF531E5FE66BF30BF74
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ee/3d3a33-61d9-4996-819c-d97a54cb39e1/1/kYngbIh9P-3oj3F7_6Q8jMhmx6U.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ee/3d3a33-61d9-4996-819c-d97a54cb39e1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 30 Apr 2025 08:04:53 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 198.212.39.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:85:ba:2d:2e:7c:62:ff:f5:31:e5:fe:66:bf:30:bf:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr 30 08:04:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9189e06c887d3fede88f717bffa43c8cc866c7a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b9:42:c3:f8:a5:16:66:65:5a:cf:24:7a:21:
                    05:12:43:cc:a0:f8:be:2d:37:36:42:27:d6:31:3d:
                    6d:41:b5:20:1b:fa:3e:52:48:eb:55:3d:39:84:51:
                    96:e0:fe:d1:2d:c6:0b:3b:1b:6f:d8:d7:94:73:f9:
                    03:da:4d:15:c5:c5:13:aa:cc:ae:44:0e:0b:19:40:
                    74:2f:58:a6:62:f2:a4:63:cd:22:de:ca:9a:65:2e:
                    1e:7d:e9:61:83:07:c9:7e:2c:c2:17:9a:15:03:1b:
                    0e:cb:4d:7e:b9:3d:19:1c:b1:e0:04:14:a5:69:cd:
                    30:cb:55:70:e5:9d:4f:7b:64:8e:32:9f:53:85:82:
                    e7:fd:35:d8:d1:53:ef:80:c5:ef:b9:47:49:c9:21:
                    6c:4a:07:7f:d8:90:7b:28:23:3c:68:51:00:cb:c3:
                    45:04:d5:fc:ee:54:66:85:42:60:15:b5:4d:96:a6:
                    f4:02:33:6e:9c:1c:65:5e:b9:da:27:95:c6:e5:5c:
                    e2:1b:f0:df:73:f7:6f:7e:94:b4:75:6f:ed:8f:74:
                    cc:d7:21:bd:10:4f:4b:ea:ae:c5:06:39:c5:ba:c6:
                    b5:3f:7b:07:dd:c1:6e:aa:0f:09:c3:0a:16:4a:20:
                    a3:4e:1e:fc:2d:0f:f6:5c:1a:63:74:e4:e1:b9:43:
                    c4:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:89:E0:6C:88:7D:3F:ED:E8:8F:71:7B:FF:A4:3C:8C:C8:66:C7:A5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/3d3a33-61d9-4996-819c-d97a54cb39e1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/3d3a33-61d9-4996-819c-d97a54cb39e1/1/kYngbIh9P-3oj3F7_6Q8jMhmx6U.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.212.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:c2:86:7b:f3:e3:9e:c9:2c:06:f8:3a:71:be:64:a9:30:d2:
         b7:e4:ab:5b:0a:11:39:67:d1:4a:a1:82:61:7b:a7:92:29:e9:
         6a:a9:98:33:96:ff:d7:bc:06:10:05:91:90:d4:e2:93:b8:69:
         e7:9e:17:5d:98:e9:05:93:c1:b3:65:98:69:e7:d6:f3:17:0b:
         3d:29:6b:60:ba:7d:7d:fa:cb:73:6b:94:56:70:12:53:92:30:
         ba:e7:30:8d:36:5f:c6:ad:25:33:48:c4:60:cb:d0:fb:11:df:
         1e:64:25:e3:a0:04:71:9d:b5:55:26:35:c2:06:70:be:be:8b:
         5d:33:d3:4f:72:96:17:94:a3:a4:6b:09:f4:e3:72:3d:35:51:
         b0:f2:3e:dc:4c:cf:6f:be:ad:93:fd:a8:f6:4e:02:45:0d:1f:
         80:5a:dc:0c:40:8a:4a:4d:98:b8:e2:47:72:03:a6:c5:4a:83:
         4c:03:44:72:f9:4e:e9:2b:29:ff:a1:3e:0d:09:fe:91:d7:ab:
         be:d4:21:a8:9d:3e:41:3c:0f:6c:1a:4c:af:02:71:34:7d:f6:
         6a:49:25:9a:48:40:d4:a0:fd:f0:13:b3:3d:fb:61:4f:88:b8:
         7d:0f:a8:ce:c1:1f:55:62:24:ce:65:f7:0f:a0:9c:c0:d9:1a:
         fc:80:58:48
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZaFui0ufGL/9THl/ma/ML90MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNDMwMDgwNDUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTg5ZTA2Yzg4N2QzZmVkZTg4ZjcxN2JmZmE0M2M4Y2M4NjZjN2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7lCw/ilFmZlWs8keiEFEkPMoPi+
LTc2QifWMT1tQbUgG/o+UkjrVT05hFGW4P7RLcYLOxtv2NeUc/kD2k0VxcUTqsyu
RA4LGUB0L1imYvKkY80i3sqaZS4efelhgwfJfizCF5oVAxsOy01+uT0ZHLHgBBSl
ac0wy1Vw5Z1Pe2SOMp9ThYLn/TXY0VPvgMXvuUdJySFsSgd/2JB7KCM8aFEAy8NF
BNX87lRmhUJgFbVNlqb0AjNunBxlXrnaJ5XG5VziG/Dfc/dvfpS0dW/tj3TM1yG9
EE9L6q7FBjnFusa1P3sH3cFuqg8JwwoWSiCjTh78LQ/2XBpjdOThuUPElQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFJGJ4GyIfT/t6I9xe/+kPIzIZselMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VlLzNkM2Ez
My02MWQ5LTQ5OTYtODE5Yy1kOTdhNTRjYjM5ZTEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWUvM2QzYTMz
LTYxZDktNDk5Ni04MTljLWQ5N2E1NGNiMzllMS8xL2tZbmdiSWg5UC0zb2ozRjdf
NlE4ak1obXg2VS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAxtQnMA0GCSqGSIb3DQEBCwUAA4IBAQBIwoZ7
8+OeySwG+DpxvmSpMNK35KtbChE5Z9FKoYJhe6eSKelqqZgzlv/XvAYQBZGQ1OKT
uGnnnhddmOkFk8GzZZhp59bzFws9KWtgun19+stza5RWcBJTkjC65zCNNl/GrSUz
SMRgy9D7Ed8eZCXjoARxnbVVJjXCBnC+votdM9NPcpYXlKOkawn043I9NVGw8j7c
TM9vvq2T/aj2TgJFDR+AWtwMQIpKTZi44kdyA6bFSoNMA0Ry+U7pKyn/oT4NCf6R
16u+1CGonT5BPA9sGkyvAnE0ffZqSSWaSEDUoP3wE7M9+2FPiLh9D6jOwR9VYiTO
ZfcPoJzA2Rr8gFhI
-----END CERTIFICATE-----