Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/knr31AfwRdvqgHcyZbBM5XTQt-M.cer
File:                     knr31AfwRdvqgHcyZbBM5XTQt-M.cer (raw, json)
Hash identifier:          +RVPmuS1mUpEjPlVZ9YlV1g67MdP/Y/FVjhpoTM1oyc=
Subject key identifier:   92:7A:F7:D4:07:F0:45:DB:EA:80:77:32:65:B0:4C:E5:74:D0:B7:E3
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019426D96FFCE07061F78D6C4982B70C931E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/58/6d5e29-af6e-4c8c-b0ad-516e0b30eb10/1/knr31AfwRdvqgHcyZbBM5XTQt-M.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/58/6d5e29-af6e-4c8c-b0ad-516e0b30eb10/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 11:49:31 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 192.104.140.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:6f:fc:e0:70:61:f7:8d:6c:49:82:b7:0c:93:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 11:49:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=927af7d407f045dbea80773265b04ce574d0b7e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:aa:6d:8f:e7:37:0a:2b:1e:61:75:be:0a:40:
                    4c:0d:3a:4a:4b:af:a3:bd:e8:d6:89:54:ae:ec:23:
                    1f:d3:30:19:a5:9d:08:ea:7a:50:e4:93:3c:c8:d9:
                    73:bc:d6:3c:58:07:fb:bf:33:9a:5b:fd:e2:a0:95:
                    6f:90:f0:82:ce:bc:0d:5c:6e:e8:61:ca:89:d5:6e:
                    5d:0c:c0:19:37:1d:0a:ec:44:46:34:2b:09:45:1c:
                    20:5c:94:d7:8d:59:d2:5a:5e:de:0b:d3:a8:53:24:
                    8e:31:31:a8:98:c6:2a:e0:23:0b:a5:aa:a1:33:c7:
                    1c:29:ce:ea:df:81:3e:88:4f:8a:be:a9:27:9b:0b:
                    18:59:0a:34:cd:40:75:2b:f5:fe:be:2d:17:19:71:
                    42:f5:68:7d:31:9b:1c:5c:55:99:33:85:d9:ee:f0:
                    0f:b8:a4:d8:da:05:6b:92:2b:45:c0:cc:0e:b8:68:
                    e7:20:0d:85:c3:d1:23:9b:15:9e:2b:19:58:40:c0:
                    ce:4a:08:35:25:ca:ce:d7:a3:86:35:c6:80:93:67:
                    b7:4c:84:36:b7:a8:b4:2c:1a:03:c7:ee:65:8e:9b:
                    10:a1:c2:cb:d4:25:8c:ae:e4:a3:c7:52:f6:3b:89:
                    18:d6:98:3e:4e:c1:8b:6c:3d:a5:02:bd:03:89:05:
                    41:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:7A:F7:D4:07:F0:45:DB:EA:80:77:32:65:B0:4C:E5:74:D0:B7:E3
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/6d5e29-af6e-4c8c-b0ad-516e0b30eb10/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/6d5e29-af6e-4c8c-b0ad-516e0b30eb10/1/knr31AfwRdvqgHcyZbBM5XTQt-M.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.104.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:1f:a1:42:10:5e:b9:2f:20:39:34:f1:ff:9a:98:92:2d:1e:
         4e:cb:4e:ee:19:25:f4:40:6a:bc:ad:a4:5f:10:e6:4b:62:3c:
         b5:5d:6e:fc:22:ba:09:37:0e:18:f7:93:28:06:44:b5:e1:d2:
         93:d5:1b:9c:c4:9b:4d:2d:fa:3b:e5:53:58:1c:5f:94:51:19:
         c7:ce:16:44:c9:1f:ce:73:9e:cf:9a:e3:e4:fd:6d:a0:b7:5b:
         94:3c:1b:6f:4c:a5:3e:82:e5:76:db:4c:2b:34:0a:cc:ec:d3:
         c1:32:2c:e1:bf:f8:8a:6b:06:15:a1:f1:a2:8f:f5:8b:e3:06:
         14:21:d1:8b:d0:bc:b5:0e:7e:90:2c:9a:3c:89:28:7b:ae:b5:
         e3:3f:05:58:74:01:95:12:36:71:d9:1d:4e:da:28:a4:87:0d:
         47:8d:2a:90:c0:05:a7:c8:da:b5:1a:7f:89:2e:e8:11:01:ab:
         76:34:7b:d1:b9:3f:27:a2:05:d7:06:9b:7b:d2:a6:7a:e8:83:
         cf:31:58:c3:91:4f:65:ea:58:48:ea:73:b5:a4:79:87:6c:77:
         c3:c2:f9:8a:2c:bd:84:81:4e:d7:cb:ad:38:2d:65:2f:85:19:
         aa:ea:aa:ac:ff:ce:dc:08:90:d5:4d:49:2e:61:89:14:9e:27:
         f5:50:70:56
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQm2W/84HBh941sSYK3DJMeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTE0OTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjdhZjdkNDA3ZjA0NWRiZWE4MDc3MzI2NWIwNGNlNTc0ZDBiN2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Kptj+c3CiseYXW+CkBMDTpKS6+j
vejWiVSu7CMf0zAZpZ0I6npQ5JM8yNlzvNY8WAf7vzOaW/3ioJVvkPCCzrwNXG7o
YcqJ1W5dDMAZNx0K7ERGNCsJRRwgXJTXjVnSWl7eC9OoUySOMTGomMYq4CMLpaqh
M8ccKc7q34E+iE+KvqknmwsYWQo0zUB1K/X+vi0XGXFC9Wh9MZscXFWZM4XZ7vAP
uKTY2gVrkitFwMwOuGjnIA2Fw9EjmxWeKxlYQMDOSgg1JcrO16OGNcaAk2e3TIQ2
t6i0LBoDx+5ljpsQocLL1CWMruSjx1L2O4kY1pg+TsGLbD2lAr0DiQVBKQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFJJ699QH8EXb6oB3MmWwTOV00LfjMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU4LzZkNWUy
OS1hZjZlLTRjOGMtYjBhZC01MTZlMGIzMGViMTAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTgvNmQ1ZTI5
LWFmNmUtNGM4Yy1iMGFkLTUxNmUwYjMwZWIxMC8xL2tucjMxQWZ3UmR2cWdIY3la
YkJNNVhUUXQtTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwGiMMA0GCSqGSIb3DQEBCwUAA4IBAQA7H6FC
EF65LyA5NPH/mpiSLR5Oy07uGSX0QGq8raRfEOZLYjy1XW78IroJNw4Y95MoBkS1
4dKT1RucxJtNLfo75VNYHF+UURnHzhZEyR/Oc57PmuPk/W2gt1uUPBtvTKU+guV2
20wrNArM7NPBMizhv/iKawYVofGij/WL4wYUIdGL0Ly1Dn6QLJo8iSh7rrXjPwVY
dAGVEjZx2R1O2iikhw1HjSqQwAWnyNq1Gn+JLugRAat2NHvRuT8nogXXBpt70qZ6
6IPPMVjDkU9l6lhI6nO1pHmHbHfDwvmKLL2EgU7Xy604LWUvhRmq6qqs/87cCJDV
TUkuYYkUnif1UHBW
-----END CERTIFICATE-----