Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/kw4KO7COSsZzY-MLqDsHFjLQqkM.cer
File:                     kw4KO7COSsZzY-MLqDsHFjLQqkM.cer (raw, json)
Hash identifier:          lv/nzdlRbYT/UJjE+aEPo62Ciu4gf8Dks8DkmWaLZtM=
Subject key identifier:   93:0E:0A:3B:B0:8E:4A:C6:73:63:E3:0B:A8:3B:07:16:32:D0:AA:43
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019421B2364E212282CC2FC8D63FEED39FBC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7c/5950c9-97ec-40dc-9b11-0295a1c11feb/1/kw4KO7COSsZzY-MLqDsHFjLQqkM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7c/5950c9-97ec-40dc-9b11-0295a1c11feb/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 11:48:35 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 214064
                          IP: 2001:67c:f30::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:36:4e:21:22:82:cc:2f:c8:d6:3f:ee:d3:9f:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 11:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=930e0a3bb08e4ac67363e30ba83b071632d0aa43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c9:87:26:fb:df:a9:47:86:25:57:11:9c:e4:
                    d2:bd:a7:6d:d5:53:3a:da:08:17:89:10:97:a7:27:
                    3a:81:0e:9d:bc:45:26:a1:11:a3:0d:fd:7c:0d:83:
                    72:9c:36:b1:10:c8:cf:cc:53:1b:cc:35:88:a9:3e:
                    bc:9b:0f:99:10:46:8e:95:e4:e7:be:80:3e:d9:49:
                    e0:36:6f:b2:47:0b:ba:bb:46:9e:be:09:2f:2f:9f:
                    fd:32:29:11:a8:6c:46:1b:65:2a:ce:48:a8:23:2d:
                    a8:9c:c1:44:2f:92:e7:9f:73:a7:9d:11:3f:d9:f9:
                    e0:e6:6b:c7:36:d3:ed:10:9c:ef:a4:1f:2c:dc:c5:
                    7c:3d:f8:bc:dd:fb:bb:dd:64:cc:2b:c1:69:87:21:
                    e8:c1:c3:f5:6c:38:df:7b:8c:82:69:23:d0:47:9c:
                    f5:22:17:77:f7:2b:8f:69:6d:0a:b2:da:dc:96:cf:
                    8c:4a:0e:15:5e:34:f8:90:f9:5a:39:58:db:06:21:
                    e0:d5:73:e7:2e:a8:5c:f5:ca:8b:69:f9:df:fd:f0:
                    4a:29:8a:aa:d2:02:3e:35:8a:2d:53:c9:43:90:24:
                    13:c1:28:fe:4c:2f:2f:80:21:fc:16:70:45:54:35:
                    fc:a8:b0:33:6d:b1:22:c8:77:86:08:16:e3:8e:2d:
                    f6:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:0E:0A:3B:B0:8E:4A:C6:73:63:E3:0B:A8:3B:07:16:32:D0:AA:43
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/5950c9-97ec-40dc-9b11-0295a1c11feb/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/5950c9-97ec-40dc-9b11-0295a1c11feb/1/kw4KO7COSsZzY-MLqDsHFjLQqkM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:f30::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214064

    Signature Algorithm: sha256WithRSAEncryption
         9f:65:e9:53:d4:18:34:88:f3:ae:8c:4b:7e:fa:73:2f:a4:c2:
         12:3c:1b:d7:6e:76:be:3b:2d:92:27:ef:2b:c2:1c:9c:28:03:
         f5:eb:7c:7c:b0:bd:2b:eb:7e:aa:0b:67:df:02:45:ec:95:fe:
         8a:00:76:58:15:b8:fe:99:a0:85:23:05:93:bc:32:63:03:8f:
         29:03:55:e8:e5:bd:f6:53:4a:0d:33:b5:26:70:5d:53:36:04:
         cc:5c:ed:85:0a:cc:c6:38:ea:49:92:95:07:7b:8e:58:1d:68:
         50:17:4e:83:cc:62:61:34:81:40:d2:69:3e:5a:85:77:3f:ea:
         7d:8f:71:f6:6d:0b:56:6f:5f:20:03:ba:87:7b:8c:e1:88:dc:
         46:75:b3:3f:00:54:86:e5:ba:e6:a6:52:e1:bc:7a:c6:fa:ff:
         38:d9:f4:ac:e3:be:8f:60:29:60:20:ac:7f:11:53:67:4b:81:
         20:74:f2:ba:f0:5a:5e:a4:49:3e:32:3a:40:04:2d:71:18:07:
         b3:67:85:a0:6d:6c:89:30:ab:47:8c:ff:55:77:79:ed:0e:6b:
         be:4a:87:24:23:36:54:f3:df:7b:4c:5a:a6:34:de:f2:88:b1:
         31:36:5a:41:86:29:f4:f7:68:2c:9d:30:1f:e5:5b:fc:c8:7e:
         85:09:a2:d1
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZQhsjZOISKCzC/I1j/u05+8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTE0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzBlMGEzYmIwOGU0YWM2NzM2M2UzMGJhODNiMDcxNjMyZDBhYTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8mHJvvfqUeGJVcRnOTSvadt1VM6
2ggXiRCXpyc6gQ6dvEUmoRGjDf18DYNynDaxEMjPzFMbzDWIqT68mw+ZEEaOleTn
voA+2UngNm+yRwu6u0aevgkvL5/9MikRqGxGG2UqzkioIy2onMFEL5Lnn3OnnRE/
2fng5mvHNtPtEJzvpB8s3MV8Pfi83fu73WTMK8FphyHowcP1bDjfe4yCaSPQR5z1
Ihd39yuPaW0Kstrcls+MSg4VXjT4kPlaOVjbBiHg1XPnLqhc9cqLafnf/fBKKYqq
0gI+NYotU8lDkCQTwSj+TC8vgCH8FnBFVDX8qLAzbbEiyHeGCBbjji32FwIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFJMOCjuwjkrGc2PjC6g7BxYy0KpDMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdjLzU5NTBj
OS05N2VjLTQwZGMtOWIxMS0wMjk1YTFjMTFmZWIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2MvNTk1MGM5
LTk3ZWMtNDBkYy05YjExLTAyOTVhMWMxMWZlYi8xL2t3NEtPN0NPU3NaelktTUxx
RHNIRmpMUXFrTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA8wMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwNEMDANBgkqhkiG9w0BAQsFAAOCAQEAn2XpU9QYNIjzroxLfvpzL6TCEjwb
1252vjstkifvK8IcnCgD9et8fLC9K+t+qgtn3wJF7JX+igB2WBW4/pmghSMFk7wy
YwOPKQNV6OW99lNKDTO1JnBdUzYEzFzthQrMxjjqSZKVB3uOWB1oUBdOg8xiYTSB
QNJpPlqFdz/qfY9x9m0LVm9fIAO6h3uM4YjcRnWzPwBUhuW65qZS4bx6xvr/ONn0
rOO+j2ApYCCsfxFTZ0uBIHTyuvBaXqRJPjI6QAQtcRgHs2eFoG1siTCrR4z/VXd5
7Q5rvkqHJCM2VPPfe0xapjTe8oixMTZaQYYp9PdoLJ0wH+Vb/Mh+hQmi0Q==
-----END CERTIFICATE-----