Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/l-pUHBI_qpwO3HKfgp6Vn9KS430.cer
File:                     l-pUHBI_qpwO3HKfgp6Vn9KS430.cer (raw, json)
Hash identifier:          Nd3AjrQwfO4pwqh7eLorZ4+CJYK+5WhbSJnqBXl/HSY=
Subject key identifier:   97:EA:54:1C:12:3F:AA:9C:0E:DC:72:9F:82:9E:95:9F:D2:92:E3:7D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942368E779399160892200D6C5D32DC77B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/l-pUHBI_qpwO3HKfgp6Vn9KS430.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 19:47:45 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 202107
                          IP: 2a0d:9b80::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:e7:79:39:91:60:89:22:00:d6:c5:d3:2d:c7:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 19:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=97ea541c123faa9c0edc729f829e959fd292e37d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:9c:f3:19:e0:b9:38:62:1c:6e:ad:34:15:64:
                    4d:3e:a4:1f:13:6f:b8:ab:7d:6e:a8:dc:97:a1:9a:
                    00:eb:d2:1e:a0:ab:ef:a4:c4:53:bb:31:78:82:37:
                    60:45:b4:20:da:ab:a2:25:63:76:2b:e7:a2:ef:78:
                    6a:0d:71:4c:28:b6:8a:39:aa:46:d2:1d:2b:f4:88:
                    c9:67:80:d6:89:e0:d2:65:8f:0e:e4:b9:35:0d:6d:
                    7d:07:77:aa:6b:fd:c1:90:9f:0f:dc:ff:db:d6:08:
                    56:ea:65:d3:05:04:37:2a:42:d9:22:91:78:cf:29:
                    9f:a5:f5:69:7e:51:03:6d:8e:42:73:b8:7c:da:55:
                    f6:77:5e:8d:b7:11:28:5d:d5:40:fb:67:de:48:29:
                    3f:50:a0:f0:e3:41:76:c7:a4:06:ab:45:03:e7:43:
                    9e:f2:30:55:77:e6:90:59:56:c9:0c:3e:f1:66:f2:
                    3d:3a:95:a4:78:4e:ce:09:75:4d:25:95:a0:4c:4d:
                    19:bd:86:0a:4e:a4:2f:a7:5f:53:d0:4a:4a:61:cf:
                    5f:4d:73:66:76:d0:1a:f3:66:96:b3:92:5b:6b:bd:
                    11:8b:ff:eb:78:42:1e:bd:31:3f:a7:d8:cf:d6:da:
                    e2:2a:7c:71:30:a0:38:b8:d0:95:d5:98:17:df:ba:
                    58:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:EA:54:1C:12:3F:AA:9C:0E:DC:72:9F:82:9E:95:9F:D2:92:E3:7D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/l-pUHBI_qpwO3HKfgp6Vn9KS430.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:9b80::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  202107

    Signature Algorithm: sha256WithRSAEncryption
         14:5d:a6:cb:c3:81:5d:ce:27:41:f9:e4:5a:a8:50:e1:1e:de:
         63:15:f6:a1:cb:d9:f6:e3:be:b1:5a:9b:af:7f:f3:e5:47:d3:
         b8:d8:b9:19:de:f6:4c:80:ad:57:e0:e5:32:e7:f2:21:3e:10:
         9e:cd:17:fc:ca:4e:a1:b5:9e:a4:36:1f:39:87:7c:3b:0d:55:
         a5:37:0e:41:ec:81:ad:05:f7:86:4d:83:d5:2d:dc:c4:13:b3:
         6f:8e:b5:74:34:47:68:3f:75:23:b2:e6:27:cd:a3:b6:ef:23:
         dc:8c:e8:4d:b1:92:34:01:40:07:d6:19:44:21:4e:bf:26:49:
         a3:ff:ba:bf:e0:0c:09:d8:d6:9d:77:1c:c9:c8:72:b0:69:6a:
         3d:cf:77:59:c5:7f:43:53:30:77:02:cc:40:0d:af:68:55:4c:
         a9:89:ed:0b:7a:13:c2:9e:e5:a9:d1:d9:c1:b2:e2:15:9f:e0:
         30:98:b3:e7:76:2b:8b:e3:79:de:6b:aa:7d:1a:1c:20:14:44:
         30:0e:6e:8f:71:70:77:30:f9:0b:6a:8d:e1:c9:67:ca:ad:7b:
         ae:ec:df:76:28:da:f6:ad:be:ab:45:57:28:73:4a:4f:f7:80:
         60:5c:f3:75:79:cd:2f:4b:80:f7:36:ca:dc:44:b7:5c:b1:bc:
         bb:59:4f:c6
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAZQjaOd5OZFgiSIA1sXTLcd7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTk0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2VhNTQxYzEyM2ZhYTljMGVkYzcyOWY4MjllOTU5ZmQyOTJlMzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZzzGeC5OGIcbq00FWRNPqQfE2+4
q31uqNyXoZoA69IeoKvvpMRTuzF4gjdgRbQg2quiJWN2K+ei73hqDXFMKLaKOapG
0h0r9IjJZ4DWieDSZY8O5Lk1DW19B3eqa/3BkJ8P3P/b1ghW6mXTBQQ3KkLZIpF4
zymfpfVpflEDbY5Cc7h82lX2d16NtxEoXdVA+2feSCk/UKDw40F2x6QGq0UD50Oe
8jBVd+aQWVbJDD7xZvI9OpWkeE7OCXVNJZWgTE0ZvYYKTqQvp19T0EpKYc9fTXNm
dtAa82aWs5Jba70Ri//reEIevTE/p9jP1triKnxxMKA4uNCV1ZgX37pYDwIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFJfqVBwSP6qcDtxyn4KelZ/SkuN9MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ViLzEyMTU1
Yy1jZDEzLTRhYTctODk0OS02MzhkY2ZhMTMwMDMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWIvMTIxNTVj
LWNkMTMtNGFhNy04OTQ5LTYzOGRjZmExMzAwMy8xL2wtcFVIQklfcXB3TzNIS2Zn
cDZWbjlLUzQzMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUDKg2bgDAaBggrBgEFBQcBCAEB/wQLMAmgBzAF
AgMDFXswDQYJKoZIhvcNAQELBQADggEBABRdpsvDgV3OJ0H55FqoUOEe3mMV9qHL
2fbjvrFam69/8+VH07jYuRne9kyArVfg5TLn8iE+EJ7NF/zKTqG1nqQ2HzmHfDsN
VaU3DkHsga0F94ZNg9Ut3MQTs2+OtXQ0R2g/dSOy5ifNo7bvI9yM6E2xkjQBQAfW
GUQhTr8mSaP/ur/gDAnY1p13HMnIcrBpaj3Pd1nFf0NTMHcCzEANr2hVTKmJ7Qt6
E8Ke5anR2cGy4hWf4DCYs+d2K4vjed5rqn0aHCAURDAObo9xcHcw+QtqjeHJZ8qt
e67s33Yo2vatvqtFVyhzSk/3gGBc83V5zS9LgPc2ytxEt1yxvLtZT8Y=
-----END CERTIFICATE-----