Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/l49B4pAoVHPCoeK-f2b2NFLtRkQ.cer
File:                     l49B4pAoVHPCoeK-f2b2NFLtRkQ.cer (raw, json)
Hash identifier:          lxIq+REjieAFeWMNUgShv3X4Xf2+9BEGBFIZb/nuybA=
Subject key identifier:   97:8F:41:E2:90:28:54:73:C2:A1:E2:BE:7F:66:F6:34:52:ED:46:44
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019425216C9F4E0DDB6CC4FCAE7BB7841A4A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/79/f1480f-76e9-4c8e-ac32-3577b1efdc78/1/l49B4pAoVHPCoeK-f2b2NFLtRkQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/79/f1480f-76e9-4c8e-ac32-3577b1efdc78/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 03:48:55 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 39452
                          IP: 89.150.0.0/23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:6c:9f:4e:0d:db:6c:c4:fc:ae:7b:b7:84:1a:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 03:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=978f41e290285473c2a1e2be7f66f63452ed4644
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:91:fc:5b:14:65:cb:d2:73:65:e5:ca:e0:6b:
                    e8:e1:a4:32:5c:d0:54:c1:27:cf:5e:1e:11:98:10:
                    a0:99:6d:9e:84:ec:92:20:d1:c9:7a:d8:eb:b7:90:
                    db:73:50:b1:4d:3b:29:4e:6a:48:fc:3a:96:5f:7f:
                    85:8d:0d:8f:ca:67:02:c0:df:44:ec:37:bf:bd:3e:
                    61:8c:1f:80:e4:2b:ac:3f:83:a4:64:ee:c2:08:c7:
                    4d:cf:00:45:68:20:2e:0e:68:87:89:d3:0c:66:47:
                    d8:a1:ab:76:56:6e:bb:e3:3a:3b:65:cc:3e:a4:f8:
                    ac:64:6d:81:a4:01:97:82:ed:54:f7:81:1f:6e:8c:
                    87:cd:e7:2f:07:66:6c:91:a8:5b:7d:d1:c7:70:88:
                    e5:74:1d:db:aa:ce:c3:bf:35:17:f1:58:a4:1d:5e:
                    77:00:be:d2:5d:e8:04:9a:8b:c8:50:82:a3:17:f0:
                    0c:36:ab:96:78:bc:0d:f1:6d:82:f0:1b:44:20:f1:
                    30:54:e9:06:bc:22:ff:51:10:96:8a:8d:6c:2e:93:
                    c5:41:7e:b9:31:16:58:6a:b6:e5:f9:8d:98:23:68:
                    02:0b:a1:9c:fb:13:e6:2c:28:a5:e1:ab:31:d3:ed:
                    26:6e:83:bc:6c:ff:0f:06:5c:f5:47:fe:fb:c3:2f:
                    0f:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:8F:41:E2:90:28:54:73:C2:A1:E2:BE:7F:66:F6:34:52:ED:46:44
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/f1480f-76e9-4c8e-ac32-3577b1efdc78/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/f1480f-76e9-4c8e-ac32-3577b1efdc78/1/l49B4pAoVHPCoeK-f2b2NFLtRkQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.150.0.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  39452

    Signature Algorithm: sha256WithRSAEncryption
         7b:12:22:d2:79:d3:b4:f5:cf:ac:18:41:30:63:10:7f:81:98:
         41:78:31:66:33:bc:c6:8e:e2:60:8f:23:80:a1:e4:23:a2:57:
         0f:92:eb:1e:ad:98:e0:5e:da:68:29:58:d6:ba:03:d0:72:48:
         e3:a6:4c:59:9f:32:78:70:f0:85:da:94:ef:6b:c1:f3:73:3a:
         5a:ed:0a:f6:67:f0:b0:48:34:55:40:9c:cf:1c:48:c2:4e:c0:
         09:70:06:6d:be:b5:e5:fe:e3:cf:e0:f3:23:1a:a8:f0:8c:07:
         c3:f4:18:0e:34:29:d7:f5:6f:f1:26:be:35:24:e4:7b:b2:c6:
         95:04:ad:58:a7:06:52:a2:f7:fe:b2:02:af:c5:1c:21:a4:a8:
         40:9b:84:a7:4e:cf:ba:4f:bd:9d:18:83:d2:5b:9c:f6:15:67:
         40:eb:31:d8:b4:f6:43:cb:37:4a:fc:dd:1c:ac:6b:65:06:b5:
         92:b0:0f:90:e3:cd:ca:be:53:83:4b:2a:80:ed:62:00:06:8d:
         8e:10:e1:dc:f5:a1:23:4a:28:d0:a6:be:1c:9c:cc:62:71:5c:
         03:4e:6b:bb:4b:94:ae:f1:19:e3:9b:61:68:30:43:6c:40:25:
         db:6d:dc:37:8f:c9:90:de:57:a9:54:9a:8d:30:ad:7c:15:10:
         4b:38:0a:22
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQlIWyfTg3bbMT8rnu3hBpKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDM0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzhmNDFlMjkwMjg1NDczYzJhMWUyYmU3ZjY2ZjYzNDUyZWQ0NjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ZH8WxRly9JzZeXK4Gvo4aQyXNBU
wSfPXh4RmBCgmW2ehOySINHJetjrt5Dbc1CxTTspTmpI/DqWX3+FjQ2PymcCwN9E
7De/vT5hjB+A5CusP4OkZO7CCMdNzwBFaCAuDmiHidMMZkfYoat2Vm674zo7Zcw+
pPisZG2BpAGXgu1U94EfboyHzecvB2ZskahbfdHHcIjldB3bqs7DvzUX8VikHV53
AL7SXegEmovIUIKjF/AMNquWeLwN8W2C8BtEIPEwVOkGvCL/URCWio1sLpPFQX65
MRZYarbl+Y2YI2gCC6Gc+xPmLCil4asx0+0mboO8bP8PBlz1R/77wy8P2wIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFJePQeKQKFRzwqHivn9m9jRS7UZEMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc5L2YxNDgw
Zi03NmU5LTRjOGUtYWMzMi0zNTc3YjFlZmRjNzgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzkvZjE0ODBm
LTc2ZTktNGM4ZS1hYzMyLTM1NzdiMWVmZGM3OC8xL2w0OUI0cEFvVkhQQ29lSy1m
MmIyTkZMdFJrUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBWZYAMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCaHDANBgkqhkiG9w0BAQsFAAOCAQEAexIi0nnTtPXPrBhBMGMQf4GYQXgxZjO8
xo7iYI8jgKHkI6JXD5LrHq2Y4F7aaClY1roD0HJI46ZMWZ8yeHDwhdqU72vB83M6
Wu0K9mfwsEg0VUCczxxIwk7ACXAGbb615f7jz+DzIxqo8IwHw/QYDjQp1/Vv8Sa+
NSTke7LGlQStWKcGUqL3/rICr8UcIaSoQJuEp07Puk+9nRiD0luc9hVnQOsx2LT2
Q8s3SvzdHKxrZQa1krAPkOPNyr5Tg0sqgO1iAAaNjhDh3PWhI0oo0Ka+HJzMYnFc
A05ru0uUrvEZ45thaDBDbEAl223cN4/JkN5XqVSajTCtfBUQSzgKIg==
-----END CERTIFICATE-----