Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/lFIdXqe3kACA9uZoNtTe2jRwVP0.cer
File:                     lFIdXqe3kACA9uZoNtTe2jRwVP0.cer (raw, json)
Hash identifier:          qMNGeUEtunPCue35iPQ80hEh9Ep584XF1y21VHjvJoA=
Subject key identifier:   94:52:1D:5E:A7:B7:90:00:80:F6:E6:68:36:D4:DE:DA:34:70:54:FD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0195029C73A36A3967045DBF49EEBF079F2F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/bead2dcf-ead5-4954-ad84-6580cd2a9c50/0/94521D5EA7B7900080F6E66836D4DEDA347054FD.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/bead2dcf-ead5-4954-ad84-6580cd2a9c50/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Fri 14 Feb 2025 03:59:22 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 214701
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Apr 2025 22:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:02:9c:73:a3:6a:39:67:04:5d:bf:49:ee:bf:07:9f:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Feb 14 03:59:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94521d5ea7b7900080f6e66836d4deda347054fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:29:ed:b8:de:d6:17:7e:dc:0c:c8:1f:55:68:
                    35:2c:db:72:21:a6:97:b1:a7:8d:99:de:83:0c:8c:
                    c4:77:42:bd:00:e2:9c:d9:5e:26:eb:53:76:34:31:
                    46:55:6d:6b:2e:6f:29:8b:49:e3:8c:b6:e0:1b:ea:
                    6a:2c:64:d8:15:e1:82:56:14:63:36:a0:38:37:2e:
                    1c:58:39:d5:89:f7:67:f6:4e:91:c0:42:8e:77:9d:
                    e5:6b:49:ab:8d:0d:54:67:47:70:6a:10:04:81:c2:
                    05:91:f4:05:04:48:2e:8d:07:5b:12:a8:1d:0f:15:
                    c5:dc:75:ec:28:8b:20:10:c5:ef:d2:6e:4a:8f:51:
                    3f:e7:3f:a5:94:5f:83:c5:7d:db:33:c3:d8:5d:d5:
                    35:db:aa:9f:7b:8a:37:75:69:dc:a3:03:67:50:9b:
                    0b:a4:0d:a8:af:1b:7c:9e:42:80:13:27:15:c9:f1:
                    06:5c:3e:ae:10:3f:e3:87:d7:7a:8f:b4:e6:78:6a:
                    3b:c4:28:21:46:20:88:a6:95:60:c4:29:1b:dc:42:
                    3a:1b:92:54:1f:18:12:61:88:52:85:98:52:3c:f9:
                    40:ad:51:50:ec:78:0f:d2:a8:46:f1:37:15:b7:a3:
                    4d:e4:d8:47:b7:a3:31:4f:d4:3a:80:fa:53:86:a4:
                    0b:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:52:1D:5E:A7:B7:90:00:80:F6:E6:68:36:D4:DE:DA:34:70:54:FD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/bead2dcf-ead5-4954-ad84-6580cd2a9c50/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/bead2dcf-ead5-4954-ad84-6580cd2a9c50/0/94521D5EA7B7900080F6E66836D4DEDA347054FD.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214701

    Signature Algorithm: sha256WithRSAEncryption
         9b:c9:cd:aa:d3:f8:59:49:48:87:2f:4a:bd:7b:a8:11:72:e8:
         9e:9e:80:60:af:5d:65:39:92:ce:41:4b:77:e4:68:46:05:99:
         68:c6:bf:91:b0:4c:65:5e:01:4b:58:cc:eb:6a:44:40:e2:ed:
         2e:0f:a1:e7:19:0e:79:24:2b:b5:f5:6a:fd:9d:29:78:98:8e:
         88:fc:2c:fb:5a:c0:d3:f9:0f:38:69:57:a6:4a:d5:b5:79:7d:
         c0:8d:41:83:08:e4:2a:af:b2:ce:b7:ac:c1:5f:c2:b7:19:ce:
         70:dd:dc:bf:27:da:ce:e0:44:2f:72:04:e8:1b:cf:d9:36:2c:
         2b:1e:0b:5e:b3:6a:7e:1c:81:96:c0:a0:39:b9:4f:ad:a0:be:
         86:6d:a3:f7:60:7a:0c:75:94:3c:ff:51:61:98:3b:39:33:54:
         c8:2d:ed:36:1b:02:94:c3:c5:0d:51:36:16:ff:a7:4b:5a:43:
         30:a2:7b:87:f9:0c:e7:8c:59:80:18:f4:70:81:62:f0:76:a1:
         0e:97:26:d8:5e:1f:b5:ff:fd:10:7a:37:c5:87:7c:29:dc:29:
         89:2e:5e:37:47:2e:f3:a0:ba:cc:54:17:f6:33:e1:67:a3:d2:
         d8:a7:b9:81:bb:92:b2:95:6b:87:1d:9f:0b:43:a4:c5:5d:8f:
         95:49:71:5d
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZUCnHOjajlnBF2/Se6/B58vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMjE0MDM1OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDUyMWQ1ZWE3Yjc5MDAwODBmNmU2NjgzNmQ0ZGVkYTM0NzA1NGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9intuN7WF37cDMgfVWg1LNtyIaaX
saeNmd6DDIzEd0K9AOKc2V4m61N2NDFGVW1rLm8pi0njjLbgG+pqLGTYFeGCVhRj
NqA4Ny4cWDnVifdn9k6RwEKOd53la0mrjQ1UZ0dwahAEgcIFkfQFBEgujQdbEqgd
DxXF3HXsKIsgEMXv0m5Kj1E/5z+llF+DxX3bM8PYXdU126qfe4o3dWncowNnUJsL
pA2orxt8nkKAEycVyfEGXD6uED/jh9d6j7TmeGo7xCghRiCIppVgxCkb3EI6G5JU
HxgSYYhShZhSPPlArVFQ7HgP0qhG8TcVt6NN5NhHt6MxT9Q6gPpThqQL9QIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFJRSHV6nt5AAgPbmaDbU3to0cFT9MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2JlYWQy
ZGNmLWVhZDUtNDk1NC1hZDg0LTY1ODBjZDJhOWM1MC8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmVh
ZDJkY2YtZWFkNS00OTU0LWFkODQtNjU4MGNkMmE5YzUwLzAvOTQ1MjFENUVBN0I3
OTAwMDgwRjZFNjY4MzZENERFREEzNDcwNTRGRC5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDRq0w
DQYJKoZIhvcNAQELBQADggEBAJvJzarT+FlJSIcvSr17qBFy6J6egGCvXWU5ks5B
S3fkaEYFmWjGv5GwTGVeAUtYzOtqREDi7S4PoecZDnkkK7X1av2dKXiYjoj8LPta
wNP5DzhpV6ZK1bV5fcCNQYMI5Cqvss63rMFfwrcZznDd3L8n2s7gRC9yBOgbz9k2
LCseC16zan4cgZbAoDm5T62gvoZto/dgegx1lDz/UWGYOzkzVMgt7TYbApTDxQ1R
Nhb/p0taQzCie4f5DOeMWYAY9HCBYvB2oQ6XJtheH7X//RB6N8WHfCncKYkuXjdH
LvOgusxUF/Yz4Wej0tinuYG7krKVa4cdnwtDpMVdj5VJcV0=
-----END CERTIFICATE-----