Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/lrN3ZE5BQQHbberQ61ghBj9Yjow.cer
File:                     lrN3ZE5BQQHbberQ61ghBj9Yjow.cer (raw, json)
Hash identifier:          rg2pCaXGLt55pjSbjbnlp849KtGhDaMc9m0XEyJrqJY=
Subject key identifier:   96:B3:77:64:4E:41:41:01:DB:6D:EA:D0:EB:58:21:06:3F:58:8E:8C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019423D6A90DCDA6253FB112650D4EEBEA62
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c8/89e4e2-b8ab-4814-93c1-28e6c5ba2eae/1/lrN3ZE5BQQHbberQ61ghBj9Yjow.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c8/89e4e2-b8ab-4814-93c1-28e6c5ba2eae/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 21:47:38 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 94.231.213.0/24
                          IP: 2a10:3200::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:a9:0d:cd:a6:25:3f:b1:12:65:0d:4e:eb:ea:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 21:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=96b377644e414101db6dead0eb5821063f588e8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:85:f0:9d:0d:9e:91:77:53:dd:f6:0d:59:03:
                    69:b3:a2:60:3a:10:aa:f6:8c:db:de:f4:2e:2c:c6:
                    9a:2c:b4:09:d5:8e:5f:1d:95:1c:1b:f7:19:c5:48:
                    9e:99:c7:f2:b3:51:dd:cb:26:8a:ac:1d:88:44:5c:
                    66:0b:71:7b:7d:d2:18:ec:fe:fb:22:2f:e6:c2:04:
                    59:2b:35:ab:5c:9f:98:a0:d2:8f:eb:c2:a3:db:2c:
                    c9:4c:27:1a:e3:7b:2b:9d:a2:52:bf:b6:e5:08:70:
                    26:ac:1f:fa:88:c7:c8:0a:f3:0f:ae:a6:0e:e9:f8:
                    c7:27:10:60:53:8a:c8:13:53:2e:05:cf:e7:e3:63:
                    5a:24:64:bd:c4:4e:d1:fa:a8:d6:fa:aa:a7:16:96:
                    91:67:52:f2:3b:40:f1:1b:12:ac:64:0a:b6:42:54:
                    32:87:41:68:2a:ce:15:32:f2:65:0f:bd:5c:2c:06:
                    bd:c1:f4:35:70:e0:86:92:08:61:cd:80:4b:0d:54:
                    f5:1e:b3:e8:bd:d6:61:2d:46:85:63:93:49:54:e7:
                    ac:f3:a2:c2:1c:ab:0c:35:ba:5d:56:88:4f:fc:28:
                    1a:2a:90:58:45:35:45:dd:1c:5f:9e:0a:bf:69:98:
                    37:dc:9f:c5:92:37:0c:55:28:a3:da:e0:06:88:78:
                    c9:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:B3:77:64:4E:41:41:01:DB:6D:EA:D0:EB:58:21:06:3F:58:8E:8C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/89e4e2-b8ab-4814-93c1-28e6c5ba2eae/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/89e4e2-b8ab-4814-93c1-28e6c5ba2eae/1/lrN3ZE5BQQHbberQ61ghBj9Yjow.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.231.213.0/24
                IPv6:
                  2a10:3200::/29

    Signature Algorithm: sha256WithRSAEncryption
         98:a7:e9:74:b1:27:18:d9:52:fd:25:44:df:06:8a:53:33:fe:
         65:1d:83:12:2e:ff:3b:bb:7c:c1:8a:e1:1c:9a:4b:20:bb:83:
         57:2e:d0:98:36:9e:87:59:18:a2:b2:29:ae:e7:1d:9b:8d:31:
         a7:eb:27:6b:e4:22:85:43:c4:67:99:26:4a:e2:38:33:13:ae:
         35:21:5b:5f:9b:d3:58:aa:56:96:06:93:9e:f2:28:16:67:5c:
         3d:16:7c:d2:82:f1:1b:bd:66:31:c4:59:60:7e:ae:25:18:80:
         87:75:5b:88:ba:b2:e1:a2:20:c8:5a:15:89:3f:cd:b9:da:ed:
         ea:f2:f4:4c:a6:e6:8f:7b:dd:05:7a:47:54:82:ad:43:01:8b:
         a3:32:e3:b5:3c:2a:8b:ca:74:89:fd:b8:70:c0:41:97:6d:0d:
         1c:7b:80:2e:14:e5:8d:2b:88:0e:ba:16:db:6b:2c:04:ef:1c:
         ab:0e:40:85:cd:3b:50:f7:9c:ce:b9:1c:3c:13:b2:27:02:1c:
         ea:94:f9:84:93:3e:f1:78:22:75:f4:34:b4:c2:ed:36:6a:50:
         92:f3:3f:39:a8:a2:b1:12:e1:a6:2a:1b:d9:df:6a:a7:e0:de:
         a3:f0:54:db:5e:04:4c:31:03:e0:ed:8f:46:c9:48:b1:68:a4:
         bb:70:7c:17
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQj1qkNzaYlP7ESZQ1O6+piMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMjE0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmIzNzc2NDRlNDE0MTAxZGI2ZGVhZDBlYjU4MjEwNjNmNTg4ZThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzIXwnQ2ekXdT3fYNWQNps6JgOhCq
9ozb3vQuLMaaLLQJ1Y5fHZUcG/cZxUiemcfys1HdyyaKrB2IRFxmC3F7fdIY7P77
Ii/mwgRZKzWrXJ+YoNKP68Kj2yzJTCca43srnaJSv7blCHAmrB/6iMfICvMPrqYO
6fjHJxBgU4rIE1MuBc/n42NaJGS9xE7R+qjW+qqnFpaRZ1LyO0DxGxKsZAq2QlQy
h0FoKs4VMvJlD71cLAa9wfQ1cOCGkghhzYBLDVT1HrPovdZhLUaFY5NJVOes86LC
HKsMNbpdVohP/CgaKpBYRTVF3Rxfngq/aZg33J/FkjcMVSij2uAGiHjJoQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFJazd2ROQUEB223q0OtYIQY/WI6MMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M4Lzg5ZTRl
Mi1iOGFiLTQ4MTQtOTNjMS0yOGU2YzViYTJlYWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzgvODllNGUy
LWI4YWItNDgxNC05M2MxLTI4ZTZjNWJhMmVhZS8xL2xyTjNaRTVCUVFIYmJlclE2
MWdoQmo5WWpvdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAXufVMA0EAgACMAcDBQMqEDIAMA0GCSqGSIb3
DQEBCwUAA4IBAQCYp+l0sScY2VL9JUTfBopTM/5lHYMSLv87u3zBiuEcmksgu4NX
LtCYNp6HWRiisimu5x2bjTGn6ydr5CKFQ8RnmSZK4jgzE641IVtfm9NYqlaWBpOe
8igWZ1w9FnzSgvEbvWYxxFlgfq4lGICHdVuIurLhoiDIWhWJP8252u3q8vRMpuaP
e90FekdUgq1DAYujMuO1PCqLynSJ/bhwwEGXbQ0ce4AuFOWNK4gOuhbbaywE7xyr
DkCFzTtQ95zOuRw8E7InAhzqlPmEkz7xeCJ19DS0wu02alCS8z85qKKxEuGmKhvZ
32qn4N6j8FTbXgRMMQPg7Y9GyUixaKS7cHwX
-----END CERTIFICATE-----