Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/lw69BGmlxpwQmJccqrNv4DLs4xE.cer
File:                     lw69BGmlxpwQmJccqrNv4DLs4xE.cer (raw, json)
Hash identifier:          uJibMKxK1ZIM+N4BDAKbjOVWSUzTrqR0ZL7d/RvvYMc=
Subject key identifier:   97:0E:BD:04:69:A5:C6:9C:10:98:97:1C:AA:B3:6F:E0:32:EC:E3:11
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942368DE49F749B3DF54D60832A62EFB89
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/lw69BGmlxpwQmJccqrNv4DLs4xE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 19:47:42 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 149.157.0.0/16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:de:49:f7:49:b3:df:54:d6:08:32:a6:2e:fb:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 19:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=970ebd0469a5c69c1098971caab36fe032ece311
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:67:0b:c4:1e:92:74:1a:2e:ca:52:6a:69:af:
                    87:65:ca:31:85:ea:cd:ba:24:b7:03:c8:c3:b7:56:
                    b7:44:41:f4:a3:39:52:94:92:76:15:9a:48:a3:06:
                    13:68:2a:91:d5:ea:dd:60:d7:5e:8c:44:4a:90:35:
                    55:fb:06:c0:0e:49:ab:c8:ec:3d:e1:8a:93:e7:04:
                    d1:b3:8d:cc:85:a6:22:fa:fd:b1:b4:32:62:b5:ca:
                    94:87:eb:8e:ce:1c:51:25:3a:9d:0c:e5:f0:b0:06:
                    d7:b6:14:9d:d4:7b:11:23:91:52:29:44:06:7d:a7:
                    c2:87:aa:03:de:53:34:7d:68:90:ad:ed:2b:ed:18:
                    40:d4:7e:11:19:eb:4c:51:91:0b:9c:1c:8d:ed:41:
                    06:7b:ef:98:06:ec:75:f9:35:1c:54:bb:ae:6a:e8:
                    3e:d7:fa:ba:5f:f8:7e:a0:c3:35:f3:b6:b7:cd:1d:
                    28:6a:50:44:d5:16:91:a8:4a:ef:60:c9:f6:cb:7e:
                    ad:39:c4:e8:b1:f7:d6:7e:26:4f:8c:02:ec:dd:3d:
                    91:ce:0a:b2:20:ba:92:e0:bf:d6:96:b1:6d:59:ef:
                    2c:f6:98:fd:4f:9d:a0:b4:c1:b1:91:79:e3:d1:d0:
                    05:27:fe:62:28:fe:b6:10:c9:b3:81:db:f9:f4:50:
                    17:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:0E:BD:04:69:A5:C6:9C:10:98:97:1C:AA:B3:6F:E0:32:EC:E3:11
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/lw69BGmlxpwQmJccqrNv4DLs4xE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.157.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         45:a0:79:4c:e6:9a:8f:08:e5:f3:b6:7d:84:fb:76:15:ac:20:
         43:12:17:35:6c:21:57:0f:72:8b:57:af:64:69:ac:56:66:79:
         79:7d:52:57:81:76:bf:8f:5b:2c:7d:2d:6b:26:67:e8:df:42:
         c2:9b:7f:9f:8f:94:d2:9a:70:e8:21:5b:fd:e5:10:0b:53:c7:
         bf:7a:71:58:04:45:2f:2a:4c:49:f4:fe:38:98:29:be:c2:7b:
         78:2f:2e:41:fc:ac:34:fd:35:04:bb:84:ef:12:3f:a1:11:f7:
         f7:e7:0e:4a:a5:12:dd:c1:be:2c:53:a5:a2:69:5c:38:13:e9:
         87:cf:3f:62:27:26:3b:85:cf:fb:d0:04:f6:ef:dd:57:55:0b:
         61:5d:31:25:8d:53:1a:c7:c7:cb:77:2a:f5:ff:83:73:89:c2:
         0e:57:d0:75:0b:82:96:30:d4:13:d8:c9:bd:00:6c:4a:c9:0b:
         80:d7:15:16:83:cf:0a:95:df:81:54:00:f9:ff:5d:f6:6b:b3:
         f8:73:01:42:ba:31:4e:ab:7e:84:b4:14:10:6a:6c:fe:07:b7:
         92:a5:98:b3:7e:a1:00:a8:5c:31:3b:9e:49:7c:aa:0d:69:ec:
         79:22:15:9d:b8:3b:13:86:da:28:1c:36:3e:01:fe:d8:f7:28:
         53:aa:3e:99
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAZQjaN5J90mz31TWCDKmLvuJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTk0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzBlYmQwNDY5YTVjNjljMTA5ODk3MWNhYWIzNmZlMDMyZWNlMzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWcLxB6SdBouylJqaa+HZcoxherN
uiS3A8jDt1a3REH0ozlSlJJ2FZpIowYTaCqR1erdYNdejERKkDVV+wbADkmryOw9
4YqT5wTRs43MhaYi+v2xtDJitcqUh+uOzhxRJTqdDOXwsAbXthSd1HsRI5FSKUQG
fafCh6oD3lM0fWiQre0r7RhA1H4RGetMUZELnByN7UEGe++YBux1+TUcVLuuaug+
1/q6X/h+oMM187a3zR0oalBE1RaRqErvYMn2y36tOcTosffWfiZPjALs3T2Rzgqy
ILqS4L/WlrFtWe8s9pj9T52gtMGxkXnj0dAFJ/5iKP62EMmzgdv59FAXYwIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFJcOvQRppcacEJiXHKqzb+Ay7OMRMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdlLzYyMDAx
YS1hMzEzLTRlMzMtYmIwNC05MTRiNGIzNGY5ODEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2UvNjIwMDFh
LWEzMTMtNGUzMy1iYjA0LTkxNGI0YjM0Zjk4MS8xL2x3NjlCR21seHB3UW1KY2Nx
ck52NERMczR4RS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUF
BwEHAQH/BA8wDTALBAIAATAFAwMAlZ0wDQYJKoZIhvcNAQELBQADggEBAEWgeUzm
mo8I5fO2fYT7dhWsIEMSFzVsIVcPcotXr2RprFZmeXl9UleBdr+PWyx9LWsmZ+jf
QsKbf5+PlNKacOghW/3lEAtTx796cVgERS8qTEn0/jiYKb7Ce3gvLkH8rDT9NQS7
hO8SP6ER9/fnDkqlEt3BvixTpaJpXDgT6YfPP2InJjuFz/vQBPbv3VdVC2FdMSWN
UxrHx8t3KvX/g3OJwg5X0HULgpYw1BPYyb0AbErJC4DXFRaDzwqV34FUAPn/XfZr
s/hzAUK6MU6rfoS0FBBqbP4Ht5KlmLN+oQCoXDE7nkl8qg1p7HkiFZ24OxOG2igc
Nj4B/tj3KFOqPpk=
-----END CERTIFICATE-----