Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/mCpUHVrI_3uwQIx0NKwQEu_3PLU.cer
File:                     mCpUHVrI_3uwQIx0NKwQEu_3PLU.cer (raw, json)
Hash identifier:          bvMblsFr539/U+gry+Vs58OfoJd1yLjb8n1ESpYyf5o=
Subject key identifier:   98:2A:54:1D:5A:C8:FF:7B:B0:40:8C:74:34:AC:10:12:EF:F7:3C:B5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019427B604316EBC3B888F9EB259A8218094
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/08/b9cf3b-9572-4992-b247-01208d86ddcc/1/mCpUHVrI_3uwQIx0NKwQEu_3PLU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/08/b9cf3b-9572-4992-b247-01208d86ddcc/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 15:50:27 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 134.28.0.0/16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 14:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:04:31:6e:bc:3b:88:8f:9e:b2:59:a8:21:80:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 15:50:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=982a541d5ac8ff7bb0408c7434ac1012eff73cb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:71:a5:80:64:5f:e1:60:ea:47:38:f9:72:fa:
                    48:52:44:c7:82:74:aa:08:4c:b6:c0:12:7e:61:b7:
                    c0:95:39:e3:0d:0e:7b:29:e2:60:eb:b7:7f:4b:3b:
                    fb:6b:99:9b:96:b6:01:2f:03:8d:c3:cc:96:d3:ae:
                    db:ab:a7:b2:a3:13:78:8e:b4:02:32:80:e2:e1:20:
                    fc:26:75:32:2f:e8:d9:07:ff:79:a9:52:63:4a:3e:
                    5b:35:98:63:29:96:71:7f:f8:f7:61:1b:c7:01:88:
                    42:62:4e:7e:b1:3d:58:36:f2:47:84:8e:35:f0:54:
                    fe:e9:56:3b:bc:fb:1c:df:14:8d:b5:cc:46:1e:b5:
                    d2:9b:96:5d:81:7b:04:69:09:49:10:8b:c9:c4:0e:
                    75:39:2c:6e:78:34:26:75:e0:d7:78:4c:cc:6c:51:
                    a9:a4:04:36:e4:a0:b2:04:a7:dc:9a:9a:01:58:6e:
                    af:6d:10:84:c1:e9:1d:91:fe:43:6b:9d:7c:12:ee:
                    94:2b:e5:75:c0:90:2b:92:b1:d8:a8:cd:de:fa:d2:
                    94:f9:7a:43:dd:10:32:db:9d:09:a5:b8:13:63:39:
                    55:3f:04:c2:6a:71:4e:de:21:1a:15:94:87:61:79:
                    f7:3e:32:03:04:44:a7:e8:b5:35:05:aa:ca:a7:12:
                    da:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:2A:54:1D:5A:C8:FF:7B:B0:40:8C:74:34:AC:10:12:EF:F7:3C:B5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/b9cf3b-9572-4992-b247-01208d86ddcc/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/b9cf3b-9572-4992-b247-01208d86ddcc/1/mCpUHVrI_3uwQIx0NKwQEu_3PLU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.28.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         82:4c:b5:10:f9:7d:b5:d9:1d:e2:c8:d5:09:3a:f5:c4:74:c2:
         68:5a:2c:5a:a4:f5:67:29:1a:5d:ca:86:4b:cc:a9:f3:f8:18:
         a5:6a:d2:49:17:61:a6:ab:5d:45:5f:b9:3c:8c:63:26:66:89:
         7c:2d:80:8b:b1:99:0e:57:e7:d5:f2:6e:6b:2e:a5:34:f8:4a:
         c1:a6:90:73:4f:f5:d6:57:19:a8:79:b6:af:f1:fc:22:40:3e:
         f9:47:6a:c8:e4:e8:3d:b1:57:bc:1e:3c:98:f3:f9:99:62:2f:
         15:07:bf:dc:bf:23:0b:61:b5:9f:37:83:b6:df:f6:ff:a7:df:
         b1:03:33:65:3b:7b:a4:92:d3:05:ed:22:6c:9f:19:2d:35:d3:
         4f:c4:f4:fd:d9:31:1e:7e:bc:79:8d:e4:c3:aa:bc:60:6a:bb:
         44:0e:7d:42:02:a9:8d:c5:db:0d:88:22:21:11:da:c8:ab:5c:
         01:fb:63:c6:34:c0:54:d7:d6:10:a9:79:61:21:8d:86:e8:2b:
         ad:54:95:22:a4:f0:90:6d:a3:73:e3:9d:66:10:0f:e4:95:cd:
         d5:cc:63:ba:8c:aa:e2:fb:0b:70:42:55:c8:42:00:a3:e4:7c:
         c3:d9:31:83:2a:ab:e8:05:17:9a:f1:2b:ac:15:3a:8d:f7:03:
         dc:98:b9:fe
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAZQntgQxbrw7iI+eslmoIYCUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTU1MDI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODJhNTQxZDVhYzhmZjdiYjA0MDhjNzQzNGFjMTAxMmVmZjczY2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHGlgGRf4WDqRzj5cvpIUkTHgnSq
CEy2wBJ+YbfAlTnjDQ57KeJg67d/Szv7a5mblrYBLwONw8yW067bq6eyoxN4jrQC
MoDi4SD8JnUyL+jZB/95qVJjSj5bNZhjKZZxf/j3YRvHAYhCYk5+sT1YNvJHhI41
8FT+6VY7vPsc3xSNtcxGHrXSm5ZdgXsEaQlJEIvJxA51OSxueDQmdeDXeEzMbFGp
pAQ25KCyBKfcmpoBWG6vbRCEwekdkf5Da518Eu6UK+V1wJArkrHYqM3e+tKU+XpD
3RAy250JpbgTYzlVPwTCanFO3iEaFZSHYXn3PjIDBESn6LU1BarKpxLaxwIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFJgqVB1ayP97sECMdDSsEBLv9zy1MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzA4L2I5Y2Yz
Yi05NTcyLTQ5OTItYjI0Ny0wMTIwOGQ4NmRkY2MvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDgvYjljZjNi
LTk1NzItNDk5Mi1iMjQ3LTAxMjA4ZDg2ZGRjYy8xL21DcFVIVnJJXzN1d1FJeDBO
S3dRRXVfM1BMVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUF
BwEHAQH/BA8wDTALBAIAATAFAwMAhhwwDQYJKoZIhvcNAQELBQADggEBAIJMtRD5
fbXZHeLI1Qk69cR0wmhaLFqk9WcpGl3KhkvMqfP4GKVq0kkXYaarXUVfuTyMYyZm
iXwtgIuxmQ5X59XybmsupTT4SsGmkHNP9dZXGah5tq/x/CJAPvlHasjk6D2xV7we
PJjz+ZliLxUHv9y/IwthtZ83g7bf9v+n37EDM2U7e6SS0wXtImyfGS0100/E9P3Z
MR5+vHmN5MOqvGBqu0QOfUICqY3F2w2IIiER2sirXAH7Y8Y0wFTX1hCpeWEhjYbo
K61UlSKk8JBto3PjnWYQD+SVzdXMY7qMquL7C3BCVchCAKPkfMPZMYMqq+gFF5rx
K6wVOo33A9yYuf4=
-----END CERTIFICATE-----