Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/mRXw1qlhquvGsLUInaApObMQpRw.cer
File:                     mRXw1qlhquvGsLUInaApObMQpRw.cer (raw, json)
Hash identifier:          k8/o/TOxNW7LazcBgG4i7Br/v+x0fCa+8Qi9fYS76Qs=
Subject key identifier:   99:15:F0:D6:A9:61:AA:EB:C6:B0:B5:08:9D:A0:29:39:B3:10:A5:1C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941FFA3FEC64AEA59FE84CC12CCD9928B3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8b/fa110d-e6e5-4bf9-84fe-bf26a7faa603/1/mRXw1qlhquvGsLUInaApObMQpRw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8b/fa110d-e6e5-4bf9-84fe-bf26a7faa603/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 03:48:01 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 192.156.213.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:3f:ec:64:ae:a5:9f:e8:4c:c1:2c:cd:99:28:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 03:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9915f0d6a961aaebc6b0b5089da02939b310a51c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:f8:2f:61:7b:f4:b3:3e:7f:fc:c1:a9:0e:86:
                    66:71:5d:1a:ca:61:6b:74:13:33:4a:a9:bd:5f:04:
                    e5:e7:b3:46:25:f0:ca:65:31:d1:4e:3d:36:df:87:
                    80:b3:de:99:2e:22:fb:83:32:f5:69:ca:37:c0:8b:
                    74:37:f6:35:1f:7c:94:89:05:ac:db:98:4b:67:89:
                    80:f3:5d:4b:89:3e:74:3b:ae:97:76:f2:37:0c:b7:
                    91:97:b8:9a:79:5f:fc:f1:89:74:3f:a2:1b:a1:75:
                    1b:f6:07:3e:70:e8:86:0a:e8:5a:12:a9:f8:09:30:
                    44:3b:90:e3:b4:cc:29:eb:e0:2a:26:88:c3:1f:c9:
                    59:c4:dc:65:04:c4:ba:64:f1:ac:45:bb:ae:26:1c:
                    ef:04:0b:3e:57:e9:5a:11:d3:13:3e:ee:db:bf:52:
                    4b:57:96:57:ab:8a:cb:86:f1:dc:60:fe:e6:bc:96:
                    55:ae:dc:2f:be:01:2d:0b:88:40:23:3a:52:49:f9:
                    3d:d1:8a:70:d7:94:b4:cf:b6:0b:04:b0:83:78:2c:
                    fa:bf:af:c3:10:4b:78:31:ed:e9:82:3e:ee:13:dd:
                    72:14:3f:4d:5a:f0:78:5e:3d:0f:b7:96:93:e3:90:
                    53:09:46:ef:36:47:e7:c1:3b:c8:c0:b1:f4:0d:4d:
                    8e:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:15:F0:D6:A9:61:AA:EB:C6:B0:B5:08:9D:A0:29:39:B3:10:A5:1C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/fa110d-e6e5-4bf9-84fe-bf26a7faa603/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/fa110d-e6e5-4bf9-84fe-bf26a7faa603/1/mRXw1qlhquvGsLUInaApObMQpRw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.156.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:83:38:11:db:08:d9:7b:2e:28:ee:2c:8f:6c:ba:fe:0e:05:
         bf:81:be:61:f1:b9:9c:22:52:ab:48:53:1e:59:8a:3a:bf:d0:
         50:0a:74:16:60:a3:b4:5a:04:34:fb:86:df:d5:4f:7e:6c:e0:
         f2:05:bc:d5:40:dd:4d:bc:06:da:09:4e:39:ce:c7:50:0d:bd:
         c0:6e:4d:77:53:4d:ed:05:31:14:f3:d1:94:f1:a8:6d:cc:51:
         fc:03:25:4f:20:41:57:47:fc:15:1f:4c:fe:90:c5:e0:22:12:
         cc:b8:aa:75:a7:58:da:3b:12:c7:a4:b5:98:4d:44:06:08:52:
         77:07:24:e9:16:c3:a1:41:67:d7:d7:71:d7:a3:e2:0f:4f:0e:
         53:7b:26:dd:39:af:c1:09:70:35:91:da:c0:72:5f:53:0e:3e:
         94:ff:f1:b8:54:8c:f4:da:68:fc:d0:5b:f1:fa:d5:74:02:00:
         a4:86:b1:da:5f:10:c7:f8:88:94:c7:89:0e:03:c5:89:a8:c5:
         37:19:53:c7:87:b2:99:ad:0f:f9:7b:d7:3d:ad:73:85:62:29:
         aa:e3:53:7d:51:d0:70:fa:c9:0c:b5:4b:f6:9b:74:04:84:fc:
         43:28:d3:1e:8b:60:aa:a3:fc:6d:72:69:1b:8f:05:b6:51:b3:
         e2:82:4e:34
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQf+j/sZK6ln+hMwSzNmSizMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDM0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTE1ZjBkNmE5NjFhYWViYzZiMGI1MDg5ZGEwMjkzOWIzMTBhNTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2vgvYXv0sz5//MGpDoZmcV0aymFr
dBMzSqm9XwTl57NGJfDKZTHRTj0234eAs96ZLiL7gzL1aco3wIt0N/Y1H3yUiQWs
25hLZ4mA811LiT50O66XdvI3DLeRl7iaeV/88Yl0P6IboXUb9gc+cOiGCuhaEqn4
CTBEO5DjtMwp6+AqJojDH8lZxNxlBMS6ZPGsRbuuJhzvBAs+V+laEdMTPu7bv1JL
V5ZXq4rLhvHcYP7mvJZVrtwvvgEtC4hAIzpSSfk90Ypw15S0z7YLBLCDeCz6v6/D
EEt4Me3pgj7uE91yFD9NWvB4Xj0Pt5aT45BTCUbvNkfnwTvIwLH0DU2OWwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFJkV8NapYarrxrC1CJ2gKTmzEKUcMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhiL2ZhMTEw
ZC1lNmU1LTRiZjktODRmZS1iZjI2YTdmYWE2MDMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGIvZmExMTBk
LWU2ZTUtNGJmOS04NGZlLWJmMjZhN2ZhYTYwMy8xL21SWHcxcWxocXV2R3NMVUlu
YUFwT2JNUXBSdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwJzVMA0GCSqGSIb3DQEBCwUAA4IBAQAIgzgR
2wjZey4o7iyPbLr+DgW/gb5h8bmcIlKrSFMeWYo6v9BQCnQWYKO0WgQ0+4bf1U9+
bODyBbzVQN1NvAbaCU45zsdQDb3Abk13U03tBTEU89GU8ahtzFH8AyVPIEFXR/wV
H0z+kMXgIhLMuKp1p1jaOxLHpLWYTUQGCFJ3ByTpFsOhQWfX13HXo+IPTw5Teybd
Oa/BCXA1kdrAcl9TDj6U//G4VIz02mj80Fvx+tV0AgCkhrHaXxDH+IiUx4kOA8WJ
qMU3GVPHh7KZrQ/5e9c9rXOFYimq41N9UdBw+skMtUv2m3QEhPxDKNMei2Cqo/xt
cmkbjwW2UbPigk40
-----END CERTIFICATE-----