Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/mrM3Q6ZUkGFDOZ-QNwSAFoJjjnw.cer
File:                     mrM3Q6ZUkGFDOZ-QNwSAFoJjjnw.cer (raw, json)
Hash identifier:          Mt9ncUmm8QceULF4zPLvuyRne1xScOV1nlVdAmQcpJ4=
Subject key identifier:   9A:B3:37:43:A6:54:90:61:43:39:9F:90:37:04:80:16:82:63:8E:7C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941FFA475BCDE350B95C2B4C6DAD3F4585
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4b/b67944-6389-4108-8628-d8f93536af63/1/mrM3Q6ZUkGFDOZ-QNwSAFoJjjnw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4b/b67944-6389-4108-8628-d8f93536af63/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 03:48:03 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 94.101.109.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:47:5b:cd:e3:50:b9:5c:2b:4c:6d:ad:3f:45:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 03:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ab33743a654906143399f903704801682638e7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:26:39:f5:6e:e3:ba:89:b1:5a:4f:40:b8:14:
                    46:77:0b:ae:41:d1:27:0d:6b:98:d9:85:0e:3a:7c:
                    17:e6:54:f2:e9:a4:48:c4:17:23:46:72:3a:b8:b7:
                    af:47:71:4c:86:e7:23:99:b2:ab:05:16:da:42:08:
                    fe:79:c7:a1:f0:64:81:70:0f:66:71:3c:ba:fe:e7:
                    51:45:76:88:e0:6c:5a:04:22:a7:df:24:69:21:4e:
                    d2:37:c9:ab:0c:a1:0b:5d:b0:07:20:36:f9:8e:da:
                    6e:2d:22:0f:0d:3a:b5:20:2c:d9:d9:9a:37:f3:89:
                    ed:75:80:29:00:37:d6:f3:8c:f4:37:0e:33:5d:86:
                    9b:7e:1e:7d:ab:ad:f5:12:a3:68:9d:b9:d2:c2:8c:
                    92:2d:17:b9:e3:0d:4e:b1:1d:e5:19:4a:e0:b9:47:
                    f3:16:a1:1a:14:00:02:2b:87:04:1e:73:8e:11:bc:
                    2c:79:b4:e1:6f:2e:44:a2:63:95:5c:a6:4a:12:5d:
                    58:97:c7:3a:2c:03:8b:e7:92:13:d8:13:27:24:8b:
                    fe:b3:85:ec:28:08:9c:cd:d7:01:7a:26:71:ec:20:
                    dc:35:94:9b:9e:0d:13:fc:bc:d2:06:9e:31:e9:23:
                    ed:40:3c:4e:d1:d6:18:5c:80:4a:db:3c:39:fe:f3:
                    db:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:B3:37:43:A6:54:90:61:43:39:9F:90:37:04:80:16:82:63:8E:7C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/b67944-6389-4108-8628-d8f93536af63/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/b67944-6389-4108-8628-d8f93536af63/1/mrM3Q6ZUkGFDOZ-QNwSAFoJjjnw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.101.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:47:9a:3e:0a:e4:96:fa:4a:9c:50:59:cc:2f:d1:66:99:c8:
         1c:1b:59:11:95:da:94:a4:ac:ed:46:00:82:33:43:2c:f2:3f:
         ec:7f:23:c3:70:6b:0c:c5:76:57:b5:2a:32:7f:a9:7c:19:6e:
         cc:64:93:7e:85:9d:87:f2:89:23:ff:ea:1a:c0:4a:86:e9:ef:
         1b:57:c9:cd:b4:0f:57:12:17:fa:81:1f:42:88:c0:9f:56:8b:
         cd:2e:f4:75:ed:36:bf:42:a5:19:c8:d8:b8:08:c6:ee:dd:12:
         d0:de:9f:88:ef:8e:58:04:fd:64:b2:63:35:43:a4:78:f6:ba:
         fa:19:64:e6:99:d6:47:15:30:0f:a1:67:ef:68:36:f3:44:87:
         55:a5:02:52:42:2d:3a:b9:46:19:e6:3c:dd:e8:2e:fd:a8:b9:
         aa:17:0f:7d:e5:ad:29:17:d5:50:4a:a6:cc:55:d0:72:50:09:
         93:87:f7:4a:2d:a9:be:46:87:90:43:4e:e3:2d:fb:3c:16:11:
         f9:64:f9:9e:a3:fa:52:25:47:4c:97:45:64:da:a3:f7:08:f8:
         7c:49:40:9a:03:68:63:d3:97:95:4a:bd:bc:53:d1:60:3b:20:
         15:9a:0a:00:eb:7d:81:7f:1e:4d:7e:3e:a4:45:03:6d:13:80:
         76:e0:48:99
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQf+kdbzeNQuVwrTG2tP0WFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDM0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWIzMzc0M2E2NTQ5MDYxNDMzOTlmOTAzNzA0ODAxNjgyNjM4ZTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCY59W7juomxWk9AuBRGdwuuQdEn
DWuY2YUOOnwX5lTy6aRIxBcjRnI6uLevR3FMhucjmbKrBRbaQgj+eceh8GSBcA9m
cTy6/udRRXaI4GxaBCKn3yRpIU7SN8mrDKELXbAHIDb5jtpuLSIPDTq1ICzZ2Zo3
84ntdYApADfW84z0Nw4zXYabfh59q631EqNonbnSwoySLRe54w1OsR3lGUrguUfz
FqEaFAACK4cEHnOOEbwsebThby5EomOVXKZKEl1Yl8c6LAOL55IT2BMnJIv+s4Xs
KAiczdcBeiZx7CDcNZSbng0T/LzSBp4x6SPtQDxO0dYYXIBK2zw5/vPbawIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFJqzN0OmVJBhQzmfkDcEgBaCY458MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRiL2I2Nzk0
NC02Mzg5LTQxMDgtODYyOC1kOGY5MzUzNmFmNjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGIvYjY3OTQ0
LTYzODktNDEwOC04NjI4LWQ4ZjkzNTM2YWY2My8xL21yTTNRNlpVa0dGRE9aLVFO
d1NBRm9Kampudy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAXmVtMA0GCSqGSIb3DQEBCwUAA4IBAQAWR5o+
CuSW+kqcUFnML9FmmcgcG1kRldqUpKztRgCCM0Ms8j/sfyPDcGsMxXZXtSoyf6l8
GW7MZJN+hZ2H8okj/+oawEqG6e8bV8nNtA9XEhf6gR9CiMCfVovNLvR17Ta/QqUZ
yNi4CMbu3RLQ3p+I745YBP1ksmM1Q6R49rr6GWTmmdZHFTAPoWfvaDbzRIdVpQJS
Qi06uUYZ5jzd6C79qLmqFw995a0pF9VQSqbMVdByUAmTh/dKLam+RoeQQ07jLfs8
FhH5ZPmeo/pSJUdMl0Vk2qP3CPh8SUCaA2hj05eVSr28U9FgOyAVmgoA632Bfx5N
fj6kRQNtE4B24EiZ
-----END CERTIFICATE-----