Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ndVRnFTz4jtOEhKogIM58pXaSzQ.cer
File:                     ndVRnFTz4jtOEhKogIM58pXaSzQ.cer (raw, json)
Hash identifier:          Hlx5Afwqgdf00m2SYFxwigmAcr4MH6VZJEugrb5YGyY=
Subject key identifier:   9D:D5:51:9C:54:F3:E2:3B:4E:12:12:A8:80:83:39:F2:95:DA:4B:34
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019422FB6C69CA1FC22CB60FE25A25BE693D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/79/1509a1-944f-488d-914f-8f8a7711717f/1/ndVRnFTz4jtOEhKogIM58pXaSzQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/79/1509a1-944f-488d-914f-8f8a7711717f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 17:48:10 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 89.107.24.0/22
                          IP: 2a06:2440::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:6c:69:ca:1f:c2:2c:b6:0f:e2:5a:25:be:69:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 17:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9dd5519c54f3e23b4e1212a8808339f295da4b34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:5a:4f:1a:05:6a:05:4c:4f:b7:3f:73:c0:91:
                    6a:74:77:42:fc:12:11:1d:fd:aa:8e:73:f5:89:2d:
                    24:c0:93:9c:48:ad:c5:ff:0a:f3:75:f0:6a:fd:77:
                    c4:2b:de:a2:8d:78:e4:9c:f5:8d:69:2f:14:8f:29:
                    bf:07:96:64:bf:2b:49:86:0d:14:76:24:bc:8d:d7:
                    b7:4c:84:15:2f:f9:95:c7:67:86:51:f4:19:ab:5c:
                    d0:8e:6c:2f:ff:78:19:ce:86:f1:05:f3:6d:11:31:
                    48:45:73:05:04:2f:35:e9:ce:ba:ca:06:ec:4f:d4:
                    23:f7:65:2e:7b:b3:88:67:6e:f2:f4:b6:f5:cc:11:
                    f1:e0:89:1e:86:77:13:70:cd:ca:d4:ba:c0:1d:ee:
                    db:25:75:57:09:fc:01:99:23:fa:64:c2:b5:dc:be:
                    a7:c4:6b:98:13:40:2a:79:b1:25:eb:9d:db:07:47:
                    60:93:73:d0:09:3c:f9:ff:c4:26:db:64:fa:6c:06:
                    f9:58:83:71:90:29:23:57:1d:f7:70:22:2e:15:b6:
                    4f:8b:ba:e0:6f:31:43:f5:ea:3c:84:a5:82:b3:03:
                    80:66:f3:66:06:13:22:e3:c3:7f:ab:21:30:37:45:
                    83:fd:dd:46:58:28:e7:3c:0c:33:86:46:c0:c9:30:
                    46:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:D5:51:9C:54:F3:E2:3B:4E:12:12:A8:80:83:39:F2:95:DA:4B:34
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/1509a1-944f-488d-914f-8f8a7711717f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/1509a1-944f-488d-914f-8f8a7711717f/1/ndVRnFTz4jtOEhKogIM58pXaSzQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.107.24.0/22
                IPv6:
                  2a06:2440::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:c7:ff:9d:4e:60:87:52:15:07:36:c6:b8:6f:7d:00:39:6a:
         53:92:77:d4:3c:a8:dc:4f:d2:69:81:f3:bf:1e:64:de:34:c8:
         8d:d6:55:04:fc:10:03:dd:ee:56:04:f6:21:13:d8:3d:69:ae:
         28:78:b6:55:1b:4a:b1:51:28:cf:fa:ef:0d:74:1f:50:44:9a:
         e7:95:5b:b6:2c:eb:1b:b4:39:a2:50:0f:08:46:2b:9d:73:27:
         64:20:f4:1c:54:62:1b:e4:1a:47:a8:09:e4:5b:97:da:7e:c1:
         94:91:85:4c:1d:4d:b4:0e:31:40:e5:b5:16:87:c1:de:62:9c:
         5c:af:c1:22:13:b8:1f:30:5b:2b:6f:4f:47:6d:6e:6f:d3:ad:
         ab:54:20:32:3b:06:e4:21:ab:17:86:62:7b:c9:7e:55:02:53:
         08:b1:24:01:0e:d1:b2:b3:5b:9d:a1:5c:fe:89:79:15:47:85:
         1e:58:d9:bc:3c:fe:72:63:f1:1a:7c:bd:62:70:4a:7b:fb:c0:
         1c:88:8f:bc:d7:cf:bc:d0:50:0b:7d:ef:4b:b7:a0:5d:a1:3f:
         7f:21:56:fb:14:20:4b:0d:48:d3:8c:0d:95:d4:16:a4:ea:97:
         c6:b2:84:a6:76:af:0f:ce:56:21:ff:90:e1:e3:60:e5:e2:64:
         0a:c6:3b:73
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQi+2xpyh/CLLYP4lolvmk9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTc0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGQ1NTE5YzU0ZjNlMjNiNGUxMjEyYTg4MDgzMzlmMjk1ZGE0YjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1pPGgVqBUxPtz9zwJFqdHdC/BIR
Hf2qjnP1iS0kwJOcSK3F/wrzdfBq/XfEK96ijXjknPWNaS8Ujym/B5ZkvytJhg0U
diS8jde3TIQVL/mVx2eGUfQZq1zQjmwv/3gZzobxBfNtETFIRXMFBC816c66ygbs
T9Qj92Uue7OIZ27y9Lb1zBHx4IkehncTcM3K1LrAHe7bJXVXCfwBmSP6ZMK13L6n
xGuYE0AqebEl653bB0dgk3PQCTz5/8Qm22T6bAb5WINxkCkjVx33cCIuFbZPi7rg
bzFD9eo8hKWCswOAZvNmBhMi48N/qyEwN0WD/d1GWCjnPAwzhkbAyTBGvQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFJ3VUZxU8+I7ThISqICDOfKV2ks0MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc5LzE1MDlh
MS05NDRmLTQ4OGQtOTE0Zi04ZjhhNzcxMTcxN2YvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzkvMTUwOWEx
LTk0NGYtNDg4ZC05MTRmLThmOGE3NzExNzE3Zi8xL25kVlJuRlR6NGp0T0VoS29n
SU01OHBYYVN6US5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCWWsYMA0EAgACMAcDBQMqBiRAMA0GCSqGSIb3
DQEBCwUAA4IBAQB7x/+dTmCHUhUHNsa4b30AOWpTknfUPKjcT9JpgfO/HmTeNMiN
1lUE/BAD3e5WBPYhE9g9aa4oeLZVG0qxUSjP+u8NdB9QRJrnlVu2LOsbtDmiUA8I
RiudcydkIPQcVGIb5BpHqAnkW5fafsGUkYVMHU20DjFA5bUWh8HeYpxcr8EiE7gf
MFsrb09HbW5v062rVCAyOwbkIasXhmJ7yX5VAlMIsSQBDtGys1udoVz+iXkVR4Ue
WNm8PP5yY/EafL1icEp7+8AciI+818+80FALfe9Lt6BdoT9/IVb7FCBLDUjTjA2V
1Bak6pfGsoSmdq8PzlYh/5Dh42Dl4mQKxjtz
-----END CERTIFICATE-----