Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/p9368Tt9vgXaoytYeLi2gCQEWXE.cer
File:                     p9368Tt9vgXaoytYeLi2gCQEWXE.cer (raw, json)
Hash identifier:          wJQEWB5YwG9gHaJbgc8jXFJIXjnATf1bxfvfpw+lVRM=
Subject key identifier:   A7:DD:FA:F1:3B:7D:BE:05:DA:A3:2B:58:78:B8:B6:80:24:04:59:71
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194206874F158FE60BCEC92295EA25F555A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8b/f2b083-b3b9-4aa6-a149-fbb553b84641/1/p9368Tt9vgXaoytYeLi2gCQEWXE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8b/f2b083-b3b9-4aa6-a149-fbb553b84641/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 05:48:24 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 202560
                          IP: 2001:67c:74::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:74:f1:58:fe:60:bc:ec:92:29:5e:a2:5f:55:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a7ddfaf13b7dbe05daa32b5878b8b68024045971
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:29:23:21:78:c6:a0:d7:6c:e6:32:10:7d:d0:
                    40:a6:eb:b2:7d:9a:ce:42:56:fd:04:81:13:61:58:
                    dd:fd:59:d4:f2:22:d1:9a:77:3c:85:6a:07:c9:3b:
                    c0:53:28:bf:93:ea:2d:bb:4f:92:19:11:78:c7:67:
                    18:b2:8e:1f:18:fb:f0:46:6a:ea:23:09:33:9b:3c:
                    6e:1b:1b:91:c7:4a:31:9b:79:f4:c3:9b:7b:30:fc:
                    df:f5:75:5c:3e:27:09:7f:16:fd:2d:ef:1f:ea:c2:
                    b8:7e:ad:f4:40:f5:e4:d9:b9:dd:6c:b0:2b:e1:2e:
                    a0:24:af:fc:d1:39:13:9d:4a:0e:ab:bd:dd:ce:9d:
                    61:fe:75:75:ff:a7:19:7e:a0:8e:1f:5b:6c:1a:33:
                    fe:93:e7:46:05:48:77:9a:54:31:1c:17:63:d4:3e:
                    4e:8b:f2:17:8e:05:f3:08:57:1d:ed:73:3b:b2:c7:
                    54:a7:c0:b2:4b:2c:5d:10:8c:73:e8:2e:13:75:ae:
                    b4:6b:bb:99:8a:b7:b6:51:c0:03:47:bf:ec:9e:50:
                    e2:47:35:68:16:a4:f3:ef:77:c0:cc:ac:ba:86:f2:
                    aa:43:02:c6:55:b1:ce:ac:06:3c:1c:eb:75:d8:73:
                    6e:d4:99:83:e3:ea:af:5c:b7:26:ec:df:ab:8f:62:
                    23:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:DD:FA:F1:3B:7D:BE:05:DA:A3:2B:58:78:B8:B6:80:24:04:59:71
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f2b083-b3b9-4aa6-a149-fbb553b84641/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f2b083-b3b9-4aa6-a149-fbb553b84641/1/p9368Tt9vgXaoytYeLi2gCQEWXE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:74::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  202560

    Signature Algorithm: sha256WithRSAEncryption
         66:0f:fb:3e:89:f7:b7:fd:bf:5d:d0:09:8d:84:ff:1a:c0:7b:
         03:41:0f:38:3e:e3:fa:93:3a:f1:15:50:54:32:c3:4a:ff:c2:
         77:73:dd:db:40:9e:44:58:8a:74:0b:39:8b:65:20:cb:76:a2:
         89:f0:3b:0b:33:70:0c:b2:9a:9b:2e:7e:96:2e:8e:99:ad:33:
         9a:34:af:4a:01:e6:06:0a:08:b8:18:89:63:fe:64:db:aa:fc:
         d0:22:9f:84:39:0c:f5:eb:9f:af:88:c3:28:d7:3c:02:85:1b:
         5b:3d:07:1c:37:42:16:5f:b6:db:fc:8b:a3:2b:91:d9:ae:1e:
         cb:19:73:94:20:d1:31:76:a0:2e:d5:fd:57:42:27:73:ba:69:
         52:52:d7:c6:4d:af:17:aa:8b:fe:a3:a1:c4:5b:2b:67:29:80:
         85:44:29:f9:80:67:2d:63:64:17:d5:e4:38:94:5a:64:bf:a8:
         f5:c0:20:cd:56:17:dd:a1:9a:26:1d:84:0f:11:a0:2e:af:3c:
         49:f1:85:5c:f4:f1:b1:a6:89:30:19:0a:72:dc:fa:e2:1f:f8:
         d1:4b:4c:67:ef:de:f1:0c:d4:d7:cf:24:a1:7b:3b:d5:0a:8b:
         55:30:f5:70:4b:b2:2d:05:00:0a:1b:f1:86:27:d0:17:4c:30:
         1c:b8:f1:2f
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZQgaHTxWP5gvOySKV6iX1VaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDU0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2RkZmFmMTNiN2RiZTA1ZGFhMzJiNTg3OGI4YjY4MDI0MDQ1OTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ikjIXjGoNds5jIQfdBApuuyfZrO
Qlb9BIETYVjd/VnU8iLRmnc8hWoHyTvAUyi/k+otu0+SGRF4x2cYso4fGPvwRmrq
IwkzmzxuGxuRx0oxm3n0w5t7MPzf9XVcPicJfxb9Le8f6sK4fq30QPXk2bndbLAr
4S6gJK/80TkTnUoOq73dzp1h/nV1/6cZfqCOH1tsGjP+k+dGBUh3mlQxHBdj1D5O
i/IXjgXzCFcd7XM7ssdUp8CySyxdEIxz6C4Tda60a7uZire2UcADR7/snlDiRzVo
FqTz73fAzKy6hvKqQwLGVbHOrAY8HOt12HNu1JmD4+qvXLcm7N+rj2IjWQIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFKfd+vE7fb4F2qMrWHi4toAkBFlxMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhiL2YyYjA4
My1iM2I5LTRhYTYtYTE0OS1mYmI1NTNiODQ2NDEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGIvZjJiMDgz
LWIzYjktNGFhNi1hMTQ5LWZiYjU1M2I4NDY0MS8xL3A5MzY4VHQ5dmdYYW95dFll
TGkyZ0NRRVdYRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAB0MBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwMXQDANBgkqhkiG9w0BAQsFAAOCAQEAZg/7Pon3t/2/XdAJjYT/GsB7A0EP
OD7j+pM68RVQVDLDSv/Cd3Pd20CeRFiKdAs5i2Ugy3aiifA7CzNwDLKamy5+li6O
ma0zmjSvSgHmBgoIuBiJY/5k26r80CKfhDkM9eufr4jDKNc8AoUbWz0HHDdCFl+2
2/yLoyuR2a4eyxlzlCDRMXagLtX9V0Inc7ppUlLXxk2vF6qL/qOhxFsrZymAhUQp
+YBnLWNkF9XkOJRaZL+o9cAgzVYX3aGaJh2EDxGgLq88SfGFXPTxsaaJMBkKctz6
4h/40UtMZ+/e8QzU188koXs71QqLVTD1cEuyLQUAChvxhifQF0wwHLjxLw==
-----END CERTIFICATE-----