Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/pXtgj8zzIw5EXJg_nja1DhH3LPI.cer
File:                     pXtgj8zzIw5EXJg_nja1DhH3LPI.cer (raw, json)
Hash identifier:          KjIgsVNP6Fy3FvpWSJco0AnfJpP0SPCKAUAmM3aEvMM=
Subject key identifier:   A5:7B:60:8F:CC:F3:23:0E:44:5C:98:3F:9E:36:B5:0E:11:F7:2C:F2
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194258F532139FFF5C3C23102F6AA3E1073
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/38/621629-ed3d-49af-bf39-85a37cf1b2ea/1/pXtgj8zzIw5EXJg_nja1DhH3LPI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/38/621629-ed3d-49af-bf39-85a37cf1b2ea/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 05:48:57 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.28.172.0/22
                          IP: 2a00:a0a0::/32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:53:21:39:ff:f5:c3:c2:31:02:f6:aa:3e:10:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 05:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a57b608fccf3230e445c983f9e36b50e11f72cf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:e7:40:78:48:ff:f3:44:6e:41:a8:af:22:c0:
                    50:b3:20:13:4d:93:93:83:0a:fd:70:8c:42:c8:de:
                    cc:fe:f9:08:ca:2b:31:11:9f:7e:0b:c1:5d:4e:5c:
                    87:c8:de:46:87:91:f1:e2:94:00:6b:9b:5d:4d:f9:
                    da:51:e5:ee:ad:2b:8f:ab:74:0a:57:d2:6b:7c:4b:
                    a2:ad:8d:e3:d5:ae:94:34:46:50:6e:51:df:64:47:
                    43:4f:b6:53:61:15:2e:86:da:d1:2b:0c:88:64:0b:
                    13:03:97:49:f8:5a:d6:02:ee:6d:ed:2a:39:80:11:
                    d4:97:9d:83:ba:95:38:88:b4:62:ac:c7:59:f6:eb:
                    06:09:5e:69:b8:3c:3b:95:8f:5b:64:82:6b:e1:e9:
                    fc:20:a1:f1:b6:b1:20:c4:9c:19:1e:c3:9f:8b:2b:
                    77:22:c6:17:8b:a5:3c:7e:eb:d6:cb:45:fa:f5:38:
                    3c:57:c6:db:ba:3f:29:8c:e3:fa:bd:89:8f:62:76:
                    3c:cc:57:62:a3:35:08:a3:b3:76:cd:f7:bb:43:f9:
                    5a:df:b8:08:d8:9d:f1:b5:dc:6f:2b:07:fa:0a:ce:
                    60:82:50:1a:2d:88:f0:9e:22:f3:e4:4a:51:5e:12:
                    ed:89:31:a2:0e:9c:b4:df:e8:c4:05:d9:a6:cf:9a:
                    58:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:7B:60:8F:CC:F3:23:0E:44:5C:98:3F:9E:36:B5:0E:11:F7:2C:F2
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/621629-ed3d-49af-bf39-85a37cf1b2ea/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/621629-ed3d-49af-bf39-85a37cf1b2ea/1/pXtgj8zzIw5EXJg_nja1DhH3LPI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.28.172.0/22
                IPv6:
                  2a00:a0a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         34:42:41:61:8d:cb:ae:57:b2:47:2e:9e:66:c9:82:de:5f:36:
         df:f1:49:32:79:7a:b1:ee:b3:da:d1:7e:5c:c1:d8:e7:f1:a2:
         5d:46:50:1e:4f:d9:2b:b3:78:6a:16:06:da:74:90:bc:3c:39:
         5c:bb:eb:0c:c5:09:dd:61:03:a4:2a:0d:a0:5b:09:1b:2c:57:
         a8:34:a7:9b:bf:02:6e:e6:e4:06:90:c6:f0:57:fa:65:14:1a:
         3b:2c:4b:1c:5f:66:f6:7b:6a:50:5d:da:23:b0:b5:51:78:1f:
         d1:b9:86:77:3e:11:bc:24:3b:fa:53:fd:c0:8c:58:d0:50:5c:
         b0:d4:7e:ca:f4:c2:4c:dd:75:82:64:81:6f:9a:5f:a3:ee:25:
         b8:69:80:5a:27:0f:36:9a:ef:01:5d:70:94:b8:fc:94:8e:45:
         48:3a:c0:49:5a:bf:93:d7:a4:4b:34:03:b7:ae:d2:86:3b:12:
         4a:7d:4a:8b:81:87:86:e5:fa:e8:f8:75:55:35:60:ae:1c:88:
         8a:59:95:30:6c:4e:82:b8:cd:86:25:27:5d:92:70:48:69:12:
         95:bc:9f:f6:20:3b:f4:9c:f5:4c:a6:1f:47:48:7a:58:36:32:
         5a:31:68:07:3f:0e:3d:85:ea:25:d3:78:9e:5b:74:f4:dd:07:
         92:57:9d:8a
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQlj1MhOf/1w8IxAvaqPhBzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDU0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTdiNjA4ZmNjZjMyMzBlNDQ1Yzk4M2Y5ZTM2YjUwZTExZjcyY2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5edAeEj/80RuQaivIsBQsyATTZOT
gwr9cIxCyN7M/vkIyisxEZ9+C8FdTlyHyN5Gh5Hx4pQAa5tdTfnaUeXurSuPq3QK
V9JrfEuirY3j1a6UNEZQblHfZEdDT7ZTYRUuhtrRKwyIZAsTA5dJ+FrWAu5t7So5
gBHUl52DupU4iLRirMdZ9usGCV5puDw7lY9bZIJr4en8IKHxtrEgxJwZHsOfiyt3
IsYXi6U8fuvWy0X69Tg8V8bbuj8pjOP6vYmPYnY8zFdiozUIo7N2zfe7Q/la37gI
2J3xtdxvKwf6Cs5gglAaLYjwniLz5EpRXhLtiTGiDpy03+jEBdmmz5pYAwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFKV7YI/M8yMORFyYP542tQ4R9yzyMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM4LzYyMTYy
OS1lZDNkLTQ5YWYtYmYzOS04NWEzN2NmMWIyZWEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzgvNjIxNjI5
LWVkM2QtNDlhZi1iZjM5LTg1YTM3Y2YxYjJlYS8xL3BYdGdqOHp6SXc1RVhKZ19u
amExRGhIM0xQSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuRysMA0EAgACMAcDBQAqAKCgMA0GCSqGSIb3
DQEBCwUAA4IBAQA0QkFhjcuuV7JHLp5myYLeXzbf8UkyeXqx7rPa0X5cwdjn8aJd
RlAeT9krs3hqFgbadJC8PDlcu+sMxQndYQOkKg2gWwkbLFeoNKebvwJu5uQGkMbw
V/plFBo7LEscX2b2e2pQXdojsLVReB/RuYZ3PhG8JDv6U/3AjFjQUFyw1H7K9MJM
3XWCZIFvml+j7iW4aYBaJw82mu8BXXCUuPyUjkVIOsBJWr+T16RLNAO3rtKGOxJK
fUqLgYeG5fro+HVVNWCuHIiKWZUwbE6CuM2GJSddknBIaRKVvJ/2IDv0nPVMph9H
SHpYNjJaMWgHPw49heol03ieW3T03QeSV52K
-----END CERTIFICATE-----