Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/pmnxwhNwxE39EOKvaIyMTg6hKVU.cer
File:                     pmnxwhNwxE39EOKvaIyMTg6hKVU.cer (raw, json)
Hash identifier:          TnM/pnXmdboB6ycZVRGo59TCovlVX19UINrg8VhOqNs=
Subject key identifier:   A6:69:F1:C2:13:70:C4:4D:FD:10:E2:AF:68:8C:8C:4E:0E:A1:29:55
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019421B196AA282E8775E96B9F7522F8B161
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b9/e7b40c-414b-473a-b8c7-b7b1481625b1/1/pmnxwhNwxE39EOKvaIyMTg6hKVU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b9/e7b40c-414b-473a-b8c7-b7b1481625b1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 11:47:54 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 211723
                          IP: 2001:67c:296c::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Mar 2025 12:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:96:aa:28:2e:87:75:e9:6b:9f:75:22:f8:b1:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 11:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a669f1c21370c44dfd10e2af688c8c4e0ea12955
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d8:a5:be:1f:cf:14:f1:0d:65:d3:e1:4b:4d:
                    36:62:74:58:f8:c4:84:b1:bc:35:6c:4c:79:34:59:
                    f3:14:cd:97:b0:d1:c4:78:3b:9b:af:6a:63:22:a5:
                    74:63:e2:9a:a3:06:61:e4:dc:da:cb:57:9f:9c:5b:
                    c0:72:39:9d:de:3e:e7:c9:d0:27:0c:2c:b0:b4:dc:
                    e3:a9:72:bc:41:83:df:e2:4f:f3:80:20:1b:56:43:
                    18:33:de:30:b3:ba:45:f2:64:5f:f1:29:c3:9b:3c:
                    86:a2:29:f5:f6:97:1f:13:9c:73:b6:b9:d0:57:4e:
                    0c:bb:68:87:6f:74:a5:90:35:16:93:aa:4e:5b:15:
                    de:52:2f:2c:b5:07:7f:81:44:85:a6:8c:20:2c:1c:
                    af:8e:a6:56:af:cb:4b:ac:1b:0b:b0:e7:b6:fd:11:
                    f0:83:76:75:36:00:06:07:c5:8b:4a:23:7b:5c:20:
                    97:b3:cb:74:69:90:c2:c9:de:24:09:30:c6:3f:45:
                    c4:04:05:a2:98:a7:3e:05:e5:fa:f3:7e:b5:7b:24:
                    b1:50:16:52:3f:cb:81:1a:b2:47:33:03:78:a2:a8:
                    c1:2a:10:93:dc:bb:a5:5e:82:c9:84:2b:19:f6:89:
                    8f:2f:e7:73:ba:ad:ca:b3:2b:9c:b2:3d:e9:91:dc:
                    3b:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:69:F1:C2:13:70:C4:4D:FD:10:E2:AF:68:8C:8C:4E:0E:A1:29:55
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e7b40c-414b-473a-b8c7-b7b1481625b1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e7b40c-414b-473a-b8c7-b7b1481625b1/1/pmnxwhNwxE39EOKvaIyMTg6hKVU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:296c::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  211723

    Signature Algorithm: sha256WithRSAEncryption
         96:34:03:45:ee:ef:5c:12:d9:20:28:d1:e9:e4:93:db:10:10:
         dc:fa:61:c0:76:ea:f5:54:22:08:79:30:46:b8:eb:3f:ad:c1:
         67:6c:3b:e5:ce:7a:fb:99:37:3f:fc:da:e0:07:75:fe:4c:05:
         98:09:cc:8f:d1:42:d3:52:e1:d5:bc:06:d3:3a:67:e4:43:af:
         3f:74:57:9b:30:86:20:04:62:e4:ff:10:ee:de:a3:f2:4f:9d:
         28:ce:18:f0:8f:f7:74:b3:91:92:b6:a5:6f:96:af:4d:cb:6b:
         20:02:93:29:6f:e2:12:f4:71:b7:d2:42:36:78:8f:9e:0c:3f:
         6b:20:5c:57:a8:96:e3:9b:d9:18:7f:75:7a:0a:d1:d8:cb:0f:
         e7:dd:3f:a9:04:7e:71:de:0a:be:d7:d1:ce:74:6d:7e:20:82:
         28:a3:47:4f:f1:5f:38:83:af:3f:21:30:2b:78:d0:9a:8e:07:
         25:81:31:60:70:47:89:ca:74:c2:a7:4f:99:25:7f:06:72:3e:
         1a:50:07:16:7d:c1:0c:e3:aa:00:b5:b1:a0:ab:9c:80:97:29:
         7b:87:b3:f2:a0:2c:f4:ec:66:d0:c6:cb:0e:81:96:fe:30:7f:
         d5:29:ab:40:b1:dc:78:ea:b1:56:f6:e7:91:b7:97:fb:60:db:
         ff:f2:cb:38
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZQhsZaqKC6Hdelrn3Ui+LFhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTE0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjY5ZjFjMjEzNzBjNDRkZmQxMGUyYWY2ODhjOGM0ZTBlYTEyOTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9ilvh/PFPENZdPhS002YnRY+MSE
sbw1bEx5NFnzFM2XsNHEeDubr2pjIqV0Y+KaowZh5Nzay1efnFvAcjmd3j7nydAn
DCywtNzjqXK8QYPf4k/zgCAbVkMYM94ws7pF8mRf8SnDmzyGoin19pcfE5xztrnQ
V04Mu2iHb3SlkDUWk6pOWxXeUi8stQd/gUSFpowgLByvjqZWr8tLrBsLsOe2/RHw
g3Z1NgAGB8WLSiN7XCCXs8t0aZDCyd4kCTDGP0XEBAWimKc+BeX68361eySxUBZS
P8uBGrJHMwN4oqjBKhCT3LulXoLJhCsZ9omPL+dzuq3Ksyucsj3pkdw7kQIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFKZp8cITcMRN/RDir2iMjE4OoSlVMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2I5L2U3YjQw
Yy00MTRiLTQ3M2EtYjhjNy1iN2IxNDgxNjI1YjEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjkvZTdiNDBj
LTQxNGItNDczYS1iOGM3LWI3YjE0ODE2MjViMS8xL3Btbnh3aE53eEUzOUVPS3Zh
SXlNVGc2aEtWVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfClsMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwM7CzANBgkqhkiG9w0BAQsFAAOCAQEAljQDRe7vXBLZICjR6eST2xAQ3Pph
wHbq9VQiCHkwRrjrP63BZ2w75c56+5k3P/za4Ad1/kwFmAnMj9FC01Lh1bwG0zpn
5EOvP3RXmzCGIARi5P8Q7t6j8k+dKM4Y8I/3dLORkralb5avTctrIAKTKW/iEvRx
t9JCNniPngw/ayBcV6iW45vZGH91egrR2MsP590/qQR+cd4KvtfRznRtfiCCKKNH
T/FfOIOvPyEwK3jQmo4HJYExYHBHicp0wqdPmSV/BnI+GlAHFn3BDOOqALWxoKuc
gJcpe4ez8qAs9Oxm0MbLDoGW/jB/1SmrQLHceOqxVvbnkbeX+2Db//LLOA==
-----END CERTIFICATE-----