Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/rnIxk3EEsmkAemyoPH_ZKes59Hc.cer
File:                     rnIxk3EEsmkAemyoPH_ZKes59Hc.cer (raw, json)
Hash identifier:          2z9/KqLA3x3gUDaTJ9EjIccKF/OGRicxUMb5av3aw+Q=
Subject key identifier:   AE:72:31:93:71:04:B2:69:00:7A:6C:A8:3C:7F:D9:29:EB:39:F4:77
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194266A1A5E3E17C5D6C9DB3641BD56C603
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/39/aeb1cc-2c4b-46ed-bc23-f35f0c6c46a9/1/rnIxk3EEsmkAemyoPH_ZKes59Hc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/39/aeb1cc-2c4b-46ed-bc23-f35f0c6c46a9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 09:47:55 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 193.202.19.0/24
                          IP: 2001:67c:1068::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:1a:5e:3e:17:c5:d6:c9:db:36:41:bd:56:c6:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 09:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae7231937104b269007a6ca83c7fd929eb39f477
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:84:2e:42:f1:40:cb:ad:ad:bf:83:86:47:6f:
                    16:29:68:0d:d4:2d:43:a5:29:c9:6e:d3:9d:6e:61:
                    20:47:23:f8:df:65:c6:55:e7:b3:57:8b:db:2f:e6:
                    0e:12:bf:cf:04:46:ff:84:14:25:b5:e0:af:1b:ea:
                    9b:09:d4:1e:fb:95:38:5c:e8:f1:ac:bd:c6:01:71:
                    53:99:1a:d7:e2:b8:16:21:94:60:c1:bf:53:27:70:
                    31:6a:7f:d6:d6:5c:31:52:d8:15:18:f2:a1:4d:78:
                    1c:cd:a3:2e:db:61:4f:73:10:f7:c6:1e:17:e3:bd:
                    6a:7c:40:9d:95:fd:a5:31:5f:6e:fc:1b:19:14:f7:
                    15:70:86:38:12:d7:bd:37:ed:d1:36:55:b7:a3:4f:
                    b4:29:76:9e:0e:62:d5:0e:bb:a4:1c:90:75:7c:ef:
                    5c:fc:51:08:6f:e6:ff:f6:fd:09:73:c3:91:41:20:
                    6e:ea:4b:d8:7c:b3:e8:04:aa:b5:48:52:2a:45:08:
                    11:d0:83:75:09:dc:81:3d:c7:12:e5:5e:8f:d7:25:
                    d4:23:a5:49:47:4b:ec:bc:33:2d:0d:df:20:dc:dd:
                    a1:b5:e9:2f:0f:ed:5b:c8:6b:6a:82:8a:c4:a1:01:
                    80:54:4c:c5:26:bd:31:5b:5b:de:d2:36:99:8a:46:
                    0f:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:72:31:93:71:04:B2:69:00:7A:6C:A8:3C:7F:D9:29:EB:39:F4:77
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/aeb1cc-2c4b-46ed-bc23-f35f0c6c46a9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/aeb1cc-2c4b-46ed-bc23-f35f0c6c46a9/1/rnIxk3EEsmkAemyoPH_ZKes59Hc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.202.19.0/24
                IPv6:
                  2001:67c:1068::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:45:70:fc:c4:e3:8c:eb:8c:42:90:ec:28:55:a4:4a:ef:93:
         09:03:5b:0d:7d:54:8f:82:30:90:d3:a5:13:f1:b9:51:7f:b7:
         66:a0:17:7c:d1:ca:45:3f:10:bf:68:2a:50:25:f7:ca:cc:16:
         68:ea:2e:97:e1:58:b8:c2:48:0e:bd:24:8a:c8:c6:82:99:96:
         47:52:fe:2c:9d:82:fd:b3:ab:85:c2:ed:de:5f:6d:f3:81:fb:
         b7:ce:83:09:53:af:90:4d:f3:b4:5d:3e:8f:32:a5:b3:c9:be:
         87:22:49:53:33:a1:e7:4d:b3:88:5c:1b:3f:78:a6:26:82:e6:
         56:c3:76:4d:4c:98:17:9d:eb:a5:70:2a:d4:4f:9c:4b:fc:50:
         c3:49:59:4c:06:cb:86:80:1f:4a:23:37:57:bc:1a:b7:da:ed:
         eb:ef:42:cf:65:71:39:d6:c4:7c:4e:28:1e:b3:60:78:75:bd:
         8e:1d:d5:84:42:29:85:db:e4:fb:9c:9b:27:cb:2f:0b:d3:cb:
         83:b2:ae:46:6e:1b:71:c2:ac:62:ac:0f:f7:8e:92:30:9c:2c:
         27:b2:61:5e:8a:1f:fc:2a:f9:30:e2:db:6f:62:c7:a3:18:d1:
         3e:11:83:04:bf:eb:b1:d4:42:0f:5d:ee:b7:17:e4:1e:8b:7d:
         8f:02:ae:13
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgISAZQmahpePhfF1snbNkG9VsYDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDk0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTcyMzE5MzcxMDRiMjY5MDA3YTZjYTgzYzdmZDkyOWViMzlmNDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5IQuQvFAy62tv4OGR28WKWgN1C1D
pSnJbtOdbmEgRyP432XGVeezV4vbL+YOEr/PBEb/hBQlteCvG+qbCdQe+5U4XOjx
rL3GAXFTmRrX4rgWIZRgwb9TJ3Axan/W1lwxUtgVGPKhTXgczaMu22FPcxD3xh4X
471qfECdlf2lMV9u/BsZFPcVcIY4Ete9N+3RNlW3o0+0KXaeDmLVDrukHJB1fO9c
/FEIb+b/9v0Jc8ORQSBu6kvYfLPoBKq1SFIqRQgR0IN1CdyBPccS5V6P1yXUI6VJ
R0vsvDMtDd8g3N2htekvD+1byGtqgorEoQGAVEzFJr0xW1ve0jaZikYPDQIDAQAB
o4IClTCCApEwHQYDVR0OBBYEFK5yMZNxBLJpAHpsqDx/2SnrOfR3MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM5L2FlYjFj
Yy0yYzRiLTQ2ZWQtYmMyMy1mMzVmMGM2YzQ2YTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzkvYWViMWNj
LTJjNGItNDZlZC1iYzIzLWYzNWYwYzZjNDZhOS8xL3JuSXhrM0VFc21rQWVteW9Q
SF9aS2VzNTlIYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUF
BwEHAQH/BCEwHzAMBAIAATAGAwQAwcoTMA8EAgACMAkDBwAgAQZ8EGgwDQYJKoZI
hvcNAQELBQADggEBAHhFcPzE44zrjEKQ7ChVpErvkwkDWw19VI+CMJDTpRPxuVF/
t2agF3zRykU/EL9oKlAl98rMFmjqLpfhWLjCSA69JIrIxoKZlkdS/iydgv2zq4XC
7d5fbfOB+7fOgwlTr5BN87RdPo8ypbPJvociSVMzoedNs4hcGz94piaC5lbDdk1M
mBed66VwKtRPnEv8UMNJWUwGy4aAH0ojN1e8Grfa7evvQs9lcTnWxHxOKB6zYHh1
vY4d1YRCKYXb5PucmyfLLwvTy4OyrkZuG3HCrGKsD/eOkjCcLCeyYV6KH/wq+TDi
229ix6MY0T4RgwS/67HUQg9d7rcX5B6LfY8CrhM=
-----END CERTIFICATE-----