Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/rzRlQ3ZpzlhiYaBmzErR6kZOtmM.cer
File:                     rzRlQ3ZpzlhiYaBmzErR6kZOtmM.cer (raw, json)
Hash identifier:          SR3O+CXpS+pMq7KMc0BUP1Ct/eeD7ARr3X4XP/0IXpc=
Subject key identifier:   AF:34:65:43:76:69:CE:58:62:61:A0:66:CC:4A:D1:EA:46:4E:B6:63
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019424B3C2EDF1882E6D1D15BEEB38713FA4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ce/4861ba-4d1c-493c-a90d-60cf660ad533/1/rzRlQ3ZpzlhiYaBmzErR6kZOtmM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ce/4861ba-4d1c-493c-a90d-60cf660ad533/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 01:49:08 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 199633
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:c2:ed:f1:88:2e:6d:1d:15:be:eb:38:71:3f:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 01:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af3465437669ce586261a066cc4ad1ea464eb663
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:72:a6:0b:5d:73:ca:06:15:73:6a:98:55:33:
                    38:3c:fe:10:b5:b3:ae:cf:10:60:80:1f:15:42:b4:
                    48:e8:8e:5e:16:01:90:47:ed:9f:9d:e1:36:b0:cd:
                    e6:0a:86:4d:71:aa:ff:d8:58:92:06:73:77:d0:e8:
                    37:3e:20:db:48:f1:a4:01:09:56:3b:24:1a:8b:3f:
                    a2:5c:71:dd:7d:07:27:ef:71:95:98:68:ae:39:07:
                    5c:88:0d:10:2a:cf:68:26:77:24:b3:77:16:71:ff:
                    18:ef:40:1b:2f:81:af:49:9d:30:e4:18:84:74:84:
                    50:08:c3:70:ad:3e:0c:2e:1b:23:cc:7b:5a:7a:a8:
                    b9:19:19:3f:45:5b:7f:60:8c:8e:ca:f2:7a:5b:fe:
                    3f:8e:d6:22:97:59:c5:f3:de:25:43:8e:cf:9b:c1:
                    9d:2e:94:72:33:d8:3e:3b:7d:2d:05:6b:e7:6f:6e:
                    f3:19:3a:8f:9b:35:8d:91:62:12:96:b7:a8:3b:68:
                    90:a6:3d:07:d3:c5:62:d0:a3:15:1c:b7:39:a9:81:
                    a5:9a:77:f7:3f:2e:c2:0a:e1:4d:8c:f2:3a:a5:4a:
                    6b:b3:21:fd:ef:fd:03:86:38:29:29:f1:04:b8:9e:
                    ff:49:27:f0:03:57:f7:6d:eb:be:26:ad:a2:94:5b:
                    78:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:34:65:43:76:69:CE:58:62:61:A0:66:CC:4A:D1:EA:46:4E:B6:63
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/4861ba-4d1c-493c-a90d-60cf660ad533/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/4861ba-4d1c-493c-a90d-60cf660ad533/1/rzRlQ3ZpzlhiYaBmzErR6kZOtmM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  199633

    Signature Algorithm: sha256WithRSAEncryption
         aa:77:96:70:f7:6a:28:c2:52:2c:73:d3:65:b8:67:06:6e:cb:
         8c:dc:ec:65:1b:64:48:f9:93:6d:df:bf:b5:2c:78:c1:eb:84:
         a7:2d:a4:1f:2a:ca:55:1a:61:0d:3f:31:2c:3b:d4:b1:8e:ec:
         f2:20:ae:ac:62:f2:04:ce:32:e8:30:1c:3c:27:9e:4c:97:11:
         1a:19:93:23:af:4a:6d:45:f4:1a:42:43:02:37:be:ef:f6:66:
         4f:69:85:d0:37:ad:c5:0b:64:d0:33:73:02:e0:10:c9:62:6a:
         77:db:1f:86:ec:fa:1b:73:ec:d2:5e:3f:b0:bf:98:92:52:ea:
         e3:11:60:cd:99:7b:0b:bd:da:36:2d:f4:43:cf:28:de:48:1d:
         cd:16:59:09:2d:c7:a8:32:66:b3:83:75:cf:20:b0:f7:87:51:
         82:fa:90:b8:07:2d:6a:ba:d4:25:22:83:e4:a0:b0:0b:cb:5a:
         91:9b:86:58:55:01:7f:71:06:5a:93:b9:4a:7a:e2:80:c6:2b:
         ac:88:c8:6a:08:b3:3d:d2:fc:d1:1f:db:37:12:76:77:90:d4:
         f9:72:f1:de:41:1f:40:22:be:73:d8:81:c7:4c:c3:4c:94:10:
         29:f2:a9:81:c3:08:4f:d4:62:ee:1e:cc:db:07:2d:cd:fa:ad:
         fa:a3:7a:02
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQks8Lt8YgubR0Vvus4cT+kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDE0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjM0NjU0Mzc2NjljZTU4NjI2MWEwNjZjYzRhZDFlYTQ2NGViNjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3KmC11zygYVc2qYVTM4PP4QtbOu
zxBggB8VQrRI6I5eFgGQR+2fneE2sM3mCoZNcar/2FiSBnN30Og3PiDbSPGkAQlW
OyQaiz+iXHHdfQcn73GVmGiuOQdciA0QKs9oJncks3cWcf8Y70AbL4GvSZ0w5BiE
dIRQCMNwrT4MLhsjzHtaeqi5GRk/RVt/YIyOyvJ6W/4/jtYil1nF894lQ47Pm8Gd
LpRyM9g+O30tBWvnb27zGTqPmzWNkWISlreoO2iQpj0H08Vi0KMVHLc5qYGlmnf3
Py7CCuFNjPI6pUprsyH97/0DhjgpKfEEuJ7/SSfwA1f3beu+Jq2ilFt4nwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFK80ZUN2ac5YYmGgZsxK0epGTrZjMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NlLzQ4NjFi
YS00ZDFjLTQ5M2MtYTkwZC02MGNmNjYwYWQ1MzMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2UvNDg2MWJh
LTRkMWMtNDkzYy1hOTBkLTYwY2Y2NjBhZDUzMy8xL3J6UmxRM1pwemxoaVlhQm16
RXJSNmtaT3RtTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwML0TANBgkqhkiG9w0BAQsFAAOCAQEAqneWcPdqKMJS
LHPTZbhnBm7LjNzsZRtkSPmTbd+/tSx4weuEpy2kHyrKVRphDT8xLDvUsY7s8iCu
rGLyBM4y6DAcPCeeTJcRGhmTI69KbUX0GkJDAje+7/ZmT2mF0DetxQtk0DNzAuAQ
yWJqd9sfhuz6G3Ps0l4/sL+YklLq4xFgzZl7C73aNi30Q88o3kgdzRZZCS3HqDJm
s4N1zyCw94dRgvqQuActarrUJSKD5KCwC8takZuGWFUBf3EGWpO5SnrigMYrrIjI
agizPdL80R/bNxJ2d5DU+XLx3kEfQCK+c9iBx0zDTJQQKfKpgcMIT9Ri7h7M2wct
zfqt+qN6Ag==
-----END CERTIFICATE-----