Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/s-r7uHz_75QBhnWfCKeBXxxnpyk.cer
File:                     s-r7uHz_75QBhnWfCKeBXxxnpyk.cer (raw, json)
Hash identifier:          jj1jJ205dV3hODyYJZpxkbilRSTM4jVdmyOR+s2P/2o=
Subject key identifier:   B3:EA:FB:B8:7C:FF:EF:94:01:86:75:9F:08:A7:81:5F:1C:67:A7:29
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941F3F439B3516A46D5AF800CEF859E931
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/c974e2af-eaab-4d78-8d95-283144dda962/0/B3EAFBB87CFFEF940186759F08A7815F1C67A729.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/c974e2af-eaab-4d78-8d95-283144dda962/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 00:23:47 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 215634
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:3f:43:9b:35:16:a4:6d:5a:f8:00:ce:f8:59:e9:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:23:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3eafbb87cffef940186759f08a7815f1c67a729
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:76:3b:6d:ea:cc:e4:54:38:e5:d6:43:25:31:
                    ce:7d:82:9b:38:39:13:1b:4e:13:41:f0:0d:79:99:
                    1a:03:d3:cc:81:a3:09:78:a0:81:c9:35:72:09:ee:
                    bd:f5:03:4c:56:18:de:02:fb:27:a5:3e:a3:db:c1:
                    bd:36:48:02:fb:1f:8c:4e:0a:b3:0e:7b:0d:37:48:
                    86:88:3a:4a:51:8f:44:f8:b1:ba:61:83:91:86:dd:
                    26:d0:7e:08:4b:4b:8c:4a:eb:9a:b5:b2:6c:09:fd:
                    2a:d1:23:95:2d:73:f5:be:c5:07:1d:ab:c5:cf:f5:
                    36:e3:31:91:90:2b:77:0d:55:9c:0c:ee:9a:39:cd:
                    ee:c0:34:20:ec:08:29:37:71:ac:18:48:ac:12:5e:
                    96:6b:6d:11:03:e6:4f:da:6d:cf:18:09:a8:4b:30:
                    80:80:67:2e:8b:3a:10:5b:c1:87:3b:79:f2:1d:cd:
                    f6:6f:85:f4:eb:ba:5b:d6:69:7e:f4:ea:5d:f4:b6:
                    74:37:8c:4f:af:99:99:54:87:8b:04:31:fd:7e:6f:
                    42:5f:d7:b1:03:f9:96:1a:62:7f:2b:22:7c:e0:aa:
                    aa:ab:92:43:6e:e2:27:c5:ea:5b:ae:f7:ff:b1:a4:
                    ee:12:1e:70:b8:ff:3c:41:fd:66:5f:5e:64:e3:62:
                    aa:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:EA:FB:B8:7C:FF:EF:94:01:86:75:9F:08:A7:81:5F:1C:67:A7:29
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/c974e2af-eaab-4d78-8d95-283144dda962/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/c974e2af-eaab-4d78-8d95-283144dda962/0/B3EAFBB87CFFEF940186759F08A7815F1C67A729.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215634

    Signature Algorithm: sha256WithRSAEncryption
         28:7d:4c:3b:e4:dc:43:54:a4:2b:ea:0e:ba:3d:3a:d5:ce:d4:
         90:15:c5:cc:70:1c:f2:ab:3c:44:3f:c9:db:e7:ad:c2:cc:05:
         96:36:07:4d:cf:65:b7:29:66:94:21:9d:3c:67:da:82:7a:93:
         de:20:9e:72:a2:ab:54:52:ec:14:bc:5d:7f:72:c9:5f:ce:c9:
         71:9d:d7:c7:e3:89:de:45:28:90:3a:24:1a:e2:61:ad:63:d5:
         d2:5c:73:ca:f8:27:1c:ce:9d:1c:5c:c1:ce:69:26:af:ba:0f:
         9c:16:bb:41:12:f7:39:1e:b4:b1:cb:84:a1:b1:24:f8:9e:e0:
         69:a3:ed:2a:23:ce:b8:87:ec:f6:3a:f7:ec:fa:f1:f9:f5:a4:
         e4:9d:96:43:6c:87:4f:d2:1d:61:1c:c8:a6:cb:ab:0c:16:3a:
         6e:c4:18:8d:38:76:49:7c:cc:b9:a1:99:d8:16:34:fe:1f:ad:
         bd:83:3f:9e:97:4a:7f:ef:fb:0f:87:78:60:33:ef:fc:30:7c:
         5f:3d:7f:f3:0b:c6:6c:4a:21:94:d1:77:c0:cf:bd:34:bc:da:
         d6:c7:e1:4a:8b:a2:09:ef:4a:9d:e0:72:57:8e:f7:2b:ad:45:
         89:5b:13:24:9d:23:ba:25:c8:70:4d:4b:08:9e:13:83:f2:ed:
         5a:25:d2:6d
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZQfP0ObNRakbVr4AM74WekxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDAyMzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2VhZmJiODdjZmZlZjk0MDE4Njc1OWYwOGE3ODE1ZjFjNjdhNzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzXY7berM5FQ45dZDJTHOfYKbODkT
G04TQfANeZkaA9PMgaMJeKCByTVyCe699QNMVhjeAvsnpT6j28G9NkgC+x+MTgqz
DnsNN0iGiDpKUY9E+LG6YYORht0m0H4IS0uMSuuatbJsCf0q0SOVLXP1vsUHHavF
z/U24zGRkCt3DVWcDO6aOc3uwDQg7AgpN3GsGEisEl6Wa20RA+ZP2m3PGAmoSzCA
gGcuizoQW8GHO3nyHc32b4X067pb1ml+9Opd9LZ0N4xPr5mZVIeLBDH9fm9CX9ex
A/mWGmJ/KyJ84Kqqq5JDbuInxepbrvf/saTuEh5wuP88Qf1mX15k42KqsQIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFLPq+7h8/++UAYZ1nwingV8cZ6cpMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M5NzRl
MmFmLWVhYWItNGQ3OC04ZDk1LTI4MzE0NGRkYTk2Mi8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzk3
NGUyYWYtZWFhYi00ZDc4LThkOTUtMjgzMTQ0ZGRhOTYyLzAvQjNFQUZCQjg3Q0ZG
RUY5NDAxODY3NTlGMDhBNzgxNUYxQzY3QTcyOS5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDSlIw
DQYJKoZIhvcNAQELBQADggEBACh9TDvk3ENUpCvqDro9OtXO1JAVxcxwHPKrPEQ/
ydvnrcLMBZY2B03PZbcpZpQhnTxn2oJ6k94gnnKiq1RS7BS8XX9yyV/OyXGd18fj
id5FKJA6JBriYa1j1dJcc8r4JxzOnRxcwc5pJq+6D5wWu0ES9zketLHLhKGxJPie
4Gmj7SojzriH7PY69+z68fn1pOSdlkNsh0/SHWEcyKbLqwwWOm7EGI04dkl8zLmh
mdgWNP4frb2DP56XSn/v+w+HeGAz7/wwfF89f/MLxmxKIZTRd8DPvTS82tbH4UqL
ognvSp3gcleO9yutRYlbEySdI7olyHBNSwieE4Py7Vol0m0=
-----END CERTIFICATE-----