Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/sCBx_ye9CehFJRchNknb9nvK1dE.cer
File:                     sCBx_ye9CehFJRchNknb9nvK1dE.cer (raw, json)
Hash identifier:          b0bC506Od7s9GmizRVT3UEjVAiDDuz7VguK4YR37TmA=
Subject key identifier:   B0:20:71:FF:27:BD:09:E8:45:25:17:21:36:49:DB:F6:7B:CA:D5:D1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019421B1F0BC070F43BDA1B5771EC22AB6C8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c4/566dba-8179-4c13-9d3f-bc895f731695/1/sCBx_ye9CehFJRchNknb9nvK1dE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c4/566dba-8179-4c13-9d3f-bc895f731695/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 11:48:17 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 39815
                          IP: 194.169.191.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:f0:bc:07:0f:43:bd:a1:b5:77:1e:c2:2a:b6:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 11:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b02071ff27bd09e8452517213649dbf67bcad5d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f7:3b:48:c6:97:5b:7f:47:2b:68:c1:5d:7f:
                    9c:23:fb:64:99:ef:d0:e2:88:ca:5d:a2:d9:f6:4e:
                    d6:55:73:7d:e8:65:d6:f6:ec:1d:bf:4f:c7:b6:8a:
                    45:8c:d8:a2:91:2b:c2:ff:26:f9:aa:23:02:75:81:
                    5b:6b:10:36:b3:71:6e:a5:73:a6:ba:ec:bd:81:32:
                    76:d6:3d:dd:90:63:e2:22:bf:c8:a1:33:81:c8:67:
                    d5:71:fc:90:d3:8e:f2:3b:f4:ae:7d:c0:f0:98:da:
                    29:d9:ad:e9:3b:75:35:b7:29:a7:7c:3d:d4:14:c5:
                    31:5b:6d:d0:1c:36:10:db:ea:2c:4d:0d:3d:41:1b:
                    37:e8:26:02:3e:ac:42:cc:82:49:34:77:be:a1:b5:
                    98:c2:13:b8:fc:ae:f1:53:16:2c:55:5b:42:44:63:
                    7e:b8:dd:28:56:6d:d9:aa:7d:93:ce:92:e6:00:c3:
                    1c:45:e6:da:7d:b8:80:61:fe:ef:ba:73:cd:85:fc:
                    bc:df:a7:ee:36:6d:36:18:ef:3b:f3:31:b2:16:cb:
                    7f:62:b3:e2:c5:54:e5:8d:53:0f:f7:5d:8e:67:ff:
                    8e:88:33:10:dc:26:cf:c2:0e:d2:07:e8:dd:44:28:
                    98:a6:ff:ca:99:38:88:ba:07:92:2c:c7:1e:52:f7:
                    f1:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:20:71:FF:27:BD:09:E8:45:25:17:21:36:49:DB:F6:7B:CA:D5:D1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/566dba-8179-4c13-9d3f-bc895f731695/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/566dba-8179-4c13-9d3f-bc895f731695/1/sCBx_ye9CehFJRchNknb9nvK1dE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.169.191.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  39815

    Signature Algorithm: sha256WithRSAEncryption
         a4:24:2b:da:cf:63:fe:2f:6b:6d:67:88:7b:7a:9f:6b:91:6f:
         c5:88:98:c4:fa:7f:e0:1f:3f:12:82:28:1c:bd:66:19:47:f6:
         09:42:19:c4:8a:2e:cd:19:8a:61:5c:1e:4b:c9:6c:32:61:0a:
         cd:f1:e4:69:b8:a1:d2:7f:26:89:e2:d1:0f:0d:02:c6:4b:d3:
         b3:ff:f9:c0:77:a3:17:4b:07:b7:39:76:f6:73:37:c7:c6:90:
         79:3b:32:88:1e:3c:0d:37:12:86:a4:e7:90:e1:2d:d9:76:53:
         cd:d5:69:57:a5:d2:cf:1a:30:97:39:aa:eb:42:9f:e3:e2:c9:
         cd:1b:bd:6b:da:03:68:68:3c:a5:78:7d:58:3a:3e:67:ca:1c:
         3f:1b:b8:76:5d:95:fd:e7:52:1a:4f:bd:66:b7:b3:57:c9:46:
         6c:91:36:14:e0:fc:35:a9:bf:54:2f:25:e3:18:b5:ef:02:76:
         97:20:de:dc:07:8a:4d:4d:08:3c:00:b5:52:f3:6e:b6:e5:34:
         c8:05:a0:2a:dc:93:39:41:67:4c:56:a6:64:ee:0a:32:df:8b:
         00:7e:b0:53:8f:a6:2d:e4:e5:9a:b5:a3:7c:b3:5f:58:83:ce:
         97:19:5d:e7:6a:af:ac:60:d6:8a:db:16:a4:3f:54:5b:d3:fd:
         b6:b6:4a:d7
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQhsfC8Bw9DvaG1dx7CKrbIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTE0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDIwNzFmZjI3YmQwOWU4NDUyNTE3MjEzNjQ5ZGJmNjdiY2FkNWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPc7SMaXW39HK2jBXX+cI/tkme/Q
4ojKXaLZ9k7WVXN96GXW9uwdv0/HtopFjNiikSvC/yb5qiMCdYFbaxA2s3FupXOm
uuy9gTJ21j3dkGPiIr/IoTOByGfVcfyQ047yO/SufcDwmNop2a3pO3U1tymnfD3U
FMUxW23QHDYQ2+osTQ09QRs36CYCPqxCzIJJNHe+obWYwhO4/K7xUxYsVVtCRGN+
uN0oVm3Zqn2TzpLmAMMcRebafbiAYf7vunPNhfy836fuNm02GO878zGyFst/YrPi
xVTljVMP912OZ/+OiDMQ3CbPwg7SB+jdRCiYpv/KmTiIugeSLMceUvfxoQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFLAgcf8nvQnoRSUXITZJ2/Z7ytXRMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M0LzU2NmRi
YS04MTc5LTRjMTMtOWQzZi1iYzg5NWY3MzE2OTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzQvNTY2ZGJh
LTgxNzktNGMxMy05ZDNmLWJjODk1ZjczMTY5NS8xL3NDQnhfeWU5Q2VoRkpSY2hO
a25iOW52SzFkRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwqm/MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCbhzANBgkqhkiG9w0BAQsFAAOCAQEApCQr2s9j/i9rbWeIe3qfa5FvxYiYxPp/
4B8/EoIoHL1mGUf2CUIZxIouzRmKYVweS8lsMmEKzfHkabih0n8mieLRDw0CxkvT
s//5wHejF0sHtzl29nM3x8aQeTsyiB48DTcShqTnkOEt2XZTzdVpV6XSzxowlzmq
60Kf4+LJzRu9a9oDaGg8pXh9WDo+Z8ocPxu4dl2V/edSGk+9ZrezV8lGbJE2FOD8
Nam/VC8l4xi17wJ2lyDe3AeKTU0IPAC1UvNutuU0yAWgKtyTOUFnTFamZO4KMt+L
AH6wU4+mLeTlmrWjfLNfWIPOlxld52qvrGDWitsWpD9UW9P9trZK1w==
-----END CERTIFICATE-----