Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/sYxKQwCDfE6hetHjghoJrVN2QIc.cer
File:                     sYxKQwCDfE6hetHjghoJrVN2QIc.cer (raw, json)
Hash identifier:          IlVcTLHHz+dLwv5KZcDTvLbZF8L01ij87I5qsFSgB48=
Subject key identifier:   B1:8C:4A:43:00:83:7C:4E:A1:7A:D1:E3:82:1A:09:AD:53:76:40:87
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941F8CA4EB5D27D024E3E0AD94AED5F1EE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/03/af4e4b-2026-4bbb-9628-f08a0ae92b8d/1/sYxKQwCDfE6hetHjghoJrVN2QIc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/03/af4e4b-2026-4bbb-9628-f08a0ae92b8d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 01:48:18 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 213011
                          IP: 91.211.1.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:a4:eb:5d:27:d0:24:e3:e0:ad:94:ae:d5:f1:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b18c4a4300837c4ea17ad1e3821a09ad53764087
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:2c:bb:c4:d2:53:41:5e:36:8b:c1:25:cc:cf:
                    72:fc:d4:88:4f:96:85:51:24:fe:49:ce:ac:cb:e9:
                    94:f0:ee:e2:d0:1f:02:b1:14:d3:a1:a1:f5:d2:3b:
                    ad:66:66:2e:07:7b:fa:37:1e:98:e9:f6:df:d0:2d:
                    37:98:f9:c5:b1:f4:3f:23:4a:7e:fd:b6:bf:eb:0a:
                    74:12:2b:cc:5f:72:e9:4a:7b:67:3a:65:98:0e:51:
                    c2:7b:83:6f:01:1b:d0:7d:6a:fc:d6:ef:0c:c6:b5:
                    f9:81:87:4e:1c:f1:d8:00:90:53:8f:1e:d9:ae:0b:
                    4f:4a:98:7e:a3:9c:4a:49:2e:7e:91:cf:69:33:6b:
                    b8:ce:0b:9e:aa:20:82:df:49:85:21:3e:e6:27:99:
                    82:25:8d:b9:7a:b7:37:ec:b9:4d:06:17:ad:fe:f0:
                    0c:1a:63:b1:26:78:b5:f3:af:cd:6c:f4:dc:54:8a:
                    3b:cc:d7:e9:c4:af:78:6a:a8:08:fa:40:d2:02:e2:
                    68:bc:d3:8a:a6:18:cd:fe:fe:0c:9b:1c:56:b7:4a:
                    fa:f3:70:1a:b0:57:ef:cb:e4:c5:67:49:53:ec:9a:
                    77:52:1e:80:6c:5d:0e:e5:86:3e:e9:87:aa:ea:c3:
                    fd:1d:ba:df:10:12:fb:99:27:b8:3e:a6:1f:9d:6f:
                    26:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:8C:4A:43:00:83:7C:4E:A1:7A:D1:E3:82:1A:09:AD:53:76:40:87
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/af4e4b-2026-4bbb-9628-f08a0ae92b8d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/af4e4b-2026-4bbb-9628-f08a0ae92b8d/1/sYxKQwCDfE6hetHjghoJrVN2QIc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.1.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213011

    Signature Algorithm: sha256WithRSAEncryption
         58:91:a7:6a:3d:36:29:90:33:f9:6f:8e:e1:f9:1a:5b:99:2e:
         c2:86:e7:9d:9a:cb:28:c5:e7:54:17:62:d9:a8:11:c8:f2:0c:
         25:a1:5e:85:51:76:ed:13:58:84:01:20:ad:0f:9f:a1:3b:11:
         81:63:49:cf:d9:e3:06:dd:ba:98:12:b0:40:d1:ee:e7:24:30:
         34:d8:fa:f9:1c:21:ab:1e:a3:41:38:cf:40:f8:25:65:4c:a7:
         7f:c0:b1:09:22:92:65:25:44:7a:3b:e7:b7:cf:a1:d2:45:59:
         28:d2:5d:bc:b6:75:9c:33:54:a0:56:04:9f:e9:ff:d2:ba:80:
         f5:7d:dc:ee:ec:ec:2f:5c:5a:09:79:b7:f7:86:44:fe:e9:94:
         7f:9c:07:ad:a2:2a:11:dc:6c:6e:aa:77:e6:d1:b5:b9:f9:c3:
         ba:7b:46:5b:1f:ae:3a:3c:12:0d:a5:4f:a5:5a:03:a3:64:34:
         b6:5a:63:88:fb:c3:57:84:8d:6b:2a:4d:4e:7d:1c:d7:52:22:
         35:d6:74:e6:37:9a:fb:7e:00:ea:92:f2:3f:31:1a:26:20:68:
         11:d5:ec:15:49:e7:ab:2d:70:83:f6:22:f7:04:61:55:75:ae:
         bb:92:64:38:1e:d2:19:43:dc:d7:74:6a:c6:eb:1d:90:ff:aa:
         c2:08:30:59
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQfjKTrXSfQJOPgrZSu1fHuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDE0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMThjNGE0MzAwODM3YzRlYTE3YWQxZTM4MjFhMDlhZDUzNzY0MDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCy7xNJTQV42i8ElzM9y/NSIT5aF
UST+Sc6sy+mU8O7i0B8CsRTToaH10jutZmYuB3v6Nx6Y6fbf0C03mPnFsfQ/I0p+
/ba/6wp0EivMX3LpSntnOmWYDlHCe4NvARvQfWr81u8MxrX5gYdOHPHYAJBTjx7Z
rgtPSph+o5xKSS5+kc9pM2u4zgueqiCC30mFIT7mJ5mCJY25erc37LlNBhet/vAM
GmOxJni186/NbPTcVIo7zNfpxK94aqgI+kDSAuJovNOKphjN/v4MmxxWt0r683Aa
sFfvy+TFZ0lT7Jp3Uh6AbF0O5YY+6Yeq6sP9HbrfEBL7mSe4PqYfnW8mXQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFLGMSkMAg3xOoXrR44IaCa1TdkCHMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzAzL2FmNGU0
Yi0yMDI2LTRiYmItOTYyOC1mMDhhMGFlOTJiOGQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMvYWY0ZTRi
LTIwMjYtNGJiYi05NjI4LWYwOGEwYWU5MmI4ZC8xL3NZeEtRd0NEZkU2aGV0SGpn
aG9KclZOMlFJYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9MBMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwNAEzANBgkqhkiG9w0BAQsFAAOCAQEAWJGnaj02KZAz+W+O4fkaW5kuwobnnZrL
KMXnVBdi2agRyPIMJaFehVF27RNYhAEgrQ+foTsRgWNJz9njBt26mBKwQNHu5yQw
NNj6+Rwhqx6jQTjPQPglZUynf8CxCSKSZSVEejvnt8+h0kVZKNJdvLZ1nDNUoFYE
n+n/0rqA9X3c7uzsL1xaCXm394ZE/umUf5wHraIqEdxsbqp35tG1ufnDuntGWx+u
OjwSDaVPpVoDo2Q0tlpjiPvDV4SNaypNTn0c11IiNdZ05jea+34A6pLyPzEaJiBo
EdXsFUnnqy1wg/Yi9wRhVXWuu5JkOB7SGUPc13RqxusdkP+qwggwWQ==
-----END CERTIFICATE-----