Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/sxxM5mPh7CRedHzYRvGmnduDSzs.cer
File:                     sxxM5mPh7CRedHzYRvGmnduDSzs.cer (raw, json)
Hash identifier:          wkf7UHfu5RDB7Yckdjg8J2uIA1u6T1MxAvese1z1o9g=
Subject key identifier:   B3:1C:4C:E6:63:E1:EC:24:5E:74:7C:D8:46:F1:A6:9D:DB:83:4B:3B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0190BB1CA5316330596A293D5B6EB91690CF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/sxxM5mPh7CRedHzYRvGmnduDSzs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 16 Jul 2024 10:35:35 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 2a14:1cc0::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bb:1c:a5:31:63:30:59:6a:29:3d:5b:6e:b9:16:90:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jul 16 10:35:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b31c4ce663e1ec245e747cd846f1a69ddb834b3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:3f:2e:5d:61:b9:ac:03:71:c6:78:3b:d7:12:
                    20:a6:a0:2f:ed:3b:38:3f:ee:b6:aa:9a:3d:dd:aa:
                    20:dc:c2:56:d2:0b:42:c1:e8:9c:4d:75:e9:04:e8:
                    fc:60:64:7c:49:26:d0:37:41:fd:50:04:61:24:ee:
                    a7:13:9f:bd:be:36:9d:78:36:b5:ad:07:8d:50:03:
                    89:e8:33:4e:ec:14:9f:2c:7e:1a:70:72:18:d0:b6:
                    e4:7e:2f:2a:71:0c:a3:5b:14:97:9e:f7:bb:de:cf:
                    0c:84:6b:53:64:f7:51:c6:80:1d:07:5d:20:8c:f5:
                    76:5b:f1:b8:e7:64:d5:44:9f:df:49:b5:5f:f5:5e:
                    13:f2:dc:8a:c7:3e:22:09:83:d2:38:ed:a8:c6:3e:
                    75:53:ca:d5:22:f0:a9:9f:a1:dd:e9:7b:d6:2a:28:
                    15:37:2c:7d:8c:4a:2c:8a:11:1b:67:9b:28:8f:9a:
                    36:72:2c:42:3a:c1:c3:2d:45:86:02:cd:14:35:1f:
                    93:ce:22:af:ec:bf:72:f7:bb:ba:5b:65:bf:a0:70:
                    47:bd:e0:15:68:fa:f1:48:4a:c6:d4:a2:89:93:d0:
                    51:b3:fb:9e:45:5a:17:fe:f6:e5:e7:95:14:52:12:
                    bf:fb:35:bb:77:14:b0:88:92:23:3f:ac:3f:28:9a:
                    3b:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:1C:4C:E6:63:E1:EC:24:5E:74:7C:D8:46:F1:A6:9D:DB:83:4B:3B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/sxxM5mPh7CRedHzYRvGmnduDSzs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:1cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         94:2a:f3:f8:b7:c7:76:83:92:f0:da:42:b6:1f:47:39:aa:e6:
         7b:0e:f4:57:a8:c0:77:06:2c:4e:3c:25:1b:2a:c9:21:a6:c5:
         77:9d:45:e8:9b:4c:7c:36:0f:c9:c8:a8:bb:a4:6a:76:f4:49:
         fa:86:1c:a6:cb:70:66:2c:68:ff:21:c5:fd:c4:9a:12:b2:64:
         0d:10:f0:4a:70:45:0f:41:62:58:06:20:e3:5c:2f:f6:c4:27:
         e6:b9:2a:9c:58:de:96:b9:02:4c:57:6f:fd:b4:65:cc:f8:e4:
         f8:e0:6e:c6:ef:67:07:84:d5:74:db:17:b5:5a:f8:0d:22:ab:
         3b:d6:7e:37:33:c0:88:8e:82:62:c3:7c:be:5e:c5:6c:f2:17:
         da:98:6a:95:ac:db:18:32:fc:6e:e2:b4:72:5b:bd:17:e2:6f:
         cb:0e:52:65:65:9b:5d:53:8a:d9:2c:49:d4:53:a3:c4:b8:5f:
         fc:0a:91:72:fb:fd:f6:09:a1:74:3b:69:50:fd:9b:de:a4:72:
         c0:84:e1:1b:5e:38:90:01:bf:89:be:ad:5c:b6:92:ea:99:95:
         63:3c:e1:57:32:80:0d:ce:7f:5b:ec:9a:ec:2c:d1:f9:b3:bb:
         ef:e0:af:68:a4:62:c2:4a:cc:14:30:a8:8f:28:32:21:16:ab:
         e0:90:e4:12
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAZC7HKUxYzBZaik9W265FpDPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNzE2MTAzNTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzFjNGNlNjYzZTFlYzI0NWU3NDdjZDg0NmYxYTY5ZGRiODM0YjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmT8uXWG5rANxxng71xIgpqAv7Ts4
P+62qpo93aog3MJW0gtCweicTXXpBOj8YGR8SSbQN0H9UARhJO6nE5+9vjadeDa1
rQeNUAOJ6DNO7BSfLH4acHIY0Lbkfi8qcQyjWxSXnve73s8MhGtTZPdRxoAdB10g
jPV2W/G452TVRJ/fSbVf9V4T8tyKxz4iCYPSOO2oxj51U8rVIvCpn6Hd6XvWKigV
Nyx9jEosihEbZ5soj5o2cixCOsHDLUWGAs0UNR+TziKv7L9y97u6W2W/oHBHveAV
aPrxSErG1KKJk9BRs/ueRVoX/vbl55UUUhK/+zW7dxSwiJIjP6w/KJo7VQIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFLMcTOZj4ewkXnR82Ebxpp3bg0s7MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdjLzg0ZDQ3
Ni0zMjMzLTQxMzEtOGZmYy00NjVhZGMyOTU5ZjIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2MvODRkNDc2
LTMyMzMtNDEzMS04ZmZjLTQ2NWFkYzI5NTlmMi8xL3N4eE01bVBoN0NSZWRIellS
dkdtbmR1RFN6cy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUDKhQcwDANBgkqhkiG9w0BAQsFAAOCAQEAlCrz
+LfHdoOS8NpCth9HOarmew70V6jAdwYsTjwlGyrJIabFd51F6JtMfDYPyciou6Rq
dvRJ+oYcpstwZixo/yHF/cSaErJkDRDwSnBFD0FiWAYg41wv9sQn5rkqnFjelrkC
TFdv/bRlzPjk+OBuxu9nB4TVdNsXtVr4DSKrO9Z+NzPAiI6CYsN8vl7FbPIX2phq
lazbGDL8buK0clu9F+Jvyw5SZWWbXVOK2SxJ1FOjxLhf/AqRcvv99gmhdDtpUP2b
3qRywIThG144kAG/ib6tXLaS6pmVYzzhVzKADc5/W+ya7CzR+bO77+CvaKRiwkrM
FDCojygyIRar4JDkEg==
-----END CERTIFICATE-----