Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/t060sgvFlKwro6pa7zDnTiXhVuE.cer
File:                     t060sgvFlKwro6pa7zDnTiXhVuE.cer (raw, json)
Hash identifier:          D8j1NkZ0B1OiSgpmou7ioyo3pnbfGhVzpB6rXvD8h98=
Subject key identifier:   B7:4E:B4:B2:0B:C5:94:AC:2B:A3:AA:5A:EF:30:E7:4E:25:E1:56:E1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194274885C9E2F8C40BFA91C88D93F10D28
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9c/dcd512-0cb7-49a0-a618-6fbb19483287/1/t060sgvFlKwro6pa7zDnTiXhVuE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9c/dcd512-0cb7-49a0-a618-6fbb19483287/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 13:50:51 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.46.180.0/22
                          IP: 2a04:8140::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:85:c9:e2:f8:c4:0b:fa:91:c8:8d:93:f1:0d:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 13:50:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b74eb4b20bc594ac2ba3aa5aef30e74e25e156e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:3e:08:cd:a7:cc:60:5c:29:79:49:ac:a2:6c:
                    71:73:7d:ee:e5:56:fb:9f:14:4b:d1:12:db:d6:7f:
                    aa:78:a2:a4:e5:38:68:f8:1a:b6:d5:a8:4b:58:0a:
                    c7:3e:87:e6:75:51:77:0f:3f:32:0f:48:a5:02:7a:
                    35:7c:a0:b4:77:0d:0f:38:54:49:d9:00:56:3d:bb:
                    0b:73:1e:65:6e:2a:73:e8:1c:9c:27:58:b7:e3:9a:
                    fc:c1:81:b5:8a:41:d6:9a:14:d5:40:f9:1c:d7:51:
                    57:f9:3c:31:d3:83:38:55:15:04:73:4b:f6:9d:08:
                    6b:1d:7b:2b:b4:79:ec:95:a0:5b:88:a2:20:74:89:
                    72:c7:a7:e8:3a:a3:32:11:47:53:b4:d1:13:8b:50:
                    89:c5:d0:bc:39:59:ef:2b:43:2a:30:cc:a7:d4:9b:
                    43:3e:f8:2e:e4:a5:42:8f:44:72:85:6a:9b:b0:61:
                    86:f7:1e:db:23:b2:9e:6f:58:27:ba:ee:ae:26:62:
                    ff:ad:f5:85:7f:f1:1f:c6:2a:1e:a1:56:97:ff:0a:
                    e8:9a:90:04:bb:c6:8a:b7:4b:19:e1:db:b1:a9:c1:
                    e8:df:5e:b7:9c:1d:c9:76:9a:72:5d:22:aa:53:3a:
                    2b:c3:95:c0:fc:26:3e:6a:9e:83:30:67:46:89:23:
                    7d:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:4E:B4:B2:0B:C5:94:AC:2B:A3:AA:5A:EF:30:E7:4E:25:E1:56:E1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/dcd512-0cb7-49a0-a618-6fbb19483287/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/dcd512-0cb7-49a0-a618-6fbb19483287/1/t060sgvFlKwro6pa7zDnTiXhVuE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.180.0/22
                IPv6:
                  2a04:8140::/29

    Signature Algorithm: sha256WithRSAEncryption
         12:61:db:24:2f:34:41:f5:ed:df:20:25:8d:3c:10:ad:12:10:
         d5:02:27:01:ac:ae:11:5a:b9:a6:48:a2:fd:b9:23:90:9b:60:
         fe:97:a7:77:ed:79:a1:15:52:d0:31:03:71:dd:03:e8:d1:e5:
         3d:a6:7f:fb:4d:6a:c5:37:32:36:20:18:3e:80:c8:b0:3f:c7:
         ef:6a:28:c2:4d:46:5a:8c:b2:79:e4:41:11:b0:14:36:8b:d8:
         ae:90:cc:76:46:00:2a:50:5e:87:eb:d8:0f:c7:23:cb:c2:e5:
         6c:e3:54:73:b6:be:2c:64:8e:cd:29:31:ca:8e:84:10:bf:a5:
         da:57:01:5c:95:e8:cf:51:f8:e7:5f:6a:52:0e:c0:ba:5e:f1:
         86:59:d6:da:95:8f:50:dd:6d:8c:fe:1b:f6:e4:67:12:73:c8:
         d9:32:db:51:09:42:52:dc:0e:44:5a:ec:17:cd:eb:a9:50:34:
         d4:27:da:56:6e:4b:fe:51:ff:3e:81:ed:d3:d8:1c:30:f8:05:
         7d:64:73:29:f1:d9:c2:22:86:91:b8:5e:0c:93:c2:6a:ef:ad:
         58:eb:c3:db:bd:b2:16:21:44:b1:22:95:95:fa:3d:63:f5:3c:
         35:6d:f4:e1:a7:0e:01:fc:af:36:50:6d:52:63:71:3a:3a:bb:
         1e:56:a0:b9
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQnSIXJ4vjEC/qRyI2T8Q0oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTM1MDUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzRlYjRiMjBiYzU5NGFjMmJhM2FhNWFlZjMwZTc0ZTI1ZTE1NmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6T4IzafMYFwpeUmsomxxc33u5Vb7
nxRL0RLb1n+qeKKk5Tho+Bq21ahLWArHPofmdVF3Dz8yD0ilAno1fKC0dw0POFRJ
2QBWPbsLcx5lbipz6BycJ1i345r8wYG1ikHWmhTVQPkc11FX+Twx04M4VRUEc0v2
nQhrHXsrtHnslaBbiKIgdIlyx6foOqMyEUdTtNETi1CJxdC8OVnvK0MqMMyn1JtD
Pvgu5KVCj0RyhWqbsGGG9x7bI7Keb1gnuu6uJmL/rfWFf/EfxioeoVaX/wrompAE
u8aKt0sZ4duxqcHo3163nB3JdppyXSKqUzorw5XA/CY+ap6DMGdGiSN9PQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFLdOtLILxZSsK6OqWu8w504l4VbhMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzljL2RjZDUx
Mi0wY2I3LTQ5YTAtYTYxOC02ZmJiMTk0ODMyODcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWMvZGNkNTEy
LTBjYjctNDlhMC1hNjE4LTZmYmIxOTQ4MzI4Ny8xL3QwNjBzZ3ZGbEt3cm82cGE3
ekRuVGlYaFZ1RS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuS60MA0EAgACMAcDBQMqBIFAMA0GCSqGSIb3
DQEBCwUAA4IBAQASYdskLzRB9e3fICWNPBCtEhDVAicBrK4RWrmmSKL9uSOQm2D+
l6d37XmhFVLQMQNx3QPo0eU9pn/7TWrFNzI2IBg+gMiwP8fvaijCTUZajLJ55EER
sBQ2i9iukMx2RgAqUF6H69gPxyPLwuVs41Rztr4sZI7NKTHKjoQQv6XaVwFclejP
UfjnX2pSDsC6XvGGWdbalY9Q3W2M/hv25GcSc8jZMttRCUJS3A5EWuwXzeupUDTU
J9pWbkv+Uf8+ge3T2Bww+AV9ZHMp8dnCIoaRuF4Mk8Jq761Y68PbvbIWIUSxIpWV
+j1j9Tw1bfThpw4B/K82UG1SY3E6OrseVqC5
-----END CERTIFICATE-----