Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/tHFL_Zgu0pflxz7OdNIi5SdMH7U.cer
File:                     tHFL_Zgu0pflxz7OdNIi5SdMH7U.cer (raw, json)
Hash identifier:          QI0STRNt7XztufK4spuccQdt4x6KbYF/qyYVUyTGaJo=
Subject key identifier:   B4:71:4B:FD:98:2E:D2:97:E5:C7:3E:CE:74:D2:22:E5:27:4C:1F:B5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194258ED0BB1A4D08AE3AC3B1BD9E6B3385
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/01/cf7718-274d-412b-b755-62ea1e7e8fc6/1/tHFL_Zgu0pflxz7OdNIi5SdMH7U.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/01/cf7718-274d-412b-b755-62ea1e7e8fc6/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 05:48:24 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 212430
                          IP: 2001:67c:209c::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:d0:bb:1a:4d:08:ae:3a:c3:b1:bd:9e:6b:33:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 05:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4714bfd982ed297e5c73ece74d222e5274c1fb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:26:5b:92:6e:23:98:89:6d:5d:20:c5:23:a1:
                    10:5f:2f:f9:b0:c1:87:30:70:4e:8d:83:72:1c:ca:
                    e2:c3:bf:c4:64:8f:88:c2:bc:09:a1:08:9d:49:b6:
                    4b:e4:f5:98:e4:d2:ce:d0:d3:68:d3:26:7f:29:d8:
                    a8:6c:10:ad:2a:f1:6f:48:b5:78:4a:2d:d0:8a:e3:
                    92:64:b8:73:0e:e7:ec:7c:5c:3b:84:e9:60:46:a9:
                    9b:ae:45:b1:9e:30:c6:01:0f:42:ba:23:aa:5f:31:
                    f7:30:6c:2d:d5:7f:5f:0d:b3:ee:38:52:83:e4:d7:
                    9b:5c:37:04:d6:7f:c1:c0:2e:be:ab:f8:65:9c:1f:
                    14:63:3d:bd:fe:9d:e6:34:7d:c6:8b:f7:af:75:12:
                    bc:ec:89:df:7e:aa:1c:e7:73:04:80:af:3b:3d:65:
                    67:51:7d:1c:70:ac:f4:84:e4:70:c8:f1:45:9e:12:
                    8d:a6:8e:d4:f0:1d:24:0b:94:5d:05:f1:3c:fe:b3:
                    c3:28:c2:3f:88:bb:87:cb:33:1e:cd:39:ee:05:9d:
                    08:41:69:dd:cf:43:c7:9b:69:85:19:5b:65:62:25:
                    05:cb:4e:b6:8a:46:02:62:85:46:71:72:b4:b6:09:
                    3e:55:31:bb:86:e7:be:df:04:56:46:a2:b9:4d:6d:
                    74:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:71:4B:FD:98:2E:D2:97:E5:C7:3E:CE:74:D2:22:E5:27:4C:1F:B5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/cf7718-274d-412b-b755-62ea1e7e8fc6/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/cf7718-274d-412b-b755-62ea1e7e8fc6/1/tHFL_Zgu0pflxz7OdNIi5SdMH7U.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:209c::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  212430

    Signature Algorithm: sha256WithRSAEncryption
         56:89:a0:db:bf:ae:86:1c:0e:92:53:1b:05:7d:f1:df:e2:10:
         38:86:f0:80:ed:fd:83:a5:2e:e5:ab:00:08:c1:da:26:17:49:
         f3:55:31:cb:37:05:3b:a5:d6:46:a2:e4:a2:85:07:7e:b2:5c:
         eb:ac:0b:ab:a7:ec:2a:df:3f:15:b0:c1:31:1f:35:3f:a6:b0:
         f8:2a:d6:4f:56:29:65:2a:4e:14:41:4b:92:07:57:4c:2e:c0:
         17:be:04:d3:37:09:7a:cd:c8:dd:9b:78:0a:e8:0b:4d:79:6e:
         c5:0d:24:ba:ee:db:94:04:05:a7:57:34:36:1a:a1:ed:63:2c:
         d0:28:5e:68:78:0e:45:e2:db:5f:c2:55:4b:9a:4a:31:b6:29:
         36:cf:9c:c1:26:92:96:92:bf:4a:18:b1:4d:ba:90:03:25:cf:
         a5:28:19:9b:09:73:23:1c:20:6d:e9:b9:24:6c:29:5a:41:56:
         9b:db:c9:b5:8b:24:15:d8:4a:6a:8a:36:ce:f8:bf:7b:99:7c:
         0a:02:e7:01:a7:5c:4e:2a:d1:77:6e:58:77:e1:74:67:d6:04:
         7c:7d:fa:77:0d:48:2c:ec:2e:fe:b0:01:b1:11:08:45:1b:20:
         a5:f0:ff:5a:d3:b8:65:94:83:04:31:fd:9a:28:f9:a4:68:d7:
         44:e1:4a:a7
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZQljtC7Gk0IrjrDsb2eazOFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDU0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDcxNGJmZDk4MmVkMjk3ZTVjNzNlY2U3NGQyMjJlNTI3NGMxZmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryZbkm4jmIltXSDFI6EQXy/5sMGH
MHBOjYNyHMriw7/EZI+IwrwJoQidSbZL5PWY5NLO0NNo0yZ/KdiobBCtKvFvSLV4
Si3QiuOSZLhzDufsfFw7hOlgRqmbrkWxnjDGAQ9CuiOqXzH3MGwt1X9fDbPuOFKD
5NebXDcE1n/BwC6+q/hlnB8UYz29/p3mNH3Gi/evdRK87Inffqoc53MEgK87PWVn
UX0ccKz0hORwyPFFnhKNpo7U8B0kC5RdBfE8/rPDKMI/iLuHyzMezTnuBZ0IQWnd
z0PHm2mFGVtlYiUFy062ikYCYoVGcXK0tgk+VTG7hue+3wRWRqK5TW10QwIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFLRxS/2YLtKX5cc+znTSIuUnTB+1MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzAxL2NmNzcx
OC0yNzRkLTQxMmItYjc1NS02MmVhMWU3ZThmYzYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDEvY2Y3NzE4
LTI3NGQtNDEyYi1iNzU1LTYyZWExZTdlOGZjNi8xL3RIRkxfWmd1MHBmbHh6N09k
TklpNVNkTUg3VS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCCcMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwM9zjANBgkqhkiG9w0BAQsFAAOCAQEAVomg27+uhhwOklMbBX3x3+IQOIbw
gO39g6Uu5asACMHaJhdJ81UxyzcFO6XWRqLkooUHfrJc66wLq6fsKt8/FbDBMR81
P6aw+CrWT1YpZSpOFEFLkgdXTC7AF74E0zcJes3I3Zt4CugLTXluxQ0kuu7blAQF
p1c0Nhqh7WMs0CheaHgOReLbX8JVS5pKMbYpNs+cwSaSlpK/ShixTbqQAyXPpSgZ
mwlzIxwgbem5JGwpWkFWm9vJtYskFdhKaoo2zvi/e5l8CgLnAadcTirRd25Yd+F0
Z9YEfH36dw1ILOwu/rABsREIRRsgpfD/WtO4ZZSDBDH9mij5pGjXROFKpw==
-----END CERTIFICATE-----