Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/tNkMTfZ2phH1alrtWAmwV-msV5E.cer
File:                     tNkMTfZ2phH1alrtWAmwV-msV5E.cer (raw, json)
Hash identifier:          kGKNpUtdd5nW+uRUr1dazQmD1XmLGf0xDXqHoFKKDi4=
Subject key identifier:   B4:D9:0C:4D:F6:76:A6:11:F5:6A:5A:ED:58:09:B0:57:E9:AC:57:91
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019426D9B02BE29321C507C26FA849401074
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/60/2aaf4a-e03f-4d61-b652-435e57fccdc9/1/tNkMTfZ2phH1alrtWAmwV-msV5E.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/60/2aaf4a-e03f-4d61-b652-435e57fccdc9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 11:49:48 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 199964
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:b0:2b:e2:93:21:c5:07:c2:6f:a8:49:40:10:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 11:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4d90c4df676a611f56a5aed5809b057e9ac5791
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:12:67:e1:b4:ce:ee:cd:23:0f:19:56:a3:2f:
                    95:e2:8f:42:28:9f:b1:fe:4d:79:cd:18:a6:aa:95:
                    33:17:9f:fb:cc:81:7c:4b:a3:da:f4:ea:70:a8:aa:
                    d7:b4:ab:b6:3a:34:3e:1c:f7:d4:fd:b0:48:fa:ee:
                    71:7a:96:44:56:1a:22:c8:4f:0a:78:3a:50:bb:17:
                    2c:52:ff:57:0c:2f:6c:ce:00:62:9e:4c:91:59:c5:
                    60:4c:a8:af:02:e4:3f:5e:06:5c:48:b8:97:ab:dc:
                    70:6e:20:a2:c5:53:4b:bb:25:b6:c3:c3:b2:96:2d:
                    1f:43:1f:39:96:30:cb:60:53:7a:af:0a:10:e5:77:
                    98:54:aa:78:cb:da:31:8a:14:bc:35:b1:cf:e7:2c:
                    b6:7a:37:21:5e:16:d6:f0:6f:18:ba:14:71:8b:1a:
                    b7:48:df:2e:57:b5:a6:c9:b9:00:e4:c0:f0:c5:bd:
                    ac:12:a7:07:41:59:84:c1:a0:a6:b8:68:19:51:49:
                    06:d9:7d:a9:94:86:52:ba:e3:69:5c:5a:ef:a8:68:
                    48:80:b6:56:48:6a:c6:4d:01:20:08:d2:a9:50:23:
                    07:c9:1a:49:72:d2:1a:2c:68:47:bd:58:44:56:be:
                    98:85:d3:2f:ed:cb:7e:7e:f0:56:f5:36:f9:0a:40:
                    ce:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:D9:0C:4D:F6:76:A6:11:F5:6A:5A:ED:58:09:B0:57:E9:AC:57:91
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/2aaf4a-e03f-4d61-b652-435e57fccdc9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/2aaf4a-e03f-4d61-b652-435e57fccdc9/1/tNkMTfZ2phH1alrtWAmwV-msV5E.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  199964

    Signature Algorithm: sha256WithRSAEncryption
         3f:b9:0f:17:b4:8c:d6:91:02:e7:02:b5:44:31:d6:96:73:07:
         76:ef:71:2d:81:af:fe:51:ac:2b:c7:06:5e:33:0d:49:0f:59:
         8a:92:53:98:39:2e:e0:78:9d:92:3b:92:ae:0b:b7:2b:23:fd:
         33:14:4e:e0:f0:43:75:a3:8d:47:76:7d:66:66:8b:e7:4a:4a:
         71:7e:97:af:91:0f:43:e1:32:24:5d:e2:87:03:3a:d1:f8:04:
         2f:23:ef:c6:b8:29:15:56:fa:a1:e4:cf:17:12:1c:04:89:51:
         9f:d2:1d:52:77:9f:27:d4:bd:5b:32:83:e5:e1:63:7d:f2:ec:
         56:88:2e:bf:69:7f:1e:9f:cb:99:91:3d:d1:75:be:d3:84:41:
         ee:6b:e2:9d:83:fe:d0:7c:65:7b:d7:d0:c8:75:2a:14:32:a8:
         be:5f:9c:50:19:4d:9c:18:1b:52:25:6a:46:3f:d9:3e:cc:11:
         8c:76:52:bc:bc:6a:e0:91:c8:5e:b4:5d:4c:fa:c0:6f:e6:a1:
         10:e8:68:ef:f7:f5:bd:c2:42:76:a4:51:db:bb:7f:be:de:e1:
         4c:f7:5f:90:03:99:82:f8:75:94:fe:a2:48:5b:cb:b8:87:9b:
         49:b3:6e:70:dd:3a:a1:4a:3c:db:20:01:4b:42:d4:1f:bf:d0:
         8a:3d:36:9a
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQm2bAr4pMhxQfCb6hJQBB0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTE0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGQ5MGM0ZGY2NzZhNjExZjU2YTVhZWQ1ODA5YjA1N2U5YWM1NzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBJn4bTO7s0jDxlWoy+V4o9CKJ+x
/k15zRimqpUzF5/7zIF8S6Pa9OpwqKrXtKu2OjQ+HPfU/bBI+u5xepZEVhoiyE8K
eDpQuxcsUv9XDC9szgBinkyRWcVgTKivAuQ/XgZcSLiXq9xwbiCixVNLuyW2w8Oy
li0fQx85ljDLYFN6rwoQ5XeYVKp4y9oxihS8NbHP5yy2ejchXhbW8G8YuhRxixq3
SN8uV7WmybkA5MDwxb2sEqcHQVmEwaCmuGgZUUkG2X2plIZSuuNpXFrvqGhIgLZW
SGrGTQEgCNKpUCMHyRpJctIaLGhHvVhEVr6YhdMv7ct+fvBW9Tb5CkDOXwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFLTZDE32dqYR9Wpa7VgJsFfprFeRMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzYwLzJhYWY0
YS1lMDNmLTRkNjEtYjY1Mi00MzVlNTdmY2NkYzkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjAvMmFhZjRh
LWUwM2YtNGQ2MS1iNjUyLTQzNWU1N2ZjY2RjOS8xL3ROa01UZloycGhIMWFscnRX
QW13Vi1tc1Y1RS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMNHDANBgkqhkiG9w0BAQsFAAOCAQEAP7kPF7SM1pEC
5wK1RDHWlnMHdu9xLYGv/lGsK8cGXjMNSQ9ZipJTmDku4HidkjuSrgu3KyP9MxRO
4PBDdaONR3Z9ZmaL50pKcX6Xr5EPQ+EyJF3ihwM60fgELyPvxrgpFVb6oeTPFxIc
BIlRn9IdUnefJ9S9WzKD5eFjffLsVoguv2l/Hp/LmZE90XW+04RB7mvinYP+0Hxl
e9fQyHUqFDKovl+cUBlNnBgbUiVqRj/ZPswRjHZSvLxq4JHIXrRdTPrAb+ahEOho
7/f1vcJCdqRR27t/vt7hTPdfkAOZgvh1lP6iSFvLuIebSbNucN06oUo82yABS0LU
H7/Qij02mg==
-----END CERTIFICATE-----