Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
File:                     tV4uctf_3mvOtzzibxhcZ4ojiS0.cer (raw, json)
Hash identifier:          n3z7iISVa3NyBXKRROTQjXKAP3JiPOx8BMDHfheew8c=
Subject key identifier:   B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941FFA8C9DF7DA16DDD5DFF4A363901FB3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
caRepository:             rsync://rpki.owl.net/rrdp/owl/1/
Notify URL:               https://rpki.owl.net/rrdp/notification.xml
Certificate not before:   Wed 01 Jan 2025 03:48:21 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 43357
                          IP: 194.127.164.0/22
                          IP: 2a07:d880::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:8c:9d:f7:da:16:dd:d5:df:f4:a3:63:90:1f:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 03:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:64:4d:16:fb:84:28:c0:91:fb:12:82:38:39:
                    62:39:63:ea:21:10:bf:8b:e1:c6:f0:d5:c5:47:45:
                    c0:e5:46:39:57:09:5f:db:59:be:43:d2:fb:0b:eb:
                    4b:62:0f:67:1b:6a:d7:d8:38:af:05:3e:4c:bf:bb:
                    c7:d2:de:1f:2a:3f:68:6a:da:25:cc:e9:8d:63:71:
                    25:17:92:e4:ba:80:37:3b:88:dd:bd:f5:d8:ae:e7:
                    0d:99:d8:f1:20:1c:6a:7a:33:97:d0:1b:4b:60:72:
                    c9:42:7d:eb:c8:7b:a3:94:d8:f5:70:21:0a:3d:47:
                    f7:77:95:bb:bd:8e:ed:2e:d1:53:9a:22:5d:2c:83:
                    20:af:2f:c4:63:da:f7:79:52:b5:a0:cf:85:ab:a8:
                    79:fb:55:73:a6:6a:b3:53:1e:d5:54:0f:53:6e:30:
                    7c:83:a0:71:1a:73:6c:53:80:c4:31:da:6f:99:64:
                    5f:9a:49:16:9e:fa:f7:c3:3c:25:ab:75:e0:00:0e:
                    2f:e4:b2:0d:7a:e7:29:b0:2b:fe:ff:8e:59:42:c3:
                    70:bd:09:7b:40:03:41:4d:d6:36:a2:3e:41:7e:e3:
                    24:91:9e:07:63:aa:d7:66:c0:38:e5:65:5d:2e:73:
                    1e:d7:19:9d:f4:fb:bc:7b:bd:ce:d1:a3:a9:b8:90:
                    b0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.owl.net/rrdp/owl/1/
                RPKI Manifest - URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                RPKI Notify - URI:https://rpki.owl.net/rrdp/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.164.0/22
                IPv6:
                  2a07:d880::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  43357

    Signature Algorithm: sha256WithRSAEncryption
         6d:e6:e2:ba:21:cd:0d:9c:52:f3:68:76:43:33:ac:22:78:2d:
         87:1a:46:b6:98:65:e2:a7:e0:7f:c8:3c:c0:26:2f:be:5a:16:
         0d:17:06:35:3e:19:ed:4e:38:b9:07:2f:67:3b:d8:b7:35:c6:
         30:8e:2c:45:f8:09:d6:7b:c4:1a:f8:4c:13:e7:93:76:89:d7:
         ab:d3:18:93:7e:40:e1:1b:a1:78:50:6f:39:10:a5:f1:6b:e8:
         0c:51:15:30:b1:9b:bc:2d:b5:05:18:ae:e0:21:be:fe:66:17:
         54:38:2b:f7:cd:bc:36:f8:c4:a1:59:35:87:51:7d:e0:0c:53:
         47:75:f4:a4:a8:7b:0a:9f:fd:4c:57:c5:11:4d:29:2d:91:40:
         b2:da:e5:1c:85:5c:b4:27:4d:7c:17:94:f1:86:c8:5f:d1:ae:
         e8:cb:87:09:75:17:96:32:7b:6b:3b:2f:0a:b5:fa:11:48:96:
         d6:48:59:ec:d2:ed:c9:9f:fc:81:08:45:bb:84:d2:66:49:d3:
         ed:9d:e2:97:60:cb:20:37:f4:4e:c8:2b:7b:29:1b:f1:84:63:
         0a:c0:bd:b4:d0:99:f2:3a:48:31:fb:54:db:23:8e:26:03:09:
         aa:1b:5a:30:74:2a:f9:c3:63:52:0f:77:de:ef:8e:80:87:de:
         05:fb:33:18
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAZQf+oyd99oW3dXf9KNjkB+zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDM0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTVlMmU3MmQ3ZmZkZTZiY2ViNzNjZTI2ZjE4NWM2NzhhMjM4OTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+mRNFvuEKMCR+xKCODliOWPqIRC/
i+HG8NXFR0XA5UY5Vwlf21m+Q9L7C+tLYg9nG2rX2DivBT5Mv7vH0t4fKj9oatol
zOmNY3ElF5LkuoA3O4jdvfXYrucNmdjxIBxqejOX0BtLYHLJQn3ryHujlNj1cCEK
PUf3d5W7vY7tLtFTmiJdLIMgry/EY9r3eVK1oM+Fq6h5+1VzpmqzUx7VVA9TbjB8
g6BxGnNsU4DEMdpvmWRfmkkWnvr3wzwlq3XgAA4v5LINeucpsCv+/45ZQsNwvQl7
QANBTdY2oj5BfuMkkZ4HY6rXZsA45WVdLnMe1xmd9Pu8e73O0aOpuJCwzQIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFLVeLnLX/95rzrc84m8YXGeKI4ktMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwgdAGCCsGAQUFBwELBIHDMIHAMCwGCCsGAQUFBzAFhiByc3lu
YzovL3Jwa2kub3dsLm5ldC9ycmRwL293bC8xLzBYBggrBgEFBQcwCoZMcnN5bmM6
Ly9ycGtpLm93bC5uZXQvcnJkcC9vd2wvMS9CNTVFMkU3MkQ3RkZERTZCQ0VCNzND
RTI2RjE4NUM2NzhBMjM4OTJELm1mdDA2BggrBgEFBQcwDYYqaHR0cHM6Ly9ycGtp
Lm93bC5uZXQvcnJkcC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqG
SHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNW
Vks1d0VISUpuSEMyUUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwn+kMA0EAgACMAcDBQMq
B9iAMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwCpXTANBgkqhkiG9w0BAQsFAAOC
AQEAbebiuiHNDZxS82h2QzOsIngthxpGtphl4qfgf8g8wCYvvloWDRcGNT4Z7U44
uQcvZzvYtzXGMI4sRfgJ1nvEGvhME+eTdonXq9MYk35A4RuheFBvORCl8WvoDFEV
MLGbvC21BRiu4CG+/mYXVDgr9828NvjEoVk1h1F94AxTR3X0pKh7Cp/9TFfFEU0p
LZFAstrlHIVctCdNfBeU8YbIX9Gu6MuHCXUXljJ7azsvCrX6EUiW1khZ7NLtyZ/8
gQhFu4TSZknT7Z3il2DLIDf0Tsgreykb8YRjCsC9tNCZ8jpIMftU2yOOJgMJqhta
MHQq+cNjUg933u+OgIfeBfszGA==
-----END CERTIFICATE-----