Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/tgVh3_v94lX-wU1Nnw4T9DdTUuQ.cer
File:                     tgVh3_v94lX-wU1Nnw4T9DdTUuQ.cer (raw, json)
Hash identifier:          mwdyh3FAF5ah06p/zNpsDuTAT4QRnqYgUurLFYFS9Zk=
Subject key identifier:   B6:05:61:DF:FB:FD:E2:55:FE:C1:4D:4D:9F:0E:13:F4:37:53:52:E4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420683AC7720A0A6690A02F5DE5DAB769
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.nellicus.net/repo/nellicus/0/B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.mft
caRepository:             rsync://rpki.nellicus.net/repo/nellicus/0/
Notify URL:               https://rpki.nellicus.net/rrdp/notification.xml
Certificate not before:   Wed 01 Jan 2025 05:48:09 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 204012
                          IP: 2001:67c:d80::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:3a:c7:72:0a:0a:66:90:a0:2f:5d:e5:da:b7:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b60561dffbfde255fec14d4d9f0e13f4375352e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:0f:4a:38:55:7c:8e:33:b3:f4:ad:eb:6e:95:
                    0e:0e:19:8b:90:f7:04:19:e4:c8:a4:a8:9b:ec:eb:
                    ef:8e:e2:cc:bc:fd:64:7c:a8:6c:8e:8b:a9:33:7c:
                    a0:f3:4f:46:b5:7e:63:7b:da:05:d6:4d:ff:b3:f8:
                    81:c9:9b:7a:e5:f2:fa:32:2e:5b:8c:78:46:e5:32:
                    e3:b5:94:1b:94:2b:39:9a:15:84:45:60:81:9e:ad:
                    b9:1a:73:fb:55:78:61:b7:94:e0:14:82:0a:80:b9:
                    0e:72:ed:2d:93:8b:3e:5c:5d:95:fc:34:ac:01:f6:
                    2f:8d:71:3a:0c:74:32:cc:17:01:4f:ef:c0:66:2e:
                    66:fc:3d:de:db:59:e2:88:77:19:90:a0:40:db:b5:
                    c2:a9:34:16:c2:30:ab:6e:8b:d4:49:5a:32:bd:46:
                    f3:13:11:4c:c0:74:ed:23:24:75:8e:ab:f2:0f:06:
                    af:44:cf:8d:65:c8:b6:d2:31:f2:cd:22:1f:9b:40:
                    1a:b8:98:ed:ef:a2:05:74:b0:cd:a4:b3:a9:64:4e:
                    8c:45:fe:64:b9:1c:db:d0:58:3a:02:92:a9:6e:b0:
                    e8:7b:d7:2e:74:3e:f7:c4:07:f5:99:99:eb:6b:d7:
                    86:43:c7:34:6e:e6:b3:04:8c:d8:33:93:2f:2c:fb:
                    e6:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:05:61:DF:FB:FD:E2:55:FE:C1:4D:4D:9F:0E:13:F4:37:53:52:E4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.nellicus.net/repo/nellicus/0/
                RPKI Manifest - URI:rsync://rpki.nellicus.net/repo/nellicus/0/B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.mft
                RPKI Notify - URI:https://rpki.nellicus.net/rrdp/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:d80::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  204012

    Signature Algorithm: sha256WithRSAEncryption
         94:5b:23:10:a1:df:e4:bf:b9:92:34:44:7e:55:52:ba:5f:e0:
         a4:07:0a:34:b5:e7:34:ea:33:e6:ab:d7:58:95:15:fc:fa:72:
         de:a0:3a:65:97:a0:d4:5a:1e:b6:b7:0e:db:ef:9d:bc:fe:b9:
         f2:b5:de:c1:ac:9c:5a:08:77:d2:8e:02:ae:23:b5:69:f6:75:
         81:f0:d1:2d:a0:12:ef:91:33:3e:37:2d:0d:5d:64:e1:cb:d7:
         d9:14:8e:da:a5:2b:5d:b5:1b:dc:95:78:84:f9:7a:85:1b:ee:
         00:56:c8:fc:8d:1d:92:85:57:00:c3:f2:c5:10:b9:cc:34:40:
         1a:34:0e:54:ec:62:2a:17:af:f8:6d:36:ac:28:a4:d7:f8:41:
         b1:db:97:89:0f:a6:bc:7f:cc:da:11:1c:63:a1:cb:74:4c:1c:
         b6:c4:68:60:61:d3:80:69:55:5e:54:32:f8:1e:2e:b9:cc:d0:
         e6:ff:7b:38:36:f2:4e:66:e4:66:11:86:89:43:0c:31:f5:bf:
         52:ce:bc:0d:6b:18:d0:9c:e5:53:97:4e:32:f7:da:24:eb:f4:
         1f:9b:e0:43:bc:bf:7c:70:ef:1e:42:91:c7:fb:f1:7a:e1:c7:
         4a:3f:ab:38:7c:c8:5a:8f:db:cb:b9:18:9c:8f:2f:7f:79:fc:
         d9:05:c9:f2
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgISAZQgaDrHcgoKZpCgL13l2rdpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDU0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjA1NjFkZmZiZmRlMjU1ZmVjMTRkNGQ5ZjBlMTNmNDM3NTM1MmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuA9KOFV8jjOz9K3rbpUODhmLkPcE
GeTIpKib7OvvjuLMvP1kfKhsjoupM3yg809GtX5je9oF1k3/s/iByZt65fL6Mi5b
jHhG5TLjtZQblCs5mhWERWCBnq25GnP7VXhht5TgFIIKgLkOcu0tk4s+XF2V/DSs
AfYvjXE6DHQyzBcBT+/AZi5m/D3e21niiHcZkKBA27XCqTQWwjCrbovUSVoyvUbz
ExFMwHTtIyR1jqvyDwavRM+NZci20jHyzSIfm0AauJjt76IFdLDNpLOpZE6MRf5k
uRzb0Fg6ApKpbrDoe9cudD73xAf1mZnra9eGQ8c0buazBIzYM5MvLPvmCQIDAQAB
o4ICaDCCAmQwHQYDVR0OBBYEFLYFYd/7/eJV/sFNTZ8OE/Q3U1LkMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwgekGCCsGAQUFBwELBIHcMIHZMDYGCCsGAQUFBzAFhipyc3lu
YzovL3Jwa2kubmVsbGljdXMubmV0L3JlcG8vbmVsbGljdXMvMC8wYgYIKwYBBQUH
MAqGVnJzeW5jOi8vcnBraS5uZWxsaWN1cy5uZXQvcmVwby9uZWxsaWN1cy8wL0I2
MDU2MURGRkJGREUyNTVGRUMxNEQ0RDlGMEUxM0Y0Mzc1MzUyRTQubWZ0MDsGCCsG
AQUFBzANhi9odHRwczovL3Jwa2kubmVsbGljdXMubmV0L3JyZHAvbm90aWZpY2F0
aW9uLnhtbDBZBgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5j
cmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEw
DwQCAAIwCQMHACABBnwNgDAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDHOwwDQYJ
KoZIhvcNAQELBQADggEBAJRbIxCh3+S/uZI0RH5VUrpf4KQHCjS15zTqM+ar11iV
Ffz6ct6gOmWXoNRaHra3Dtvvnbz+ufK13sGsnFoId9KOAq4jtWn2dYHw0S2gEu+R
Mz43LQ1dZOHL19kUjtqlK121G9yVeIT5eoUb7gBWyPyNHZKFVwDD8sUQucw0QBo0
DlTsYioXr/htNqwopNf4QbHbl4kPprx/zNoRHGOhy3RMHLbEaGBh04BpVV5UMvge
LrnM0Ob/ezg28k5m5GYRholDDDH1v1LOvA1rGNCc5VOXTjL32iTr9B+b4EO8v3xw
7x5Ckcf78Xrhx0o/qzh8yFqP28u5GJyPL395/NkFyfI=
-----END CERTIFICATE-----