Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/tq8SwVTAKQhVvZFCm31JPICI29s.cer
File:                     tq8SwVTAKQhVvZFCm31JPICI29s.cer (raw, json)
Hash identifier:          kfWIUkjscjT2Gofekw5w6/CWkIuyyATtqEgzuzKfhuk=
Subject key identifier:   B6:AF:12:C1:54:C0:29:08:55:BD:91:42:9B:7D:49:3C:80:88:DB:DB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194258FBCCEBD53534BB69F52DCD32ED131
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f2/5169fb-a596-4833-9bb4-289d60d42c23/1/tq8SwVTAKQhVvZFCm31JPICI29s.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f2/5169fb-a596-4833-9bb4-289d60d42c23/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 05:49:24 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 197719
                          IP: 195.128.132.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:bc:ce:bd:53:53:4b:b6:9f:52:dc:d3:2e:d1:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 05:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6af12c154c0290855bd91429b7d493c8088dbdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:74:22:b9:93:97:f2:78:ff:b0:0d:67:b6:28:
                    c4:2f:f9:70:e6:06:51:21:29:4e:45:98:87:3a:ec:
                    66:a7:13:e9:c1:75:1a:22:0c:c6:65:2b:02:8a:6c:
                    82:ec:20:ba:93:8b:9e:45:2b:24:1b:98:19:c8:2e:
                    46:c0:ac:b6:a9:33:ed:50:e7:74:15:60:68:8b:87:
                    86:7f:63:a5:a2:cd:f7:8f:cf:99:11:f6:2c:44:bb:
                    b5:da:6a:ff:35:3e:93:cd:80:47:3f:c9:e3:b7:90:
                    54:d9:a7:9f:77:cc:28:e9:3e:fa:78:fc:1a:ea:43:
                    9a:ef:71:82:b2:70:bf:f9:81:0b:f8:e8:e8:d3:65:
                    7c:4d:a1:31:ef:95:8f:49:f3:58:cb:bf:0e:bc:0b:
                    13:91:97:fe:10:60:77:5a:0a:de:fa:80:f3:eb:2c:
                    8c:ef:cd:45:40:cb:33:3d:6c:42:59:24:77:b5:9f:
                    e7:22:f2:fb:ec:e2:88:ce:6a:8c:53:6d:02:31:14:
                    80:b5:15:0d:d1:32:8a:3c:60:cf:82:1c:9e:bf:53:
                    3b:aa:77:23:ce:ed:d3:9f:c5:fa:3b:21:8e:e2:29:
                    da:d2:5d:8a:0d:cb:9c:46:cd:29:c3:05:d0:7f:bc:
                    3d:1a:7d:95:d4:80:d5:d7:63:be:61:02:e9:73:7f:
                    0f:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:AF:12:C1:54:C0:29:08:55:BD:91:42:9B:7D:49:3C:80:88:DB:DB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/5169fb-a596-4833-9bb4-289d60d42c23/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/5169fb-a596-4833-9bb4-289d60d42c23/1/tq8SwVTAKQhVvZFCm31JPICI29s.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.128.132.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  197719

    Signature Algorithm: sha256WithRSAEncryption
         31:89:c1:58:58:ee:ae:57:59:06:3b:7e:a4:c6:7c:39:41:f1:
         bf:6c:6a:2a:97:9d:cc:b6:e0:44:31:02:00:9a:22:f5:d0:34:
         9d:e7:c8:22:35:bd:fa:9e:3b:92:04:67:fb:fe:bd:d7:6b:51:
         c4:ff:1a:81:8a:58:20:66:c0:87:6f:a3:00:cc:fa:6d:4d:8b:
         ff:2d:99:a1:b9:51:4f:bb:cc:63:d0:6d:ec:d9:32:01:7f:9d:
         87:9d:07:56:a7:7d:c6:8d:a2:dd:ef:8f:7a:93:d5:5c:ff:39:
         b8:81:14:3b:cc:57:25:34:7c:a3:81:ed:c7:67:67:f9:95:de:
         cd:e9:79:09:07:15:f2:90:38:96:a4:45:66:8a:14:ea:c5:57:
         25:ff:1e:a6:6c:5d:9d:12:fc:ad:f4:e7:7b:a9:d4:4e:66:b4:
         7a:0e:73:44:97:b6:3e:67:a8:3b:1c:93:48:9b:7f:aa:00:11:
         42:64:fc:c4:c9:9b:1c:29:d1:8b:01:a7:6e:bf:fe:d1:a1:e5:
         f2:86:cf:10:8a:b1:d6:fb:94:1c:ba:72:07:0d:d1:a5:7c:b9:
         3d:dc:50:a3:f3:1e:5b:7e:3d:92:aa:4a:f2:53:7c:9e:f5:bd:
         8f:45:2e:4c:8b:2a:30:1b:b6:e2:f2:c9:ef:6f:08:c5:79:6e:
         b3:09:cc:77
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQlj7zOvVNTS7afUtzTLtExMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDU0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmFmMTJjMTU0YzAyOTA4NTViZDkxNDI5YjdkNDkzYzgwODhkYmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHQiuZOX8nj/sA1ntijEL/lw5gZR
ISlORZiHOuxmpxPpwXUaIgzGZSsCimyC7CC6k4ueRSskG5gZyC5GwKy2qTPtUOd0
FWBoi4eGf2Olos33j8+ZEfYsRLu12mr/NT6TzYBHP8njt5BU2aefd8wo6T76ePwa
6kOa73GCsnC/+YEL+Ojo02V8TaEx75WPSfNYy78OvAsTkZf+EGB3Wgre+oDz6yyM
781FQMszPWxCWSR3tZ/nIvL77OKIzmqMU20CMRSAtRUN0TKKPGDPghyev1M7qncj
zu3Tn8X6OyGO4ina0l2KDcucRs0pwwXQf7w9Gn2V1IDV12O+YQLpc38PRQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFLavEsFUwCkIVb2RQpt9STyAiNvbMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YyLzUxNjlm
Yi1hNTk2LTQ4MzMtOWJiNC0yODlkNjBkNDJjMjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjIvNTE2OWZi
LWE1OTYtNDgzMy05YmI0LTI4OWQ2MGQ0MmMyMy8xL3RxOFN3VlRBS1FoVnZaRkNt
MzFKUElDSTI5cy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAw4CEMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMEVzANBgkqhkiG9w0BAQsFAAOCAQEAMYnBWFjurldZBjt+pMZ8OUHxv2xqKped
zLbgRDECAJoi9dA0nefIIjW9+p47kgRn+/6912tRxP8agYpYIGbAh2+jAMz6bU2L
/y2ZoblRT7vMY9Bt7NkyAX+dh50HVqd9xo2i3e+PepPVXP85uIEUO8xXJTR8o4Ht
x2dn+ZXezel5CQcV8pA4lqRFZooU6sVXJf8epmxdnRL8rfTne6nUTma0eg5zRJe2
PmeoOxyTSJt/qgARQmT8xMmbHCnRiwGnbr/+0aHl8obPEIqx1vuUHLpyBw3RpXy5
PdxQo/MeW349kqpK8lN8nvW9j0UuTIsqMBu24vLJ728IxXluswnMdw==
-----END CERTIFICATE-----