Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/uVZnsVy6fKp0FSdIRHOE--A7iTo.cer
File:                     uVZnsVy6fKp0FSdIRHOE--A7iTo.cer (raw, json)
Hash identifier:          yRzS8u/CgBeM0jUGTSG0bOsR1Moiyc1oeulBOhNdt20=
Subject key identifier:   B9:56:67:B1:5C:BA:7C:AA:74:15:27:48:44:73:84:FB:E0:3B:89:3A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942444CFFFC7BED0BCE559EDE527D04CB5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a0/540c03-ba83-4971-8981-744dcd014fa4/1/uVZnsVy6fKp0FSdIRHOE--A7iTo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a0/540c03-ba83-4971-8981-744dcd014fa4/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 23:47:57 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 15914
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:cf:ff:c7:be:d0:bc:e5:59:ed:e5:27:d0:4c:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 23:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b95667b15cba7caa74152748447384fbe03b893a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:01:ce:a7:95:2d:14:c3:01:97:64:5f:3a:79:
                    a5:ca:5f:91:8c:34:4f:1f:e8:e3:4f:9a:ec:a6:5b:
                    95:11:1b:ab:ec:82:43:ff:e2:1d:08:5a:6d:63:6f:
                    20:73:92:a0:db:a2:15:3a:48:46:11:19:9d:6f:c9:
                    3f:d2:a7:ce:8f:56:f6:f3:14:9b:f3:ac:76:c8:0b:
                    90:2c:08:b0:f0:cd:6e:54:76:31:90:ec:39:e3:e6:
                    85:1e:34:fa:a3:af:49:50:33:5b:dc:f7:71:ba:6b:
                    79:9d:8b:66:dd:b4:4f:50:6c:e3:80:58:ad:e9:e8:
                    4a:c7:05:c7:c7:44:92:d6:db:db:78:c4:f6:34:c2:
                    e0:c9:d2:79:98:54:ad:a6:c0:05:a4:f8:58:88:fa:
                    3a:24:c9:b1:5b:dc:93:ef:32:2e:bc:c2:53:c4:df:
                    41:35:b9:2c:f8:4f:c2:5b:b0:21:2c:6f:af:18:d8:
                    10:77:d7:1a:88:53:e2:8a:0b:06:8c:45:80:70:ca:
                    b3:41:81:97:bd:ed:de:68:71:de:59:42:28:fb:b6:
                    b7:94:a7:de:eb:f9:47:fa:dc:b8:ea:50:6b:8d:e3:
                    43:ba:e5:3a:32:ef:5d:68:d9:af:33:d9:93:67:1b:
                    bb:43:4e:a8:95:26:3e:0c:fc:20:5c:ad:cc:23:75:
                    e4:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:56:67:B1:5C:BA:7C:AA:74:15:27:48:44:73:84:FB:E0:3B:89:3A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/540c03-ba83-4971-8981-744dcd014fa4/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/540c03-ba83-4971-8981-744dcd014fa4/1/uVZnsVy6fKp0FSdIRHOE--A7iTo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  15914

    Signature Algorithm: sha256WithRSAEncryption
         60:83:76:fb:f2:d0:c0:18:52:ab:27:81:e8:8d:5c:ad:bf:f2:
         78:bc:8e:45:3c:c7:58:2f:26:6f:2e:18:04:bf:da:f9:02:f9:
         97:3c:66:f5:12:5f:42:c0:0f:8e:e4:eb:23:a3:3f:c0:8f:e4:
         2f:b5:d0:5a:df:41:6d:18:93:d7:37:65:49:c6:37:6c:a8:3a:
         10:9a:81:57:ef:0c:5a:c2:1f:e0:b6:0f:f8:8d:2e:6b:9b:48:
         6c:89:57:3d:4b:97:5c:ee:c7:72:1a:a9:ee:dd:e1:24:af:4b:
         95:eb:46:ee:eb:15:ba:85:3a:39:82:52:8a:46:76:e6:6c:c9:
         9f:7a:62:87:53:4e:f4:f4:18:0e:e6:c7:f6:99:27:9b:cf:49:
         3a:b1:ae:88:6f:ad:83:83:32:8c:94:62:ac:7b:da:56:bf:a3:
         76:a4:65:2d:6e:1b:d7:6a:24:ef:03:86:36:a8:f2:10:99:52:
         5a:2d:ac:3f:65:7f:59:d6:d6:8d:35:36:8f:52:7e:5e:89:7d:
         d3:3f:aa:c0:3f:31:b1:84:3a:0c:14:d2:28:d8:6a:52:60:57:
         61:da:9a:24:87:39:85:d3:d9:b3:6d:20:17:7e:e7:1d:3a:0d:
         be:38:be:a1:b1:73:08:2b:a0:ff:a4:3c:05:88:19:ab:30:3c:
         6b:1f:39:04
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgISAZQkRM//x77QvOVZ7eUn0Ey1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMjM0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTU2NjdiMTVjYmE3Y2FhNzQxNTI3NDg0NDczODRmYmUwM2I4OTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAHOp5UtFMMBl2RfOnmlyl+RjDRP
H+jjT5rspluVERur7IJD/+IdCFptY28gc5Kg26IVOkhGERmdb8k/0qfOj1b28xSb
86x2yAuQLAiw8M1uVHYxkOw54+aFHjT6o69JUDNb3Pdxumt5nYtm3bRPUGzjgFit
6ehKxwXHx0SS1tvbeMT2NMLgydJ5mFStpsAFpPhYiPo6JMmxW9yT7zIuvMJTxN9B
Nbks+E/CW7AhLG+vGNgQd9caiFPiigsGjEWAcMqzQYGXve3eaHHeWUIo+7a3lKfe
6/lH+ty46lBrjeNDuuU6Mu9daNmvM9mTZxu7Q06olSY+DPwgXK3MI3XkjQIDAQAB
o4ICfjCCAnowHQYDVR0OBBYEFLlWZ7FcunyqdBUnSERzhPvgO4k6MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2EwLzU0MGMw
My1iYTgzLTQ5NzEtODk4MS03NDRkY2QwMTRmYTQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTAvNTQwYzAz
LWJhODMtNDk3MS04OTgxLTc0NGRjZDAxNGZhNC8xL3VWWm5zVnk2ZktwMEZTZElS
SE9FLS1BN2lUby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBkGCCsGAQUF
BwEIAQH/BAowCKAGMAQCAj4qMA0GCSqGSIb3DQEBCwUAA4IBAQBgg3b78tDAGFKr
J4HojVytv/J4vI5FPMdYLyZvLhgEv9r5AvmXPGb1El9CwA+O5Osjoz/Aj+QvtdBa
30FtGJPXN2VJxjdsqDoQmoFX7wxawh/gtg/4jS5rm0hsiVc9S5dc7sdyGqnu3eEk
r0uV60bu6xW6hTo5glKKRnbmbMmfemKHU0709BgO5sf2mSebz0k6sa6Ib62DgzKM
lGKse9pWv6N2pGUtbhvXaiTvA4Y2qPIQmVJaLaw/ZX9Z1taNNTaPUn5eiX3TP6rA
PzGxhDoMFNIo2GpSYFdh2pokhzmF09mzbSAXfucdOg2+OL6hsXMIK6D/pDwFiBmr
MDxrHzkE
-----END CERTIFICATE-----