Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/v40IHJb6fQ_CqdMq7dUMI6YcbxE.cer
File:                     v40IHJb6fQ_CqdMq7dUMI6YcbxE.cer (raw, json)
Hash identifier:          YImca1VCTlExzzYl9g+fNhHjGWh8LxkCyxT4J8mN5kY=
Subject key identifier:   BF:8D:08:1C:96:FA:7D:0F:C2:A9:D3:2A:ED:D5:0C:23:A6:1C:6F:11
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194252189A999CE88063C4DEC183B22F64B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/76/7f6f96-664c-4c61-bd25-0974f09879a9/1/v40IHJb6fQ_CqdMq7dUMI6YcbxE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/76/7f6f96-664c-4c61-bd25-0974f09879a9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 03:49:02 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 2a01:ff00::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:89:a9:99:ce:88:06:3c:4d:ec:18:3b:22:f6:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 03:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf8d081c96fa7d0fc2a9d32aedd50c23a61c6f11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:67:0f:c1:2b:e8:b1:5f:99:f0:ef:c9:21:47:
                    78:9a:de:22:13:80:b4:9a:13:3d:67:89:52:51:44:
                    41:85:8f:61:c1:5e:0d:60:fb:ff:cd:f9:bf:51:17:
                    af:18:6b:41:fc:d8:6d:54:7b:8c:16:31:29:cb:42:
                    20:bb:86:19:60:57:30:a4:60:c7:82:aa:b3:dd:38:
                    71:ec:09:91:38:d3:58:22:e3:44:8e:d6:3e:ef:a6:
                    cf:d7:5d:60:d2:1f:92:43:47:ff:35:72:d9:45:fe:
                    69:25:c0:be:e3:e0:b6:d7:da:91:79:44:28:94:62:
                    07:00:cb:32:ec:d9:11:ad:e5:4c:21:c6:5c:f5:2e:
                    94:e3:c3:77:ad:d1:69:06:e8:3d:6a:f6:88:81:57:
                    6c:39:88:e8:81:6a:a1:bb:d3:37:9c:98:d6:65:cd:
                    f9:b3:7b:23:4a:c1:6e:38:88:6d:cb:c0:14:31:b7:
                    31:0a:9c:d4:92:5c:9a:00:52:40:78:c5:d5:a2:4b:
                    6c:6b:06:17:34:67:02:28:fa:2f:2d:e2:3c:93:3a:
                    1b:63:99:29:dc:d4:a6:7a:bd:da:a0:8d:8a:3f:64:
                    44:a5:7c:3e:65:6e:97:7d:60:ad:6d:ff:39:2b:20:
                    2b:2e:f8:cf:a3:c4:ce:44:76:2c:ea:91:12:52:2c:
                    b9:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:8D:08:1C:96:FA:7D:0F:C2:A9:D3:2A:ED:D5:0C:23:A6:1C:6F:11
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/7f6f96-664c-4c61-bd25-0974f09879a9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/7f6f96-664c-4c61-bd25-0974f09879a9/1/v40IHJb6fQ_CqdMq7dUMI6YcbxE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ff00::/29

    Signature Algorithm: sha256WithRSAEncryption
         94:30:4a:a7:fc:cf:ca:2b:68:0a:eb:f0:78:0f:6e:5d:34:e3:
         1e:63:47:a1:64:70:95:9a:9a:50:8c:8c:f2:6d:90:22:19:ed:
         a4:34:f7:4f:5c:b0:0d:ef:2f:8e:9a:fc:e0:b7:7a:8b:4c:68:
         99:c0:70:3f:cb:16:4e:f5:d2:f8:7a:89:4f:c0:4b:70:ac:67:
         a0:a4:e6:e1:12:37:d4:93:c9:3f:34:a8:31:e9:44:a0:14:73:
         10:6b:03:9a:83:e6:84:88:d6:b3:ce:23:b9:9b:39:3d:7b:0e:
         3f:80:cc:3b:75:22:6e:7c:de:31:38:f1:f2:89:c0:bc:72:74:
         f6:a5:b9:4f:55:ea:20:cf:2e:57:99:c4:a8:89:c2:64:65:1f:
         d6:29:4f:2e:6c:49:b8:38:c5:af:4c:38:16:e9:68:53:0b:96:
         7b:ec:74:3f:a6:77:92:20:21:2f:01:ce:b5:6d:3f:0d:9c:c2:
         71:6c:e5:ce:be:4b:0e:42:d3:45:6b:6a:cd:14:39:53:34:12:
         f3:74:4b:62:cc:fc:da:fb:f7:30:a7:f9:98:52:23:67:d2:9c:
         76:de:5d:ba:2b:22:37:0e:10:73:c2:56:fe:3e:26:7b:91:31:
         8c:e5:b0:d0:ac:19:19:00:85:07:e7:75:f1:fe:e4:09:0e:c9:
         d3:46:73:48
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAZQlIYmpmc6IBjxN7Bg7IvZLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDM0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjhkMDgxYzk2ZmE3ZDBmYzJhOWQzMmFlZGQ1MGMyM2E2MWM2ZjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzGcPwSvosV+Z8O/JIUd4mt4iE4C0
mhM9Z4lSUURBhY9hwV4NYPv/zfm/URevGGtB/NhtVHuMFjEpy0Igu4YZYFcwpGDH
gqqz3Thx7AmRONNYIuNEjtY+76bP111g0h+SQ0f/NXLZRf5pJcC+4+C219qReUQo
lGIHAMsy7NkRreVMIcZc9S6U48N3rdFpBug9avaIgVdsOYjogWqhu9M3nJjWZc35
s3sjSsFuOIhty8AUMbcxCpzUklyaAFJAeMXVoktsawYXNGcCKPovLeI8kzobY5kp
3NSmer3aoI2KP2REpXw+ZW6XfWCtbf85KyArLvjPo8TORHYs6pESUiy5gwIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFL+NCByW+n0PwqnTKu3VDCOmHG8RMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc2LzdmNmY5
Ni02NjRjLTRjNjEtYmQyNS0wOTc0ZjA5ODc5YTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzYvN2Y2Zjk2
LTY2NGMtNGM2MS1iZDI1LTA5NzRmMDk4NzlhOS8xL3Y0MElISmI2ZlFfQ3FkTXE3
ZFVNSTZZY2J4RS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUDKgH/ADANBgkqhkiG9w0BAQsFAAOCAQEAlDBK
p/zPyitoCuvweA9uXTTjHmNHoWRwlZqaUIyM8m2QIhntpDT3T1ywDe8vjpr84Ld6
i0xomcBwP8sWTvXS+HqJT8BLcKxnoKTm4RI31JPJPzSoMelEoBRzEGsDmoPmhIjW
s84juZs5PXsOP4DMO3UibnzeMTjx8onAvHJ09qW5T1XqIM8uV5nEqInCZGUf1ilP
LmxJuDjFr0w4FuloUwuWe+x0P6Z3kiAhLwHOtW0/DZzCcWzlzr5LDkLTRWtqzRQ5
UzQS83RLYsz82vv3MKf5mFIjZ9Kcdt5duisiNw4Qc8JW/j4me5ExjOWw0KwZGQCF
B+d18f7kCQ7J00ZzSA==
-----END CERTIFICATE-----