Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/vJ9arpo3Z27gp3Ev8xDdCwpvIsY.cer
File:                     vJ9arpo3Z27gp3Ev8xDdCwpvIsY.cer (raw, json)
Hash identifier:          ySd9Z4b3vlDelfIxAYcdmaEGo5rikpJ9NqqpI/Z0Bu4=
Subject key identifier:   BC:9F:5A:AE:9A:37:67:6E:E0:A7:71:2F:F3:10:DD:0B:0A:6F:22:C6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420683D606F8029EEBEE4AA65310C8989
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d1/6cb081-8a7d-4024-ae85-9c4cb3bd925e/1/vJ9arpo3Z27gp3Ev8xDdCwpvIsY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d1/6cb081-8a7d-4024-ae85-9c4cb3bd925e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 05:48:09 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 194.147.70.0/24
                          IP: 2001:678:4c4::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:3d:60:6f:80:29:ee:be:e4:aa:65:31:0c:89:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc9f5aae9a37676ee0a7712ff310dd0b0a6f22c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:24:d5:f7:2f:db:f6:2f:05:f8:c8:1d:b6:5e:
                    cb:c1:7a:25:a4:b5:bd:ba:eb:97:d5:fc:fd:58:20:
                    bc:ba:b3:0e:16:b8:e4:1b:76:16:8e:10:ec:e8:7e:
                    57:1f:c2:00:c5:4f:90:9c:5a:5f:40:e8:61:50:2c:
                    41:b3:d7:4e:02:2c:57:db:b4:da:36:84:7d:87:b3:
                    6e:db:85:ce:9f:14:67:7d:c4:03:b0:17:83:08:40:
                    4b:20:6c:48:5f:51:4e:0d:85:06:fe:ca:e4:25:b4:
                    b3:39:b6:ee:75:26:b7:82:c0:ba:87:6a:22:43:56:
                    15:37:10:ad:77:59:f0:19:46:41:5a:75:39:31:83:
                    ed:67:81:87:90:69:cb:db:1c:3d:7b:07:37:2f:61:
                    cb:1c:d7:a9:a5:0d:b6:a3:4b:77:49:7a:f1:89:7d:
                    39:2b:b2:6e:df:7c:8b:c5:c7:bf:69:36:05:44:b5:
                    58:10:09:86:16:7e:9d:63:5e:1e:37:47:54:74:b3:
                    fa:49:64:ee:38:50:84:6c:d7:22:80:7f:96:c7:cd:
                    a7:b1:4e:dc:66:f2:4c:b1:d9:02:78:0e:95:ea:f5:
                    5b:b2:26:b1:84:98:81:dd:49:3e:23:c5:8a:2b:5a:
                    e4:96:a9:1b:c4:5f:8c:3b:cb:8a:99:fb:63:f1:7d:
                    82:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:9F:5A:AE:9A:37:67:6E:E0:A7:71:2F:F3:10:DD:0B:0A:6F:22:C6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/6cb081-8a7d-4024-ae85-9c4cb3bd925e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/6cb081-8a7d-4024-ae85-9c4cb3bd925e/1/vJ9arpo3Z27gp3Ev8xDdCwpvIsY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.70.0/24
                IPv6:
                  2001:678:4c4::/48

    Signature Algorithm: sha256WithRSAEncryption
         37:84:dd:9f:f3:83:e2:21:18:f8:2f:3d:4a:b1:b3:fe:de:9f:
         85:da:b3:3e:77:d1:5b:93:39:3b:88:51:33:a8:9a:d0:71:39:
         65:18:34:b6:b7:ec:63:f3:b2:10:d6:5f:9f:4a:46:43:85:04:
         c1:fe:0c:71:48:2e:0d:18:14:e5:62:00:5e:f2:f1:39:89:51:
         10:b6:13:d6:15:f4:d2:22:9b:a2:53:60:84:a4:1e:47:b3:6d:
         09:42:7c:01:58:f0:b9:7f:0a:51:5b:d0:62:65:65:92:51:57:
         4e:e2:97:74:63:27:90:f0:12:06:2d:c7:85:ba:77:31:bf:65:
         62:10:4d:2e:0f:00:76:ec:a7:2a:34:6a:6d:c1:da:b1:27:5e:
         94:b5:ca:8b:a7:6b:5f:b1:32:69:c5:9b:d7:31:5a:b3:4d:9d:
         66:4e:b4:a0:48:ac:ee:13:aa:90:45:42:87:a7:14:83:e9:7c:
         68:81:81:e4:4b:68:95:a0:14:a3:49:51:40:0a:c4:5f:e6:4e:
         b7:be:77:55:22:89:fe:b9:02:83:d8:4e:64:29:eb:eb:d4:34:
         22:dd:0c:46:e0:42:dd:8b:37:79:d5:2a:bb:30:b4:b8:85:81:
         7d:48:98:2a:ef:02:dc:74:69:e5:9d:56:db:00:b8:5c:26:d0:
         b2:d5:f4:c3
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgISAZQgaD1gb4Ap7r7kqmUxDImJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDU0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzlmNWFhZTlhMzc2NzZlZTBhNzcxMmZmMzEwZGQwYjBhNmYyMmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1iTV9y/b9i8F+Mgdtl7LwXolpLW9
uuuX1fz9WCC8urMOFrjkG3YWjhDs6H5XH8IAxU+QnFpfQOhhUCxBs9dOAixX27Ta
NoR9h7Nu24XOnxRnfcQDsBeDCEBLIGxIX1FODYUG/srkJbSzObbudSa3gsC6h2oi
Q1YVNxCtd1nwGUZBWnU5MYPtZ4GHkGnL2xw9ewc3L2HLHNeppQ22o0t3SXrxiX05
K7Ju33yLxce/aTYFRLVYEAmGFn6dY14eN0dUdLP6SWTuOFCEbNcigH+Wx82nsU7c
ZvJMsdkCeA6V6vVbsiaxhJiB3Uk+I8WKK1rklqkbxF+MO8uKmftj8X2CQQIDAQAB
o4IClTCCApEwHQYDVR0OBBYEFLyfWq6aN2du4KdxL/MQ3QsKbyLGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2QxLzZjYjA4
MS04YTdkLTQwMjQtYWU4NS05YzRjYjNiZDkyNWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDEvNmNiMDgx
LThhN2QtNDAyNC1hZTg1LTljNGNiM2JkOTI1ZS8xL3ZKOWFycG8zWjI3Z3AzRXY4
eERkQ3dwdklzWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUF
BwEHAQH/BCEwHzAMBAIAATAGAwQAwpNGMA8EAgACMAkDBwAgAQZ4BMQwDQYJKoZI
hvcNAQELBQADggEBADeE3Z/zg+IhGPgvPUqxs/7en4Xasz530VuTOTuIUTOomtBx
OWUYNLa37GPzshDWX59KRkOFBMH+DHFILg0YFOViAF7y8TmJURC2E9YV9NIim6JT
YISkHkezbQlCfAFY8Ll/ClFb0GJlZZJRV07il3RjJ5DwEgYtx4W6dzG/ZWIQTS4P
AHbspyo0am3B2rEnXpS1youna1+xMmnFm9cxWrNNnWZOtKBIrO4TqpBFQoenFIPp
fGiBgeRLaJWgFKNJUUAKxF/mTre+d1Uiif65AoPYTmQp6+vUNCLdDEbgQt2LN3nV
KrswtLiFgX1ImCrvAtx0aeWdVtsAuFwm0LLV9MM=
-----END CERTIFICATE-----