Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/vfSGpExRBdeBNXKUVhzMPROk1nE.cer
File:                     vfSGpExRBdeBNXKUVhzMPROk1nE.cer (raw, json)
Hash identifier:          REcwhbC24yVjCyb+qbvmTi82eVLnBf5n0S6iEM4HGzw=
Subject key identifier:   BD:F4:86:A4:4C:51:05:D7:81:35:72:94:56:1C:CC:3D:13:A4:D6:71
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194236A3275AB5127DE913AA1F77B7CB528
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9b/b8b278-f9bd-40e1-803a-f691f64758ac/1/vfSGpExRBdeBNXKUVhzMPROk1nE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9b/b8b278-f9bd-40e1-803a-f691f64758ac/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 19:49:09 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 198552
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:32:75:ab:51:27:de:91:3a:a1:f7:7b:7c:b5:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 19:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bdf486a44c5105d781357294561ccc3d13a4d671
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:5d:19:36:8f:ac:cf:74:62:7d:88:02:a3:c3:
                    d5:e7:e3:0d:fd:47:e1:7c:76:6c:ec:8b:8b:c6:19:
                    33:88:fc:56:2a:67:b1:b5:59:4a:dc:10:0d:9b:95:
                    ce:a0:e6:dd:00:1e:7b:ab:55:36:f5:31:52:7a:f0:
                    54:fe:6e:b1:63:0f:1b:03:11:ff:18:c5:61:62:27:
                    0c:dc:25:11:f5:c1:f2:cd:0b:14:78:c0:23:de:49:
                    92:3c:0f:50:33:34:40:35:12:fe:92:53:ab:60:c9:
                    90:d8:11:6e:16:38:ef:2c:93:1a:6d:63:07:86:21:
                    20:15:28:77:97:3e:69:5b:24:87:9e:71:f4:87:e8:
                    af:e9:26:31:c2:de:f9:15:b1:ec:8a:cd:8e:6d:47:
                    11:ea:ae:02:24:6b:e0:34:2f:9c:8b:c8:6e:8b:6f:
                    4f:4f:ba:f3:76:d3:76:a3:4c:f9:d6:da:b0:3b:49:
                    ce:e9:31:25:06:77:81:45:9b:29:fc:47:6a:1c:55:
                    73:f3:b4:ee:8a:94:ae:47:8a:2d:73:d7:a2:fe:6b:
                    90:1f:5d:e9:27:59:68:68:eb:6c:b5:2a:78:ce:2e:
                    6f:91:df:7b:a3:85:4a:6b:d0:c0:70:ef:60:e6:ed:
                    20:2a:32:ee:54:41:58:95:da:0f:1f:c0:eb:69:07:
                    78:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:F4:86:A4:4C:51:05:D7:81:35:72:94:56:1C:CC:3D:13:A4:D6:71
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/b8b278-f9bd-40e1-803a-f691f64758ac/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/b8b278-f9bd-40e1-803a-f691f64758ac/1/vfSGpExRBdeBNXKUVhzMPROk1nE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198552

    Signature Algorithm: sha256WithRSAEncryption
         49:73:ad:77:13:cc:29:cc:ee:62:01:c9:df:64:df:be:98:06:
         c6:bf:e2:ed:49:0a:80:ae:49:92:da:ac:97:32:23:63:4f:49:
         36:df:f4:c3:eb:81:38:bc:f7:d9:fa:63:66:51:f1:a3:c9:10:
         af:84:c9:ec:24:25:cb:42:5f:27:8b:4b:8d:fc:0f:54:11:bd:
         d9:42:d9:a3:80:02:b5:24:cc:47:45:cf:12:ee:71:18:a1:19:
         e8:11:e7:65:ee:c4:37:2f:8b:ed:af:94:f6:a6:09:a8:01:e6:
         6e:45:cb:4f:bc:34:2a:61:4a:c7:fa:c8:83:cc:ef:e5:7b:2d:
         d1:93:94:ef:b6:6e:8c:0d:98:0f:71:83:80:8c:12:01:7e:35:
         58:e1:23:97:88:2f:3e:7d:cc:26:5e:a3:4c:cb:ae:5d:08:51:
         a7:4e:12:7a:8d:4c:d3:41:78:58:85:10:dd:38:9d:92:56:bc:
         35:38:6f:7e:82:c5:3f:c2:96:da:dd:31:3c:e0:d3:4f:d5:f8:
         12:70:e7:54:9f:f3:0b:c5:b5:5b:12:5e:1f:e9:74:fa:d8:0a:
         66:11:2e:d7:b2:f8:e8:af:15:22:ca:19:32:ea:47:d6:74:95:
         56:0e:1a:40:47:32:6d:a4:16:f6:7d:f1:99:55:c4:6f:8b:2b:
         4c:a6:b5:d5
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQjajJ1q1En3pE6ofd7fLUoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTk0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGY0ODZhNDRjNTEwNWQ3ODEzNTcyOTQ1NjFjY2MzZDEzYTRkNjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvF0ZNo+sz3RifYgCo8PV5+MN/Ufh
fHZs7IuLxhkziPxWKmextVlK3BANm5XOoObdAB57q1U29TFSevBU/m6xYw8bAxH/
GMVhYicM3CUR9cHyzQsUeMAj3kmSPA9QMzRANRL+klOrYMmQ2BFuFjjvLJMabWMH
hiEgFSh3lz5pWySHnnH0h+iv6SYxwt75FbHsis2ObUcR6q4CJGvgNC+ci8hui29P
T7rzdtN2o0z51tqwO0nO6TElBneBRZsp/EdqHFVz87TuipSuR4otc9ei/muQH13p
J1loaOtstSp4zi5vkd97o4VKa9DAcO9g5u0gKjLuVEFYldoPH8DraQd4IwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFL30hqRMUQXXgTVylFYczD0TpNZxMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzliL2I4YjI3
OC1mOWJkLTQwZTEtODAzYS1mNjkxZjY0NzU4YWMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWIvYjhiMjc4
LWY5YmQtNDBlMS04MDNhLWY2OTFmNjQ3NThhYy8xL3ZmU0dwRXhSQmRlQk5YS1VW
aHpNUFJPazFuRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMHmDANBgkqhkiG9w0BAQsFAAOCAQEASXOtdxPMKczu
YgHJ32TfvpgGxr/i7UkKgK5JktqslzIjY09JNt/0w+uBOLz32fpjZlHxo8kQr4TJ
7CQly0JfJ4tLjfwPVBG92ULZo4ACtSTMR0XPEu5xGKEZ6BHnZe7ENy+L7a+U9qYJ
qAHmbkXLT7w0KmFKx/rIg8zv5Xst0ZOU77ZujA2YD3GDgIwSAX41WOEjl4gvPn3M
Jl6jTMuuXQhRp04Seo1M00F4WIUQ3Tidkla8NThvfoLFP8KW2t0xPODTT9X4EnDn
VJ/zC8W1WxJeH+l0+tgKZhEu17L46K8VIsoZMupH1nSVVg4aQEcybaQW9n3xmVXE
b4srTKa11Q==
-----END CERTIFICATE-----