Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/vlU5r-kl24C0Fe-xTGMbLYLIzt0.cer
File:                     vlU5r-kl24C0Fe-xTGMbLYLIzt0.cer (raw, json)
Hash identifier:          uQiLS0wKzsJNlt94d0Nl+wYmKWUhg4Ha+M5heddaxoQ=
Subject key identifier:   BE:55:39:AF:E9:25:DB:80:B4:15:EF:B1:4C:63:1B:2D:82:C8:CE:DD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194B1015E26AE63CFEF050D9228E8AE6AA5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7f/733dae-0021-44e5-92e5-2500f4efab69/1/vlU5r-kl24C0Fe-xTGMbLYLIzt0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7f/733dae-0021-44e5-92e5-2500f4efab69/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 29 Jan 2025 07:40:44 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 213694
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b1:01:5e:26:ae:63:cf:ef:05:0d:92:28:e8:ae:6a:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 29 07:40:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be5539afe925db80b415efb14c631b2d82c8cedd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:0a:b7:22:9d:bf:8a:60:bf:5b:77:bb:e9:2d:
                    9e:7e:e7:29:72:4c:23:1e:3f:1b:01:6a:80:b7:64:
                    92:4c:88:b1:53:d1:c4:22:0e:21:08:96:69:45:58:
                    8a:c6:45:99:e2:5c:7b:d1:c9:19:4b:bf:a3:a9:71:
                    05:7a:21:8a:c6:ab:5f:26:31:d2:c2:1b:d9:73:dd:
                    23:c0:44:ce:3f:1b:3e:97:99:b1:a4:9a:fc:8c:15:
                    4e:16:ff:6f:f5:8c:c0:d6:68:83:c6:91:b5:78:0b:
                    0a:83:94:50:69:07:6e:19:15:a5:e6:6d:69:e6:03:
                    b5:08:b5:a2:b9:94:65:f1:d6:37:de:01:83:5c:e9:
                    e3:26:05:86:8d:a8:43:06:b8:d2:5f:85:1f:a2:22:
                    cb:e2:a4:97:9e:c4:c6:20:b6:1e:bf:e7:7c:da:93:
                    f3:58:bd:4e:91:19:8b:22:f4:be:91:b3:3a:d0:af:
                    47:49:9c:c4:69:df:b8:4e:ff:3d:45:d7:55:0d:a7:
                    23:98:e6:a7:ff:db:f4:96:77:03:1b:b1:d5:86:aa:
                    69:22:a2:27:11:8d:77:e0:bd:89:15:53:35:c6:f0:
                    97:e1:40:19:6e:58:6d:dd:d2:55:7c:c5:f5:b7:cb:
                    1b:c4:d0:dd:eb:17:bc:d4:ce:41:b7:33:8b:02:6f:
                    ad:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:55:39:AF:E9:25:DB:80:B4:15:EF:B1:4C:63:1B:2D:82:C8:CE:DD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/733dae-0021-44e5-92e5-2500f4efab69/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/733dae-0021-44e5-92e5-2500f4efab69/1/vlU5r-kl24C0Fe-xTGMbLYLIzt0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213694

    Signature Algorithm: sha256WithRSAEncryption
         01:80:6a:35:f0:d9:1e:e4:4c:b3:d6:18:8e:83:4f:1d:91:10:
         fb:93:88:ef:dc:36:bd:9f:c4:ac:b7:0d:2d:94:f4:c3:ef:37:
         ea:05:45:2a:ed:a6:87:15:7a:86:1e:9d:0a:e7:07:f0:23:18:
         60:18:f0:2a:1f:17:dd:8b:ac:da:81:b1:a1:8e:de:4d:fd:25:
         7d:85:22:43:f0:39:c9:2a:1e:42:ed:28:61:fe:fe:56:b6:ac:
         65:ff:a0:bd:cb:55:45:45:b4:ac:c4:ac:48:87:23:f9:3e:dd:
         c7:a4:1f:ad:83:1a:c9:b0:0b:6b:1d:a6:df:01:09:58:2d:f3:
         1d:30:57:a9:86:09:3a:15:48:63:57:12:49:df:c7:0f:b5:df:
         ef:d5:cf:0a:10:fb:4c:56:b2:ab:96:6c:be:94:bb:5b:59:92:
         29:5e:12:84:bc:65:d1:2d:ff:54:8c:e9:ac:7b:37:15:1b:d3:
         bf:3f:92:bc:79:dc:55:3b:31:6e:c8:cf:5b:1c:84:99:d0:44:
         c4:f4:8e:2b:4a:20:5c:89:de:0b:7a:b8:ff:76:6d:68:fc:b1:
         fb:e7:15:65:af:a2:02:ae:a0:f0:25:3c:76:77:14:aa:1a:9f:
         de:12:1a:21:87:f6:f6:63:ea:99:ba:74:74:33:02:7c:fd:10:
         4e:32:25:60
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZSxAV4mrmPP7wUNkijormqlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTI5MDc0MDQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTU1MzlhZmU5MjVkYjgwYjQxNWVmYjE0YzYzMWIyZDgyYzhjZWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyQq3Ip2/imC/W3e76S2efucpckwj
Hj8bAWqAt2SSTIixU9HEIg4hCJZpRViKxkWZ4lx70ckZS7+jqXEFeiGKxqtfJjHS
whvZc90jwETOPxs+l5mxpJr8jBVOFv9v9YzA1miDxpG1eAsKg5RQaQduGRWl5m1p
5gO1CLWiuZRl8dY33gGDXOnjJgWGjahDBrjSX4UfoiLL4qSXnsTGILYev+d82pPz
WL1OkRmLIvS+kbM60K9HSZzEad+4Tv89RddVDacjmOan/9v0lncDG7HVhqppIqIn
EY134L2JFVM1xvCX4UAZblht3dJVfMX1t8sbxNDd6xe81M5BtzOLAm+tAQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFL5VOa/pJduAtBXvsUxjGy2CyM7dMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdmLzczM2Rh
ZS0wMDIxLTQ0ZTUtOTJlNS0yNTAwZjRlZmFiNjkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2YvNzMzZGFl
LTAwMjEtNDRlNS05MmU1LTI1MDBmNGVmYWI2OS8xL3ZsVTVyLWtsMjRDMEZlLXhU
R01iTFlMSXp0MC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNCvjANBgkqhkiG9w0BAQsFAAOCAQEAAYBqNfDZHuRM
s9YYjoNPHZEQ+5OI79w2vZ/ErLcNLZT0w+836gVFKu2mhxV6hh6dCucH8CMYYBjw
Kh8X3Yus2oGxoY7eTf0lfYUiQ/A5ySoeQu0oYf7+VrasZf+gvctVRUW0rMSsSIcj
+T7dx6QfrYMaybALax2m3wEJWC3zHTBXqYYJOhVIY1cSSd/HD7Xf79XPChD7TFay
q5ZsvpS7W1mSKV4ShLxl0S3/VIzprHs3FRvTvz+SvHncVTsxbsjPWxyEmdBExPSO
K0ogXIneC3q4/3ZtaPyx++cVZa+iAq6g8CU8dncUqhqf3hIaIYf29mPqmbp0dDMC
fP0QTjIlYA==
-----END CERTIFICATE-----