Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/w1k5CyF0quIpYaDzwp_EAvH-I8g.cer
File:                     w1k5CyF0quIpYaDzwp_EAvH-I8g.cer (raw, json)
Hash identifier:          /fgYmRlvg9Dvf4vJaSiaStPpZ3oSKpMRafRh6j1bKaA=
Subject key identifier:   C3:59:39:0B:21:74:AA:E2:29:61:A0:F3:C2:9F:C4:02:F1:FE:23:C8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941FFA6AA1672F0C5981D862A2A3487692
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/83/5bba7b-daa7-4432-9270-ec5c7de7aae1/1/w1k5CyF0quIpYaDzwp_EAvH-I8g.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/83/5bba7b-daa7-4432-9270-ec5c7de7aae1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 03:48:12 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.229.248.0/24
                          IP: 2a10:b680::/32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:6a:a1:67:2f:0c:59:81:d8:62:a2:a3:48:76:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 03:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c359390b2174aae22961a0f3c29fc402f1fe23c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:2c:42:95:45:6b:27:be:6b:ad:72:45:f7:ac:
                    cb:7a:96:bd:57:47:32:a9:30:de:a1:6c:c0:26:73:
                    79:d7:c8:d4:e8:e4:bb:2a:d7:8c:4b:de:19:86:a3:
                    0f:56:76:92:b4:47:50:2f:9c:ec:a9:68:a4:ec:5e:
                    1b:0d:4d:99:37:19:0a:76:4a:a0:39:99:2a:a6:f6:
                    3f:c4:54:e6:52:ba:14:da:c1:fb:d0:cb:0e:6f:55:
                    e1:28:c3:8e:88:0e:f7:fe:f7:4c:b5:23:8d:2e:a5:
                    c5:cb:af:2f:01:86:59:ec:92:be:33:c3:35:69:a5:
                    d4:fc:3e:6d:6b:58:a4:81:3c:ef:56:fd:62:f4:22:
                    bf:bb:97:34:82:12:1a:b8:d5:53:09:f0:c6:87:74:
                    bc:04:9a:6a:c9:4f:8e:cc:8c:d6:eb:9d:09:0a:e0:
                    21:2f:7c:cb:43:59:de:08:5e:5e:00:0d:c6:69:1a:
                    19:bb:68:41:66:af:e3:d2:c5:bd:91:03:a5:4e:cd:
                    9d:c0:77:38:2c:e6:b0:27:9d:40:40:8b:71:ba:70:
                    35:17:90:5d:cb:79:d5:2b:84:de:5f:2e:b9:57:3d:
                    21:46:e6:98:2c:2b:6a:95:e3:6b:0a:dd:13:7b:a5:
                    1b:b3:d2:2f:98:08:45:ad:3d:76:c8:25:e4:51:2b:
                    63:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:59:39:0B:21:74:AA:E2:29:61:A0:F3:C2:9F:C4:02:F1:FE:23:C8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/5bba7b-daa7-4432-9270-ec5c7de7aae1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/5bba7b-daa7-4432-9270-ec5c7de7aae1/1/w1k5CyF0quIpYaDzwp_EAvH-I8g.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.248.0/24
                IPv6:
                  2a10:b680::/32

    Signature Algorithm: sha256WithRSAEncryption
         77:a1:e7:3b:94:77:7c:2f:56:85:6a:d7:0f:ac:fb:42:75:c7:
         bc:0b:ba:a6:0a:68:6e:1d:80:44:8e:43:10:64:de:40:23:2b:
         ef:87:55:39:33:33:70:fe:64:57:46:b7:ec:0e:bc:0b:10:4f:
         42:a3:20:ff:22:43:c1:40:28:38:5d:84:66:71:94:e1:67:96:
         c3:3f:17:d2:ea:a1:a7:45:56:72:e0:f4:50:87:f5:8a:f9:19:
         ff:ed:15:c9:0a:27:de:47:c5:7c:a8:f0:ed:06:66:55:d7:05:
         f9:ac:51:c9:4c:ce:a9:26:a9:e2:d6:27:d6:b0:ce:c0:8d:15:
         b8:48:f4:66:a5:ab:ef:24:88:55:52:48:c3:28:cc:ec:11:5f:
         6f:c5:02:ef:15:5c:72:b6:7f:74:38:ad:2b:65:63:59:35:7a:
         6a:b6:51:d4:aa:ca:09:b8:71:8f:d1:08:ba:02:46:93:b7:9b:
         24:a1:76:10:5d:54:e7:a0:10:b2:27:a5:a6:ff:96:57:99:c3:
         81:6b:e4:23:59:e3:0c:79:63:2c:7f:17:72:91:0a:4a:e3:2f:
         ab:47:8e:4e:76:ab:15:0a:7c:0f:ef:08:0b:93:90:31:32:ee:
         6c:1e:cf:89:c5:2c:ee:d0:99:f2:ec:7c:02:70:2b:92:58:5f:
         53:fb:b7:60
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQf+mqhZy8MWYHYYqKjSHaSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDM0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzU5MzkwYjIxNzRhYWUyMjk2MWEwZjNjMjlmYzQwMmYxZmUyM2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCxClUVrJ75rrXJF96zLepa9V0cy
qTDeoWzAJnN518jU6OS7KteMS94ZhqMPVnaStEdQL5zsqWik7F4bDU2ZNxkKdkqg
OZkqpvY/xFTmUroU2sH70MsOb1XhKMOOiA73/vdMtSONLqXFy68vAYZZ7JK+M8M1
aaXU/D5ta1ikgTzvVv1i9CK/u5c0ghIauNVTCfDGh3S8BJpqyU+OzIzW650JCuAh
L3zLQ1neCF5eAA3GaRoZu2hBZq/j0sW9kQOlTs2dwHc4LOawJ51AQItxunA1F5Bd
y3nVK4TeXy65Vz0hRuaYLCtqleNrCt0Te6Ubs9IvmAhFrT12yCXkUStjgwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFMNZOQshdKriKWGg88KfxALx/iPIMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzgzLzViYmE3
Yi1kYWE3LTQ0MzItOTI3MC1lYzVjN2RlN2FhZTEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODMvNWJiYTdi
LWRhYTctNDQzMi05MjcwLWVjNWM3ZGU3YWFlMS8xL3cxazVDeUYwcXVJcFlhRHp3
cF9FQXZILUk4Zy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAueX4MA0EAgACMAcDBQAqELaAMA0GCSqGSIb3
DQEBCwUAA4IBAQB3oec7lHd8L1aFatcPrPtCdce8C7qmCmhuHYBEjkMQZN5AIyvv
h1U5MzNw/mRXRrfsDrwLEE9CoyD/IkPBQCg4XYRmcZThZ5bDPxfS6qGnRVZy4PRQ
h/WK+Rn/7RXJCifeR8V8qPDtBmZV1wX5rFHJTM6pJqni1ifWsM7AjRW4SPRmpavv
JIhVUkjDKMzsEV9vxQLvFVxytn90OK0rZWNZNXpqtlHUqsoJuHGP0Qi6AkaTt5sk
oXYQXVTnoBCyJ6Wm/5ZXmcOBa+QjWeMMeWMsfxdykQpK4y+rR45OdqsVCnwP7wgL
k5AxMu5sHs+JxSzu0Jny7HwCcCuSWF9T+7dg
-----END CERTIFICATE-----