Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/w9a4Z_-YTcfF6szS2j-Szzxnfas.cer
File:                     w9a4Z_-YTcfF6szS2j-Szzxnfas.cer (raw, json)
Hash identifier:          Rw36/gljQ09l74hvfktjm2V1kfS3q2cHg+IddgJLLvw=
Subject key identifier:   C3:D6:B8:67:FF:98:4D:C7:C5:EA:CC:D2:DA:3F:92:CF:3C:67:7D:AB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019421B1D03FBAF73871708BE759359450EA
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/c58479df-f5b7-4453-92bf-de1f61b3d4b0/0/C3D6B867FF984DC7C5EACCD2DA3F92CF3C677DAB.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/c58479df-f5b7-4453-92bf-de1f61b3d4b0/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 11:48:08 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 215126
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:d0:3f:ba:f7:38:71:70:8b:e7:59:35:94:50:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 11:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c3d6b867ff984dc7c5eaccd2da3f92cf3c677dab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:22:11:a7:5d:ac:9b:c4:f8:ae:5a:9a:dd:23:
                    c4:36:30:35:ea:c4:9c:4f:dd:97:7c:0b:24:0b:72:
                    81:ec:f5:f0:f7:49:31:6e:04:ca:04:a3:df:d1:90:
                    52:ef:2d:43:f9:75:1d:b6:03:7d:cc:b1:44:e9:5b:
                    c5:c4:0f:b2:dc:8d:21:97:58:ca:86:0d:2d:ff:cc:
                    23:60:78:be:45:8d:b6:5a:92:87:fd:6e:f7:4a:b3:
                    0a:20:45:fa:bb:53:b7:05:19:a7:be:8a:80:5d:c7:
                    d6:f3:91:29:78:5c:9e:f4:5c:cf:83:9d:9b:61:50:
                    76:f7:c5:1f:41:bd:b6:38:03:21:b6:f6:9d:b2:d3:
                    d2:3c:ef:d3:a8:4e:36:1a:d6:f8:0f:0f:0d:c5:39:
                    9c:f6:c7:a2:55:35:bd:5f:14:64:d1:99:cb:fb:61:
                    c0:3d:cc:f5:48:1a:82:d0:92:a4:ef:98:e9:dc:af:
                    f1:f8:0d:de:68:13:35:0b:53:25:e6:f8:9f:fe:e9:
                    3d:24:8d:77:ee:3b:3c:9a:f1:a6:71:20:bb:54:b6:
                    eb:15:81:59:d4:a1:b8:3b:df:cb:85:f3:bf:23:c9:
                    f6:74:0b:56:53:82:a2:85:17:33:91:22:26:06:0f:
                    15:90:98:9d:68:3a:77:de:c2:f1:22:bc:ee:74:e9:
                    bc:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:D6:B8:67:FF:98:4D:C7:C5:EA:CC:D2:DA:3F:92:CF:3C:67:7D:AB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/c58479df-f5b7-4453-92bf-de1f61b3d4b0/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/c58479df-f5b7-4453-92bf-de1f61b3d4b0/0/C3D6B867FF984DC7C5EACCD2DA3F92CF3C677DAB.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215126

    Signature Algorithm: sha256WithRSAEncryption
         62:20:de:01:1d:25:8b:13:42:68:33:b1:d7:8b:f8:7c:53:11:
         e3:4c:3c:95:58:b4:b1:66:f4:47:d9:7c:65:7c:84:08:60:66:
         bb:67:1d:de:2c:80:b0:8d:4b:90:27:0f:13:24:39:56:fb:4f:
         09:67:b4:61:54:31:1b:a7:37:b1:2e:ae:d9:6a:6e:eb:4f:a0:
         fe:cf:ed:3c:c7:8f:ee:11:56:a2:01:4a:d9:7a:51:fe:4f:c4:
         86:72:ea:92:94:ab:9c:bc:93:f7:aa:ec:f6:5f:97:fa:19:9e:
         3d:bb:94:0e:df:6b:25:3f:16:d0:3f:38:f1:b7:7a:1f:ca:47:
         92:e7:96:2b:2b:b9:52:49:1b:58:ce:4e:81:56:3a:05:9f:24:
         9f:8d:98:e6:f9:51:84:17:10:5b:4d:12:a5:ac:68:8c:59:0e:
         46:81:de:8f:79:0d:a4:7c:2f:41:74:17:26:bf:88:d6:85:b4:
         23:17:c9:c7:ab:e3:44:53:7a:e1:a7:aa:b6:79:37:cb:a7:53:
         b7:2d:e0:53:b7:52:3e:23:79:c3:80:af:bb:41:bd:b0:c7:63:
         70:69:ea:ca:cb:3c:60:e7:f7:29:80:d7:f3:0c:5d:7e:78:8f:
         56:09:b1:61:25:23:57:21:70:3a:8f:31:45:72:f6:ca:1e:b0:
         f1:45:e9:e0
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZQhsdA/uvc4cXCL51k1lFDqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2Q2Yjg2N2ZmOTg0ZGM3YzVlYWNjZDJkYTNmOTJjZjNjNjc3ZGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyIRp12sm8T4rlqa3SPENjA16sSc
T92XfAskC3KB7PXw90kxbgTKBKPf0ZBS7y1D+XUdtgN9zLFE6VvFxA+y3I0hl1jK
hg0t/8wjYHi+RY22WpKH/W73SrMKIEX6u1O3BRmnvoqAXcfW85EpeFye9FzPg52b
YVB298UfQb22OAMhtvadstPSPO/TqE42Gtb4Dw8NxTmc9seiVTW9XxRk0ZnL+2HA
Pcz1SBqC0JKk75jp3K/x+A3eaBM1C1Ml5vif/uk9JI137js8mvGmcSC7VLbrFYFZ
1KG4O9/LhfO/I8n2dAtWU4KihRczkSImBg8VkJidaDp33sLxIrzudOm8KwIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFMPWuGf/mE3HxerM0to/ks88Z32rMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M1ODQ3
OWRmLWY1YjctNDQ1My05MmJmLWRlMWY2MWIzZDRiMC8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzU4
NDc5ZGYtZjViNy00NDUzLTkyYmYtZGUxZjYxYjNkNGIwLzAvQzNENkI4NjdGRjk4
NERDN0M1RUFDQ0QyREEzRjkyQ0YzQzY3N0RBQi5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDSFYw
DQYJKoZIhvcNAQELBQADggEBAGIg3gEdJYsTQmgzsdeL+HxTEeNMPJVYtLFm9EfZ
fGV8hAhgZrtnHd4sgLCNS5AnDxMkOVb7TwlntGFUMRunN7EurtlqbutPoP7P7TzH
j+4RVqIBStl6Uf5PxIZy6pKUq5y8k/eq7PZfl/oZnj27lA7fayU/FtA/OPG3eh/K
R5LnlisruVJJG1jOToFWOgWfJJ+NmOb5UYQXEFtNEqWsaIxZDkaB3o95DaR8L0F0
Fya/iNaFtCMXycer40RTeuGnqrZ5N8unU7ct4FO3Uj4jecOAr7tBvbDHY3Bp6srL
PGDn9ymA1/MMXX54j1YJsWElI1chcDqPMUVy9soesPFF6eA=
-----END CERTIFICATE-----