Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/wBV0y54ONb-XVO-RdQFLx0YAjw4.cer
File:                     wBV0y54ONb-XVO-RdQFLx0YAjw4.cer (raw, json)
Hash identifier:          bcxhxz1R2MilI5OQoatwOgnr4pLf60hYpgOBw93B59A=
Subject key identifier:   C0:15:74:CB:9E:0E:35:BF:97:54:EF:91:75:01:4B:C7:46:00:8F:0E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194258F475845A719D4079DDEAB7B65826B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/bd/396890-e96c-4d1f-936c-8fee7ec7c3cd/1/wBV0y54ONb-XVO-RdQFLx0YAjw4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/bd/396890-e96c-4d1f-936c-8fee7ec7c3cd/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 05:48:54 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 91.199.44.0/24
                          IP: 2a0d:b700::/32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:47:58:45:a7:19:d4:07:9d:de:ab:7b:65:82:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 05:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c01574cb9e0e35bf9754ef9175014bc746008f0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b9:63:ab:cb:f9:dc:46:ff:dd:75:51:50:8b:
                    72:68:35:8e:fb:e8:22:02:43:fd:b5:a5:8c:cf:7c:
                    c2:27:a2:ec:b8:e8:c6:49:86:cd:a5:4b:28:00:f5:
                    50:c0:38:3a:8d:43:c1:58:c5:44:08:a0:2e:88:99:
                    7c:a2:1a:ab:28:a5:73:4d:47:6f:16:05:67:cd:62:
                    c1:04:12:8f:53:53:81:f2:65:ad:54:77:72:f1:57:
                    98:3a:d2:ae:4e:d6:13:c2:8f:2a:02:43:40:56:e5:
                    28:d0:79:bf:8d:14:ad:52:27:6b:e8:e2:22:bd:c6:
                    fb:99:94:23:68:85:9c:9e:07:b3:70:c4:7e:60:b2:
                    74:12:d9:fa:05:45:16:71:98:dd:25:cf:dc:c2:ba:
                    3b:e3:67:36:ec:6c:3b:02:9a:b9:43:91:d7:68:f8:
                    55:97:b8:0a:f0:b0:51:9c:d3:2c:9f:e1:b1:2a:79:
                    18:1a:6c:15:0d:91:b2:3e:82:e4:8c:40:6e:27:75:
                    22:ec:2f:51:8b:c2:1c:e3:ed:f1:fa:e7:05:ec:4e:
                    58:66:2b:30:2f:c4:7c:06:f8:af:0c:12:b0:fa:33:
                    18:47:66:fc:32:95:56:1d:c8:55:bf:f8:f6:c6:5c:
                    89:88:b2:1a:42:24:4b:47:8a:19:7d:6f:5f:f4:7a:
                    42:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:15:74:CB:9E:0E:35:BF:97:54:EF:91:75:01:4B:C7:46:00:8F:0E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/396890-e96c-4d1f-936c-8fee7ec7c3cd/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/396890-e96c-4d1f-936c-8fee7ec7c3cd/1/wBV0y54ONb-XVO-RdQFLx0YAjw4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.44.0/24
                IPv6:
                  2a0d:b700::/32

    Signature Algorithm: sha256WithRSAEncryption
         84:ae:4b:d4:3b:95:5c:55:b7:d9:4d:fc:68:9e:07:0c:44:5c:
         36:25:35:fa:da:05:21:73:3c:74:45:2e:c5:83:2d:e7:c0:62:
         8b:e1:8a:fa:28:df:c4:d7:9b:78:75:bf:84:a6:4b:41:58:fb:
         63:d8:d2:ca:14:4a:cb:00:b3:84:68:c7:e4:1e:70:ee:0c:da:
         e3:6a:a1:51:22:20:d1:62:7b:6a:b4:af:e8:22:c2:e2:99:f3:
         7c:2c:41:9a:fe:b1:23:03:96:53:e2:1c:87:ec:07:e2:c4:18:
         bc:21:5d:fd:8d:d5:2b:a0:91:8e:22:56:2c:54:9b:e5:27:bf:
         24:59:d0:38:f9:1b:90:da:02:5c:f9:9d:fc:a2:4a:43:cd:c0:
         3d:4d:77:ec:6e:4a:80:6a:9c:e7:10:cb:f0:5e:87:01:75:99:
         df:09:65:f2:03:6f:ad:56:6f:e6:17:a4:4e:33:94:dd:ae:9d:
         fd:55:43:02:e1:17:d3:f3:15:e7:11:aa:48:14:e7:b0:a1:1b:
         43:e3:9f:7d:d8:41:43:f3:b1:04:96:2a:ff:57:9c:ef:2a:c4:
         31:50:43:a2:ba:6c:4a:c6:ae:9e:2b:04:0a:87:ce:18:51:a2:
         19:fa:91:9c:30:4d:c9:94:bf:26:b1:76:d5:f5:3b:3f:12:ba:
         8e:9c:1d:c1
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQlj0dYRacZ1Aed3qt7ZYJrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDU0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDE1NzRjYjllMGUzNWJmOTc1NGVmOTE3NTAxNGJjNzQ2MDA4ZjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17ljq8v53Eb/3XVRUItyaDWO++gi
AkP9taWMz3zCJ6LsuOjGSYbNpUsoAPVQwDg6jUPBWMVECKAuiJl8ohqrKKVzTUdv
FgVnzWLBBBKPU1OB8mWtVHdy8VeYOtKuTtYTwo8qAkNAVuUo0Hm/jRStUidr6OIi
vcb7mZQjaIWcngezcMR+YLJ0Etn6BUUWcZjdJc/cwro742c27Gw7Apq5Q5HXaPhV
l7gK8LBRnNMsn+GxKnkYGmwVDZGyPoLkjEBuJ3Ui7C9Ri8Ic4+3x+ucF7E5YZisw
L8R8BvivDBKw+jMYR2b8MpVWHchVv/j2xlyJiLIaQiRLR4oZfW9f9HpCjQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFMAVdMueDjW/l1TvkXUBS8dGAI8OMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JkLzM5Njg5
MC1lOTZjLTRkMWYtOTM2Yy04ZmVlN2VjN2MzY2QvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmQvMzk2ODkw
LWU5NmMtNGQxZi05MzZjLThmZWU3ZWM3YzNjZC8xL3dCVjB5NTRPTmItWFZPLVJk
UUZMeDBZQWp3NC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAW8csMA0EAgACMAcDBQAqDbcAMA0GCSqGSIb3
DQEBCwUAA4IBAQCErkvUO5VcVbfZTfxongcMRFw2JTX62gUhczx0RS7Fgy3nwGKL
4Yr6KN/E15t4db+EpktBWPtj2NLKFErLALOEaMfkHnDuDNrjaqFRIiDRYntqtK/o
IsLimfN8LEGa/rEjA5ZT4hyH7AfixBi8IV39jdUroJGOIlYsVJvlJ78kWdA4+RuQ
2gJc+Z38okpDzcA9TXfsbkqAapznEMvwXocBdZnfCWXyA2+tVm/mF6ROM5Tdrp39
VUMC4RfT8xXnEapIFOewoRtD45992EFD87EElir/V5zvKsQxUEOiumxKxq6eKwQK
h84YUaIZ+pGcME3JlL8msXbV9Ts/ErqOnB3B
-----END CERTIFICATE-----