Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/wWD3u-jXY2d3YUisuMTKNflr6Vc.cer
File:                     wWD3u-jXY2d3YUisuMTKNflr6Vc.cer (raw, json)
Hash identifier:          CA9CWPo3L8Ld7fcsXZUIYBvITGiupVO+w5G8OWfyAfk=
Subject key identifier:   C1:60:F7:BB:E8:D7:63:67:77:61:48:AC:B8:C4:CA:35:F9:6B:E9:57
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942068068CA68163C76A814B753C1F0AE6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c4/461a83-810c-43ae-ac25-64e2bd619318/1/wWD3u-jXY2d3YUisuMTKNflr6Vc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c4/461a83-810c-43ae-ac25-64e2bd619318/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 05:47:55 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 25594
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:06:8c:a6:81:63:c7:6a:81:4b:75:3c:1f:0a:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c160f7bbe8d76367776148acb8c4ca35f96be957
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:8e:f8:19:d7:47:b2:8e:c1:e2:72:c2:bb:bd:
                    e6:a8:73:5a:df:10:71:23:d4:4f:a9:82:b6:dc:d5:
                    be:61:a4:56:17:06:14:54:1b:f9:38:3a:22:88:ba:
                    d0:33:84:12:5d:35:39:10:a8:1d:e1:07:b0:f5:dd:
                    db:41:ae:34:d4:cc:8a:5e:89:42:e9:32:80:d2:de:
                    cc:e4:51:de:10:68:11:e6:27:fe:82:b8:83:83:ea:
                    8a:89:5c:7a:4b:33:20:a2:49:b2:4b:e5:d7:a6:0e:
                    5d:3e:ad:40:3b:e9:a5:cf:02:55:d4:c9:2c:1c:06:
                    f3:7a:34:01:74:54:6d:c6:b5:0b:d0:dd:02:bc:6c:
                    b4:bd:39:70:4f:12:f7:b6:44:c7:47:ad:6b:62:b2:
                    4f:f3:66:46:00:af:05:eb:0a:45:2c:b9:58:d2:2a:
                    40:76:3d:18:4f:e2:5f:e0:01:e1:e4:2d:c1:02:1b:
                    18:a4:e0:8c:5e:d6:07:59:a1:f3:f1:4b:c7:e2:6d:
                    6b:15:be:41:8c:21:0e:5d:bd:da:f7:50:9c:dd:99:
                    ea:32:2f:96:e6:36:6f:69:13:62:c1:dd:42:a6:d4:
                    ad:5d:0c:ba:c9:f4:a3:c7:19:55:a6:ed:2c:b4:13:
                    73:76:c7:26:9c:24:bc:4d:b1:01:f7:ec:94:e5:d1:
                    be:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:60:F7:BB:E8:D7:63:67:77:61:48:AC:B8:C4:CA:35:F9:6B:E9:57
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/461a83-810c-43ae-ac25-64e2bd619318/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/461a83-810c-43ae-ac25-64e2bd619318/1/wWD3u-jXY2d3YUisuMTKNflr6Vc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  25594

    Signature Algorithm: sha256WithRSAEncryption
         5f:e5:83:21:60:d1:0a:c4:12:af:ff:dc:93:b4:26:41:f7:38:
         dd:05:cb:7e:74:a6:37:bc:9a:27:53:06:af:39:41:a5:c2:8f:
         15:5f:e8:15:e2:08:a1:4e:01:db:0e:04:cb:d0:f2:c5:e5:26:
         e3:e4:22:58:0f:43:25:13:d7:19:18:8c:b9:19:7a:25:38:53:
         39:8b:f0:5a:33:aa:6a:da:4f:55:c3:cc:54:c0:77:f2:41:c8:
         c4:f3:cf:ad:04:4b:d8:13:5c:48:50:c2:66:dd:2a:df:d0:88:
         3e:5f:49:03:73:70:bc:53:cf:c2:17:d4:74:e7:97:c6:68:76:
         d3:0d:0a:fb:0b:18:2f:c3:46:de:8e:08:44:a0:c5:9b:de:26:
         a9:43:4c:6f:71:2d:93:e5:4d:9a:0b:93:ee:79:84:69:26:15:
         bb:5a:86:2a:66:97:c7:e8:d4:ae:d9:59:6e:d8:c4:6e:91:f2:
         9a:d1:6b:22:07:28:b8:5c:69:f7:ed:07:53:0c:db:7e:85:6c:
         28:cf:73:89:96:21:84:e0:87:77:fb:4b:c2:e0:4f:90:3e:2d:
         03:38:19:fb:90:e6:16:25:9d:6e:6f:a0:52:d8:6f:8f:56:d9:
         f6:2f:8a:b1:91:7e:59:24:b1:5e:34:ed:80:a3:82:fd:2e:ad:
         a8:aa:ce:c7
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgISAZQgaAaMpoFjx2qBS3U8HwrmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDU0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTYwZjdiYmU4ZDc2MzY3Nzc2MTQ4YWNiOGM0Y2EzNWY5NmJlOTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp474GddHso7B4nLCu73mqHNa3xBx
I9RPqYK23NW+YaRWFwYUVBv5ODoiiLrQM4QSXTU5EKgd4Qew9d3bQa401MyKXolC
6TKA0t7M5FHeEGgR5if+griDg+qKiVx6SzMgokmyS+XXpg5dPq1AO+mlzwJV1Mks
HAbzejQBdFRtxrUL0N0CvGy0vTlwTxL3tkTHR61rYrJP82ZGAK8F6wpFLLlY0ipA
dj0YT+Jf4AHh5C3BAhsYpOCMXtYHWaHz8UvH4m1rFb5BjCEOXb3a91Cc3ZnqMi+W
5jZvaRNiwd1CptStXQy6yfSjxxlVpu0stBNzdscmnCS8TbEB9+yU5dG+RQIDAQAB
o4ICfjCCAnowHQYDVR0OBBYEFMFg97vo12Nnd2FIrLjEyjX5a+lXMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M0LzQ2MWE4
My04MTBjLTQzYWUtYWMyNS02NGUyYmQ2MTkzMTgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzQvNDYxYTgz
LTgxMGMtNDNhZS1hYzI1LTY0ZTJiZDYxOTMxOC8xL3dXRDN1LWpYWTJkM1lVaXN1
TVRLTmZscjZWYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBkGCCsGAQUF
BwEIAQH/BAowCKAGMAQCAmP6MA0GCSqGSIb3DQEBCwUAA4IBAQBf5YMhYNEKxBKv
/9yTtCZB9zjdBct+dKY3vJonUwavOUGlwo8VX+gV4gihTgHbDgTL0PLF5Sbj5CJY
D0MlE9cZGIy5GXolOFM5i/BaM6pq2k9Vw8xUwHfyQcjE88+tBEvYE1xIUMJm3Srf
0Ig+X0kDc3C8U8/CF9R055fGaHbTDQr7Cxgvw0bejghEoMWb3iapQ0xvcS2T5U2a
C5PueYRpJhW7WoYqZpfH6NSu2Vlu2MRukfKa0WsiByi4XGn37QdTDNt+hWwoz3OJ
liGE4Id3+0vC4E+QPi0DOBn7kOYWJZ1ub6BS2G+PVtn2L4qxkX5ZJLFeNO2Ao4L9
Lq2oqs7H
-----END CERTIFICATE-----