Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/x3ER7FVJEVyzR2VNj-WycJ0n998.cer
File:                     x3ER7FVJEVyzR2VNj-WycJ0n998.cer (raw, json)
Hash identifier:          iKwV4MWOIsfuPzQ1HHKHtfnFzq8YbQ/IbepB/kj6vp8=
Subject key identifier:   C7:71:11:EC:55:49:11:5C:B3:47:65:4D:8F:E5:B2:70:9D:27:F7:DF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942143CA62F7A03B09546DA2B346C12F6A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a0/e2d1ad-cfe0-4494-aa75-e0c2b94792ca/1/x3ER7FVJEVyzR2VNj-WycJ0n998.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a0/e2d1ad-cfe0-4494-aa75-e0c2b94792ca/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 09:47:58 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 41505
                          IP: 91.208.101.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:ca:62:f7:a0:3b:09:54:6d:a2:b3:46:c1:2f:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 09:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c77111ec5549115cb347654d8fe5b2709d27f7df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:89:1f:03:7a:97:9a:4c:af:66:f6:83:33:27:
                    de:c2:b4:40:db:b3:25:bb:98:31:5f:e2:21:68:58:
                    6f:c8:0f:b7:d7:0d:54:e2:41:84:f0:f0:0d:a3:f9:
                    03:80:71:63:c5:33:20:e7:8a:5f:a7:b0:ba:ac:cf:
                    07:a7:57:fa:2d:76:3d:c3:b5:41:cc:48:91:5b:cc:
                    f2:1f:68:c4:41:12:d9:fa:26:2e:64:c0:82:42:d6:
                    74:b6:bf:7d:8c:58:22:83:46:fc:4a:bf:b1:17:1b:
                    84:ef:a5:32:ed:25:9e:7a:47:57:a8:c9:b7:14:f2:
                    56:6c:2b:e4:c7:de:20:5e:7b:29:0e:b4:29:da:79:
                    da:19:53:1f:13:18:c2:66:36:2d:60:88:2e:99:c5:
                    30:17:7f:d7:a4:18:01:62:e2:e7:fb:86:ba:d4:14:
                    92:86:3e:d5:1b:21:30:53:7b:24:7f:c2:29:4e:02:
                    ad:7f:c3:06:f5:53:b4:cb:64:1e:44:ae:7c:e4:b4:
                    79:92:97:5d:f0:44:39:f5:83:1e:ef:26:07:34:1b:
                    73:df:92:f6:46:5d:be:d5:42:d3:d7:f8:38:2c:f0:
                    30:19:51:1f:2d:99:ba:f2:90:12:75:fa:4a:aa:3d:
                    70:c0:36:61:45:7c:17:3b:f4:c4:50:4e:03:e2:b0:
                    ee:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:71:11:EC:55:49:11:5C:B3:47:65:4D:8F:E5:B2:70:9D:27:F7:DF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/e2d1ad-cfe0-4494-aa75-e0c2b94792ca/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/e2d1ad-cfe0-4494-aa75-e0c2b94792ca/1/x3ER7FVJEVyzR2VNj-WycJ0n998.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.101.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  41505

    Signature Algorithm: sha256WithRSAEncryption
         9a:97:d4:60:d4:9c:00:7f:05:70:af:c7:86:94:a5:ae:7a:b2:
         45:5d:c1:58:d4:93:f8:30:b8:8e:07:6c:b0:46:9d:30:50:aa:
         00:d3:cc:36:5d:a2:50:c6:e6:99:90:54:93:0a:06:d3:92:e5:
         ae:90:27:bc:9f:de:ae:07:1b:19:e5:f3:79:ae:c8:4a:41:44:
         09:f2:fc:37:97:ed:bb:5f:56:c5:5e:65:41:e8:c3:75:c9:f4:
         93:84:bd:86:28:a7:b9:63:2d:c7:1d:36:db:e7:e5:4f:33:53:
         ac:26:36:58:b4:32:6a:5d:91:74:a6:4c:e5:79:7a:67:19:34:
         78:cf:ba:a8:da:23:7b:ff:84:52:f1:84:2a:80:7a:df:91:88:
         25:80:6b:a8:6e:2a:b4:a3:f9:bb:bf:ed:c7:bf:94:0e:92:cb:
         d4:b6:d2:36:36:50:4d:ad:ac:c1:15:cf:a4:2a:95:b2:09:3e:
         02:8c:0c:70:ec:3c:3e:95:6f:89:41:b9:f9:1e:c9:2c:3c:46:
         d1:a6:2c:1c:5b:69:b2:af:3e:d2:2e:af:71:8e:4f:47:ee:af:
         21:e2:2b:dc:c1:fd:f7:6e:16:f4:d2:be:e5:e7:c4:b9:a3:3c:
         34:81:04:7f:43:c9:8f:80:d4:99:0b:23:16:62:c1:d7:2e:d8:
         0a:33:55:5d
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQhQ8pi96A7CVRtorNGwS9qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDk0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzcxMTFlYzU1NDkxMTVjYjM0NzY1NGQ4ZmU1YjI3MDlkMjdmN2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYkfA3qXmkyvZvaDMyfewrRA27Ml
u5gxX+IhaFhvyA+31w1U4kGE8PANo/kDgHFjxTMg54pfp7C6rM8Hp1f6LXY9w7VB
zEiRW8zyH2jEQRLZ+iYuZMCCQtZ0tr99jFgig0b8Sr+xFxuE76Uy7SWeekdXqMm3
FPJWbCvkx94gXnspDrQp2nnaGVMfExjCZjYtYIgumcUwF3/XpBgBYuLn+4a61BSS
hj7VGyEwU3skf8IpTgKtf8MG9VO0y2QeRK585LR5kpdd8EQ59YMe7yYHNBtz35L2
Rl2+1ULT1/g4LPAwGVEfLZm68pASdfpKqj1wwDZhRXwXO/TEUE4D4rDuuwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFMdxEexVSRFcs0dlTY/lsnCdJ/ffMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2EwL2UyZDFh
ZC1jZmUwLTQ0OTQtYWE3NS1lMGMyYjk0NzkyY2EvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTAvZTJkMWFk
LWNmZTAtNDQ5NC1hYTc1LWUwYzJiOTQ3OTJjYS8xL3gzRVI3RlZKRVZ5elIyVk5q
LVd5Y0owbjk5OC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9BlMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCiITANBgkqhkiG9w0BAQsFAAOCAQEAmpfUYNScAH8FcK/HhpSlrnqyRV3BWNST
+DC4jgdssEadMFCqANPMNl2iUMbmmZBUkwoG05LlrpAnvJ/ergcbGeXzea7ISkFE
CfL8N5ftu19WxV5lQejDdcn0k4S9hiinuWMtxx022+flTzNTrCY2WLQyal2RdKZM
5Xl6Zxk0eM+6qNoje/+EUvGEKoB635GIJYBrqG4qtKP5u7/tx7+UDpLL1LbSNjZQ
Ta2swRXPpCqVsgk+AowMcOw8PpVviUG5+R7JLDxG0aYsHFtpsq8+0i6vcY5PR+6v
IeIr3MH9924W9NK+5efEuaM8NIEEf0PJj4DUmQsjFmLB1y7YCjNVXQ==
-----END CERTIFICATE-----