Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/xA3Iplr2fnLf3zHMiJR5cZ5P16M.cer
File:                     xA3Iplr2fnLf3zHMiJR5cZ5P16M.cer (raw, json)
Hash identifier:          rNXNfJNshEmuaxnIRdImQoL7v2uCEexSsCpmGvb2v0U=
Subject key identifier:   C4:0D:C8:A6:5A:F6:7E:72:DF:DF:31:CC:88:94:79:71:9E:4F:D7:A3
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420D633215BA5E744084B3B0050EAE226
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/30/18b255-805a-41e7-8955-40d4a8226a36/1/xA3Iplr2fnLf3zHMiJR5cZ5P16M.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/30/18b255-805a-41e7-8955-40d4a8226a36/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 07:48:16 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 212194
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:33:21:5b:a5:e7:44:08:4b:3b:00:50:ea:e2:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c40dc8a65af67e72dfdf31cc889479719e4fd7a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:32:19:4f:c3:a3:09:92:6a:c0:b3:89:c5:6c:
                    f5:b8:7d:01:88:84:e7:05:77:7a:58:9d:1b:f8:a9:
                    a4:80:f7:cb:f6:06:11:15:4e:f6:66:52:ae:d8:f4:
                    5e:51:92:f4:60:df:11:86:10:55:bf:62:b4:32:65:
                    46:6d:a8:8d:b8:c4:e4:cb:3b:c2:ce:ed:3f:8b:20:
                    1d:95:82:ec:8f:fd:de:3d:3a:f5:7e:f0:1f:c4:0f:
                    df:e8:0f:a1:54:ba:83:48:6d:be:e3:e7:24:82:4c:
                    77:d7:43:e1:8e:c4:b6:04:6f:41:9a:da:01:33:81:
                    0c:76:a3:42:1d:01:3a:4c:1f:30:24:69:79:51:9d:
                    65:a0:ed:a4:1c:43:10:13:43:25:25:24:ee:34:12:
                    e0:8c:6d:73:a3:6e:7d:0f:c3:b3:82:93:30:87:20:
                    7a:53:68:cb:63:e5:52:f2:47:3d:2e:08:3c:60:3a:
                    e3:41:fc:af:48:fc:fc:95:b0:cc:4e:84:e6:eb:dc:
                    c5:68:12:16:4e:6c:24:4f:9a:8e:22:65:c7:7d:9b:
                    88:35:d3:6c:50:64:7a:23:65:5b:62:8d:46:a8:93:
                    d8:08:46:b1:de:a8:10:23:ea:4a:84:95:2f:e0:ce:
                    a0:12:ee:0b:a8:eb:03:ec:e2:50:96:91:78:ec:0b:
                    78:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:0D:C8:A6:5A:F6:7E:72:DF:DF:31:CC:88:94:79:71:9E:4F:D7:A3
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/18b255-805a-41e7-8955-40d4a8226a36/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/18b255-805a-41e7-8955-40d4a8226a36/1/xA3Iplr2fnLf3zHMiJR5cZ5P16M.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  212194

    Signature Algorithm: sha256WithRSAEncryption
         46:e0:6c:2f:83:d3:fc:5f:dd:89:a5:d2:38:b2:6f:59:10:5b:
         55:18:c5:86:39:65:62:5a:8e:ae:f3:34:8d:53:29:6f:78:0a:
         84:b2:e0:87:63:10:0e:59:de:8f:2a:75:f0:a9:c0:06:7f:21:
         52:dd:c3:30:1d:a7:d9:19:3d:34:7c:2e:18:42:84:55:a9:c7:
         8c:d4:a6:32:82:9a:ec:f1:82:51:91:89:03:a2:73:e0:30:68:
         31:52:57:d9:39:33:32:1e:75:52:76:12:e3:25:96:5a:65:d9:
         75:b1:2d:53:a8:fd:33:06:ab:3c:c5:4f:e1:48:76:04:7a:2e:
         d2:c5:0c:56:16:4d:7f:78:67:be:41:5b:e2:14:a7:95:c0:3b:
         0c:1a:5d:95:59:c9:2a:f3:48:90:37:56:45:26:55:9e:fc:9d:
         a1:0f:e3:9a:f5:0f:e4:53:99:db:8a:9f:39:4e:ca:b6:97:6b:
         78:c6:ac:82:67:24:eb:da:3c:dd:cf:9d:ba:81:69:d7:f4:ff:
         0f:bb:69:bd:17:11:2c:67:32:cc:7e:16:f5:92:50:84:0e:12:
         d0:d5:6e:e5:4a:68:a5:20:a3:91:7e:3a:46:5c:da:a2:ae:11:
         70:9a:cc:a9:9e:9b:09:7b:ca:39:30:55:d4:b4:5c:62:7c:c8:
         f1:89:f3:c1
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQg1jMhW6XnRAhLOwBQ6uImMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDc0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDBkYzhhNjVhZjY3ZTcyZGZkZjMxY2M4ODk0Nzk3MTllNGZkN2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DIZT8OjCZJqwLOJxWz1uH0BiITn
BXd6WJ0b+KmkgPfL9gYRFU72ZlKu2PReUZL0YN8RhhBVv2K0MmVGbaiNuMTkyzvC
zu0/iyAdlYLsj/3ePTr1fvAfxA/f6A+hVLqDSG2+4+ckgkx310PhjsS2BG9BmtoB
M4EMdqNCHQE6TB8wJGl5UZ1loO2kHEMQE0MlJSTuNBLgjG1zo259D8OzgpMwhyB6
U2jLY+VS8kc9Lgg8YDrjQfyvSPz8lbDMToTm69zFaBIWTmwkT5qOImXHfZuINdNs
UGR6I2VbYo1GqJPYCEax3qgQI+pKhJUv4M6gEu4LqOsD7OJQlpF47At43wIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFMQNyKZa9n5y398xzIiUeXGeT9ejMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMwLzE4YjI1
NS04MDVhLTQxZTctODk1NS00MGQ0YTgyMjZhMzYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzAvMThiMjU1
LTgwNWEtNDFlNy04OTU1LTQwZDRhODIyNmEzNi8xL3hBM0lwbHIyZm5MZjN6SE1p
SlI1Y1o1UDE2TS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM84jANBgkqhkiG9w0BAQsFAAOCAQEARuBsL4PT/F/d
iaXSOLJvWRBbVRjFhjllYlqOrvM0jVMpb3gKhLLgh2MQDlnejyp18KnABn8hUt3D
MB2n2Rk9NHwuGEKEVanHjNSmMoKa7PGCUZGJA6Jz4DBoMVJX2TkzMh51UnYS4yWW
WmXZdbEtU6j9MwarPMVP4Uh2BHou0sUMVhZNf3hnvkFb4hSnlcA7DBpdlVnJKvNI
kDdWRSZVnvydoQ/jmvUP5FOZ24qfOU7KtpdreMasgmck69o83c+duoFp1/T/D7tp
vRcRLGcyzH4W9ZJQhA4S0NVu5UpopSCjkX46Rlzaoq4RcJrMqZ6bCXvKOTBV1LRc
YnzI8YnzwQ==
-----END CERTIFICATE-----