Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/xAqOocjcM7gpD-vTTkU4vZWXROg.cer
File:                     xAqOocjcM7gpD-vTTkU4vZWXROg.cer (raw, json)
Hash identifier:          JvyLcU7mN1Dzs/4o29KePJPTWiHAUnCKgYX+DKsnK74=
Subject key identifier:   C4:0A:8E:A1:C8:DC:33:B8:29:0F:EB:D3:4E:45:38:BD:95:97:44:E8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420D5AA247FE0B169CE57D18B7DFC12E8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e6/e98bf7-c5c8-4561-97e8-e13160ac3e23/1/xAqOocjcM7gpD-vTTkU4vZWXROg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e6/e98bf7-c5c8-4561-97e8-e13160ac3e23/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 07:47:41 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 91.216.105.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:aa:24:7f:e0:b1:69:ce:57:d1:8b:7d:fc:12:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c40a8ea1c8dc33b8290febd34e4538bd959744e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ad:0b:c4:8e:2e:bf:da:0a:70:5c:34:2a:4c:
                    aa:a4:fc:fa:26:c9:fc:45:0a:c9:f2:47:29:c8:42:
                    b4:a1:fb:59:2c:1c:6d:07:87:50:55:2e:6e:21:ab:
                    f4:75:70:bc:3e:15:9f:90:66:b0:e6:69:49:92:a1:
                    96:bd:9c:da:90:b2:d3:ba:e5:f0:cf:f1:5a:4f:29:
                    4d:77:9f:31:b6:22:dc:01:f2:e3:a8:06:16:8f:35:
                    fc:72:ac:00:0e:0e:cd:89:a5:37:cd:9b:38:b8:d5:
                    2b:98:42:86:2d:9b:86:a9:e7:76:a9:3b:39:fb:0e:
                    73:66:27:8d:3e:3d:a1:77:67:55:f5:68:d6:ff:a4:
                    ec:b4:ba:3d:31:04:53:98:bb:eb:ce:b4:be:0d:79:
                    19:f7:dc:30:ca:26:df:48:6d:2d:82:aa:a0:74:af:
                    ab:16:6a:d7:28:57:61:5d:15:21:a8:6a:7c:97:cc:
                    f8:06:c7:06:1e:c4:a6:62:ee:b6:fb:51:33:d7:b9:
                    33:59:0a:a3:9a:1d:a5:13:18:c7:a7:c6:9c:fc:d6:
                    3f:db:9e:fd:1a:c3:08:be:35:51:ad:e2:af:b3:03:
                    a6:ef:6a:66:99:38:fb:04:a9:8a:28:34:b6:da:08:
                    f4:57:a8:e5:62:d4:01:3d:a0:f3:5c:1a:42:5e:74:
                    c6:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:0A:8E:A1:C8:DC:33:B8:29:0F:EB:D3:4E:45:38:BD:95:97:44:E8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e98bf7-c5c8-4561-97e8-e13160ac3e23/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e98bf7-c5c8-4561-97e8-e13160ac3e23/1/xAqOocjcM7gpD-vTTkU4vZWXROg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:6a:ba:a4:89:6d:4c:74:53:f9:13:68:59:d8:52:5f:7b:ac:
         cf:82:ed:ea:4b:0b:a7:80:9f:e3:42:4a:2e:ac:07:ad:e6:88:
         1a:4d:99:ca:6a:16:c5:b0:1f:83:91:74:e7:18:3e:d7:39:55:
         36:40:90:8b:48:6c:62:44:90:fc:1a:07:74:7d:2d:16:52:b9:
         ce:2e:07:0e:90:3f:0c:72:0f:97:f5:a7:3d:98:e2:47:3a:47:
         8c:ad:45:0e:4a:48:7f:ce:42:e9:f6:3b:41:81:61:f2:63:ac:
         25:a3:cb:48:33:6d:99:77:15:14:d2:b6:d7:de:dd:41:0f:ff:
         9f:18:2a:1f:66:5a:1a:b9:d2:5f:fa:d0:0a:2d:be:8a:35:eb:
         a0:f8:b2:79:05:9c:d1:f8:a0:bb:0b:36:12:ac:ce:b2:76:a1:
         b8:94:89:c1:8f:97:94:48:b0:79:2a:3f:22:55:19:b2:30:5a:
         9e:ec:d7:9c:f9:00:c9:ed:60:81:ff:20:bc:18:e0:e2:e7:ea:
         58:81:1a:6f:56:60:a5:64:cd:ed:56:aa:c5:6a:08:07:6c:7c:
         c4:6c:3b:42:e3:ba:54:2c:cc:4a:1e:11:8a:5d:35:8d:b3:c3:
         ce:67:30:67:93:7c:f3:83:d8:ba:37:9f:40:7f:83:05:9e:c7:
         64:4c:1b:b8
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQg1aokf+Cxac5X0Yt9/BLoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDc0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDBhOGVhMWM4ZGMzM2I4MjkwZmViZDM0ZTQ1MzhiZDk1OTc0NGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv60LxI4uv9oKcFw0KkyqpPz6Jsn8
RQrJ8kcpyEK0oftZLBxtB4dQVS5uIav0dXC8PhWfkGaw5mlJkqGWvZzakLLTuuXw
z/FaTylNd58xtiLcAfLjqAYWjzX8cqwADg7NiaU3zZs4uNUrmEKGLZuGqed2qTs5
+w5zZieNPj2hd2dV9WjW/6TstLo9MQRTmLvrzrS+DXkZ99wwyibfSG0tgqqgdK+r
FmrXKFdhXRUhqGp8l8z4BscGHsSmYu62+1Ez17kzWQqjmh2lExjHp8ac/NY/2579
GsMIvjVRreKvswOm72pmmTj7BKmKKDS22gj0V6jlYtQBPaDzXBpCXnTG4wIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFMQKjqHI3DO4KQ/r005FOL2Vl0ToMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U2L2U5OGJm
Ny1jNWM4LTQ1NjEtOTdlOC1lMTMxNjBhYzNlMjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTYvZTk4YmY3
LWM1YzgtNDU2MS05N2U4LWUxMzE2MGFjM2UyMy8xL3hBcU9vY2pjTTdncEQtdlRU
a1U0dlpXWFJPZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9hpMA0GCSqGSIb3DQEBCwUAA4IBAQBoarqk
iW1MdFP5E2hZ2FJfe6zPgu3qSwungJ/jQkourAet5ogaTZnKahbFsB+DkXTnGD7X
OVU2QJCLSGxiRJD8Ggd0fS0WUrnOLgcOkD8Mcg+X9ac9mOJHOkeMrUUOSkh/zkLp
9jtBgWHyY6wlo8tIM22ZdxUU0rbX3t1BD/+fGCofZloaudJf+tAKLb6KNeug+LJ5
BZzR+KC7CzYSrM6ydqG4lInBj5eUSLB5Kj8iVRmyMFqe7Nec+QDJ7WCB/yC8GODi
5+pYgRpvVmClZM3tVqrFaggHbHzEbDtC47pULMxKHhGKXTWNs8POZzBnk3zzg9i6
N59Af4MFnsdkTBu4
-----END CERTIFICATE-----