Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/xxnK2ZIhFbz6dFK6Cm5Dpq9OTCQ.cer
File:                     xxnK2ZIhFbz6dFK6Cm5Dpq9OTCQ.cer (raw, json)
Hash identifier:          AGtE6mz6IEs0qlHbhCcPhHokKjVWtxMN3eAksqgnD8k=
Subject key identifier:   C7:19:CA:D9:92:21:15:BC:FA:74:52:BA:0A:6E:43:A6:AF:4E:4C:24
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941FFA4AAB8002F03F1282447335A53C59
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a7/149332-6969-4c4b-b591-7c2c08b5ee49/1/xxnK2ZIhFbz6dFK6Cm5Dpq9OTCQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a7/149332-6969-4c4b-b591-7c2c08b5ee49/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 03:48:04 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 2001:67c:2d90::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:4a:ab:80:02:f0:3f:12:82:44:73:35:a5:3c:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 03:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c719cad9922115bcfa7452ba0a6e43a6af4e4c24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:4a:5e:1d:38:e3:df:e5:f0:a8:9f:cc:f0:10:
                    cd:86:bd:5a:02:a2:8c:44:06:f5:60:b3:62:f7:b0:
                    34:c4:e4:5d:af:c4:d6:d2:4c:31:9f:63:5a:2c:39:
                    7a:67:62:4f:96:fe:b1:b4:db:58:8e:16:8e:5b:97:
                    1a:e0:fd:bc:f7:42:87:02:33:5c:ec:9e:9f:cd:37:
                    1d:7a:cd:52:81:72:58:62:9e:5e:49:bd:17:a8:90:
                    9f:05:04:7c:f4:9d:cf:1f:96:a6:5b:65:f3:a2:48:
                    c0:70:c1:07:2b:44:79:21:cb:0c:8e:e5:62:ed:7d:
                    ed:f7:38:3b:e2:25:a7:a0:90:af:ff:9a:5c:4b:31:
                    17:d6:35:f7:26:29:5c:03:39:d7:0c:4a:cf:5d:e7:
                    5f:d3:b2:c6:e2:a4:4f:42:62:68:e5:7c:48:f9:92:
                    71:6a:34:57:31:e7:63:f4:54:f6:16:9b:30:51:2a:
                    42:df:3c:f0:02:22:db:65:0c:c6:b8:a4:6f:85:4f:
                    9a:11:b6:72:24:f4:9f:08:f2:e6:ec:ff:a6:f9:48:
                    e3:07:5e:ac:08:1a:c0:16:43:fa:00:ab:a0:d5:77:
                    5f:24:af:a9:45:f2:5c:a9:ac:6a:33:d0:0a:63:a5:
                    fe:6f:76:70:2f:5b:e0:72:a6:b1:90:bc:d0:9c:3a:
                    ae:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:19:CA:D9:92:21:15:BC:FA:74:52:BA:0A:6E:43:A6:AF:4E:4C:24
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/149332-6969-4c4b-b591-7c2c08b5ee49/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/149332-6969-4c4b-b591-7c2c08b5ee49/1/xxnK2ZIhFbz6dFK6Cm5Dpq9OTCQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2d90::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:46:8d:65:d9:09:d1:d3:9f:5a:c0:15:c1:89:43:7c:98:6a:
         34:ed:44:fd:ae:74:11:8c:0f:58:3c:83:0f:14:b3:e6:c8:12:
         15:33:cb:99:65:74:1f:ba:ef:c7:19:72:dc:af:cd:91:3c:51:
         76:f3:97:8b:7c:28:46:51:2c:da:b9:27:61:5e:ce:61:05:59:
         df:c4:48:43:f9:3d:7f:73:3d:66:e4:f7:14:87:92:27:68:73:
         ff:0e:26:3e:93:0e:c6:94:c4:e0:1b:3c:2b:49:e9:fc:b1:27:
         fb:63:35:06:54:f2:da:2e:07:db:21:da:ab:91:0f:6f:29:de:
         27:62:c5:9c:28:6f:af:bb:a6:aa:f6:96:f7:c3:b9:6b:98:ee:
         6d:8f:da:02:d5:73:94:91:e4:9d:8e:51:e3:c7:fd:a8:9b:fb:
         ae:09:3c:c6:5f:fe:78:cd:89:93:30:6b:2a:81:f8:fa:69:ac:
         c1:36:ed:63:cf:10:e2:88:74:6c:8a:1d:b5:ec:39:fd:19:6a:
         bf:26:60:82:3e:4b:df:9d:31:57:f0:9a:46:8b:a0:09:a2:f0:
         74:39:ae:b4:40:8d:57:e8:a0:fc:26:5a:02:19:6a:78:bd:cf:
         56:d9:b8:5f:36:3e:59:9a:bf:47:8c:5f:54:6f:3e:f8:d7:60:
         bd:18:ce:ec
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgISAZQf+kqrgALwPxKCRHM1pTxZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDM0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzE5Y2FkOTkyMjExNWJjZmE3NDUyYmEwYTZlNDNhNmFmNGU0YzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2kpeHTjj3+XwqJ/M8BDNhr1aAqKM
RAb1YLNi97A0xORdr8TW0kwxn2NaLDl6Z2JPlv6xtNtYjhaOW5ca4P2890KHAjNc
7J6fzTcdes1SgXJYYp5eSb0XqJCfBQR89J3PH5amW2XzokjAcMEHK0R5IcsMjuVi
7X3t9zg74iWnoJCv/5pcSzEX1jX3JilcAznXDErPXedf07LG4qRPQmJo5XxI+ZJx
ajRXMedj9FT2FpswUSpC3zzwAiLbZQzGuKRvhU+aEbZyJPSfCPLm7P+m+UjjB16s
CBrAFkP6AKug1XdfJK+pRfJcqaxqM9AKY6X+b3ZwL1vgcqaxkLzQnDquiwIDAQAB
o4IChzCCAoMwHQYDVR0OBBYEFMcZytmSIRW8+nRSugpuQ6avTkwkMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2E3LzE0OTMz
Mi02OTY5LTRjNGItYjU5MS03YzJjMDhiNWVlNDkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTcvMTQ5MzMy
LTY5NjktNGM0Yi1iNTkxLTdjMmMwOGI1ZWU0OS8xL3h4bksyWkloRmJ6NmRGSzZD
bTVEcHE5T1RDUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC2QMA0GCSqGSIb3DQEBCwUAA4IBAQCl
Ro1l2QnR059awBXBiUN8mGo07UT9rnQRjA9YPIMPFLPmyBIVM8uZZXQfuu/HGXLc
r82RPFF285eLfChGUSzauSdhXs5hBVnfxEhD+T1/cz1m5PcUh5InaHP/DiY+kw7G
lMTgGzwrSen8sSf7YzUGVPLaLgfbIdqrkQ9vKd4nYsWcKG+vu6aq9pb3w7lrmO5t
j9oC1XOUkeSdjlHjx/2om/uuCTzGX/54zYmTMGsqgfj6aazBNu1jzxDiiHRsih21
7Dn9GWq/JmCCPkvfnTFX8JpGi6AJovB0Oa60QI1X6KD8JloCGWp4vc9W2bhfNj5Z
mr9HjF9Ubz7412C9GM7s
-----END CERTIFICATE-----