Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/z0DiVgZlGgdUhMcJ-nZtgNrVLZw.cer
File:                     z0DiVgZlGgdUhMcJ-nZtgNrVLZw.cer (raw, json)
Hash identifier:          dOm8W1llWxqWhHOCUrQwJc8SaB1y9vdQc7NbU0DPO0g=
Subject key identifier:   CF:40:E2:56:06:65:1A:07:54:84:C7:09:FA:76:6D:80:DA:D5:2D:9C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194258F591BA6831DBF3C28C1DDA61D16D7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2c/7d5e1c-9d79-4b39-b560-e997e558d73a/1/z0DiVgZlGgdUhMcJ-nZtgNrVLZw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2c/7d5e1c-9d79-4b39-b560-e997e558d73a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 05:48:59 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 25350
                          IP: 81.200.224.0/20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:59:1b:a6:83:1d:bf:3c:28:c1:dd:a6:1d:16:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 05:48:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf40e25606651a075484c709fa766d80dad52d9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:27:5c:a1:42:37:14:6b:a0:f6:ab:85:41:83:
                    0d:91:81:5c:09:54:e8:61:71:9b:23:2e:a5:db:f6:
                    35:65:4d:d7:8f:86:16:c1:e8:67:1f:ee:68:a6:0e:
                    22:fc:11:7f:1a:09:0d:49:f1:63:a2:a8:f1:01:f9:
                    72:3e:98:52:ca:eb:4c:63:9d:a3:38:f1:df:56:c5:
                    e7:18:1d:cf:22:a8:1b:1b:d7:ce:47:d1:e8:98:3a:
                    11:c1:c5:79:a5:67:d1:89:0b:b8:6c:a7:4d:90:e1:
                    e4:40:7c:73:b1:be:9b:e3:35:fd:3e:75:e8:10:b7:
                    99:ee:9a:74:2a:42:95:de:75:bc:c3:7f:c2:66:99:
                    27:10:7e:57:86:c5:1b:bb:ce:91:58:ae:12:41:32:
                    da:6a:52:04:cb:b4:37:75:5b:5d:63:80:41:71:25:
                    28:47:b9:ab:4f:71:38:78:d7:ee:39:ed:e3:42:96:
                    04:a6:ca:b9:0a:73:c0:6d:cb:e6:ca:82:1a:8d:49:
                    f1:d0:79:50:10:da:49:25:8b:c0:10:1d:63:1c:a5:
                    9d:db:0d:23:13:cc:60:bc:d0:80:a5:65:9c:ee:a0:
                    57:03:30:30:34:01:66:6b:53:fc:34:71:6b:ae:c5:
                    b5:33:4f:ca:f2:4c:14:a8:8f:85:23:8a:45:48:80:
                    21:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:40:E2:56:06:65:1A:07:54:84:C7:09:FA:76:6D:80:DA:D5:2D:9C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/7d5e1c-9d79-4b39-b560-e997e558d73a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/7d5e1c-9d79-4b39-b560-e997e558d73a/1/z0DiVgZlGgdUhMcJ-nZtgNrVLZw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.200.224.0/20

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  25350

    Signature Algorithm: sha256WithRSAEncryption
         12:a4:bf:ad:79:19:75:1c:8b:56:e2:ba:49:77:e5:88:a3:19:
         57:5d:94:32:98:86:ad:32:e7:6a:48:fa:74:9d:35:27:56:88:
         30:7d:94:4d:1b:5a:f2:8b:d4:d9:f5:b5:97:e6:f3:fc:46:c5:
         4e:e0:0e:26:69:16:6e:ff:82:6a:c9:6b:d3:3d:4d:19:bc:ed:
         d4:5b:0f:4f:53:65:e3:ed:77:1b:59:ee:cc:24:69:ef:90:64:
         e8:cf:0e:c1:49:13:da:80:b5:a9:54:d6:86:38:3c:03:66:80:
         23:13:87:43:f5:e6:e4:55:78:d9:f3:2f:58:81:7c:a8:d3:fc:
         f5:27:34:fd:b5:b3:dd:8e:1e:e8:40:15:dc:bb:21:4e:e2:e0:
         d0:6c:c6:e5:71:9a:a3:69:37:4d:aa:63:d1:db:9c:a2:e4:11:
         64:ed:4d:3f:25:25:04:a5:19:8c:29:a5:f9:69:97:33:81:bb:
         c7:d9:2c:72:9c:55:92:3d:09:98:5d:39:9f:5f:48:fe:f3:1f:
         7f:06:59:59:92:8b:e8:2d:48:61:d3:e1:42:2b:60:0b:8c:d1:
         64:59:96:f8:86:f6:e2:05:52:72:35:fb:07:b6:55:1d:01:62:
         03:04:44:a8:c3:a7:03:35:5a:2e:9a:d0:0f:2b:e7:df:53:a0:
         0a:d0:c2:73
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAZQlj1kbpoMdvzwowd2mHRbXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDU0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjQwZTI1NjA2NjUxYTA3NTQ4NGM3MDlmYTc2NmQ4MGRhZDUyZDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCdcoUI3FGug9quFQYMNkYFcCVTo
YXGbIy6l2/Y1ZU3Xj4YWwehnH+5opg4i/BF/GgkNSfFjoqjxAflyPphSyutMY52j
OPHfVsXnGB3PIqgbG9fOR9HomDoRwcV5pWfRiQu4bKdNkOHkQHxzsb6b4zX9PnXo
ELeZ7pp0KkKV3nW8w3/CZpknEH5XhsUbu86RWK4SQTLaalIEy7Q3dVtdY4BBcSUo
R7mrT3E4eNfuOe3jQpYEpsq5CnPAbcvmyoIajUnx0HlQENpJJYvAEB1jHKWd2w0j
E8xgvNCApWWc7qBXAzAwNAFma1P8NHFrrsW1M0/K8kwUqI+FI4pFSIAhYQIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFM9A4lYGZRoHVITHCfp2bYDa1S2cMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJjLzdkNWUx
Yy05ZDc5LTRiMzktYjU2MC1lOTk3ZTU1OGQ3M2EvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmMvN2Q1ZTFj
LTlkNzktNGIzOS1iNTYwLWU5OTdlNTU4ZDczYS8xL3owRGlWZ1psR2dkVWhNY0ot
blp0Z05yVkxady5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQEUcjgMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AmMGMA0GCSqGSIb3DQEBCwUAA4IBAQASpL+teRl1HItW4rpJd+WIoxlXXZQymIat
MudqSPp0nTUnVogwfZRNG1ryi9TZ9bWX5vP8RsVO4A4maRZu/4JqyWvTPU0ZvO3U
Ww9PU2Xj7XcbWe7MJGnvkGTozw7BSRPagLWpVNaGODwDZoAjE4dD9ebkVXjZ8y9Y
gXyo0/z1JzT9tbPdjh7oQBXcuyFO4uDQbMblcZqjaTdNqmPR25yi5BFk7U0/JSUE
pRmMKaX5aZczgbvH2SxynFWSPQmYXTmfX0j+8x9/BllZkovoLUhh0+FCK2ALjNFk
WZb4hvbiBVJyNfsHtlUdAWIDBESow6cDNVoumtAPK+ffU6AK0MJz
-----END CERTIFICATE-----