Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/zZY90B7IDenhOMneRKNtSPBrk_0.cer
File:                     zZY90B7IDenhOMneRKNtSPBrk_0.cer (raw, json)
Hash identifier:          800LMRYJgFDTCBbQuURcPcHaBdbvf07hfG4JCBM+8HY=
Subject key identifier:   CD:96:3D:D0:1E:C8:0D:E9:E1:38:C9:DE:44:A3:6D:48:F0:6B:93:FD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019423D727DA913D41F1D08162078490D016
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8b/e403aa-7fa5-4d96-b49f-6cf165239bd9/1/zZY90B7IDenhOMneRKNtSPBrk_0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8b/e403aa-7fa5-4d96-b49f-6cf165239bd9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 21:48:10 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 141.98.209.0/24
                          IP: 2a12:96c0::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:27:da:91:3d:41:f1:d0:81:62:07:84:90:d0:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 21:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd963dd01ec80de9e138c9de44a36d48f06b93fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:d5:a7:d5:dc:07:22:50:24:2d:a6:6d:7b:c2:
                    b4:8c:e1:89:9f:44:05:d7:cc:5e:22:70:8c:de:3c:
                    55:a5:16:d8:bd:c8:cd:24:fe:00:3c:d8:83:32:ec:
                    2b:7a:6a:31:df:3b:c0:cf:6c:03:db:83:39:9a:8c:
                    c1:bc:c9:4e:c6:5d:ad:da:e8:b8:73:21:ab:fa:d2:
                    e6:c5:f8:b0:58:ed:73:6b:64:80:b8:3a:ab:99:47:
                    30:6f:41:5d:c2:e4:d0:58:58:27:49:c5:61:37:39:
                    22:b9:07:94:76:fa:39:75:31:8c:51:6c:80:ef:70:
                    77:b9:96:c8:7e:f8:34:f3:c4:9c:e1:79:82:3f:b5:
                    26:99:5c:1a:e6:f4:fe:13:f8:97:e8:80:28:51:5f:
                    60:ee:92:91:a3:38:df:f3:5c:42:d0:9b:55:7d:99:
                    dc:16:b7:1d:7e:69:b6:95:ce:e4:46:56:b2:ce:cb:
                    33:3b:5f:cb:b8:4a:41:df:09:a9:3c:84:85:ed:9b:
                    eb:b8:7e:8f:37:8c:5d:b5:53:94:f7:0d:84:a5:34:
                    17:22:05:b2:d3:df:34:56:3f:fe:bf:3d:7e:28:e0:
                    24:56:4a:e6:8e:76:85:af:63:d7:af:f1:4e:de:cf:
                    6d:a6:8d:f0:3e:b1:25:65:59:fe:05:4c:23:14:41:
                    13:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:96:3D:D0:1E:C8:0D:E9:E1:38:C9:DE:44:A3:6D:48:F0:6B:93:FD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e403aa-7fa5-4d96-b49f-6cf165239bd9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e403aa-7fa5-4d96-b49f-6cf165239bd9/1/zZY90B7IDenhOMneRKNtSPBrk_0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.209.0/24
                IPv6:
                  2a12:96c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         64:f3:c6:8c:ab:2e:ce:68:7f:05:9a:94:a3:6a:93:41:8d:91:
         7f:9d:cb:61:d5:5f:e1:2c:13:1c:33:07:41:4c:ca:0b:8a:c6:
         45:3e:a8:b9:06:ef:01:30:63:23:e5:09:7f:8b:40:9d:ef:e6:
         f9:9e:1c:80:33:f6:e2:fb:a4:0f:9f:10:37:10:1f:60:5c:6a:
         5e:c1:14:14:0a:bd:eb:5e:53:25:4b:8b:cb:23:61:69:c2:e7:
         e2:77:a2:43:f3:c2:5f:9e:93:80:c9:75:a3:c9:f3:c0:e1:cb:
         5e:89:6a:55:3f:ff:2f:7f:ae:9d:97:1d:32:ff:49:a9:19:0e:
         75:a5:2c:9e:fd:4d:7a:91:28:8d:bd:46:3d:8d:cf:b1:33:c6:
         e3:9d:30:c0:6b:9f:a9:e1:73:01:69:29:49:c1:bc:fb:19:46:
         fe:85:7c:14:d2:ac:c7:94:7b:dd:e6:e1:fc:c6:7e:1c:dd:16:
         19:ec:6a:2b:2a:a0:a3:fa:31:b1:34:69:a3:c4:ab:38:51:e3:
         85:b6:57:8a:56:b0:7a:40:b5:6a:9b:b7:fa:86:27:3c:3f:59:
         12:cc:1d:3c:60:07:62:fb:5e:91:c8:53:d9:cb:6a:91:b0:51:
         f9:8b:24:af:b0:39:62:97:e3:d7:ff:3a:16:31:40:d4:66:2a:
         d5:dd:bf:39
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQj1yfakT1B8dCBYgeEkNAWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMjE0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDk2M2RkMDFlYzgwZGU5ZTEzOGM5ZGU0NGEzNmQ0OGYwNmI5M2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNWn1dwHIlAkLaZte8K0jOGJn0QF
18xeInCM3jxVpRbYvcjNJP4APNiDMuwremox3zvAz2wD24M5mozBvMlOxl2t2ui4
cyGr+tLmxfiwWO1za2SAuDqrmUcwb0FdwuTQWFgnScVhNzkiuQeUdvo5dTGMUWyA
73B3uZbIfvg088Sc4XmCP7UmmVwa5vT+E/iX6IAoUV9g7pKRozjf81xC0JtVfZnc
Frcdfmm2lc7kRlayzsszO1/LuEpB3wmpPISF7ZvruH6PN4xdtVOU9w2EpTQXIgWy
0980Vj/+vz1+KOAkVkrmjnaFr2PXr/FO3s9tpo3wPrElZVn+BUwjFEET/wIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFM2WPdAeyA3p4TjJ3kSjbUjwa5P9MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhiL2U0MDNh
YS03ZmE1LTRkOTYtYjQ5Zi02Y2YxNjUyMzliZDkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGIvZTQwM2Fh
LTdmYTUtNGQ5Ni1iNDlmLTZjZjE2NTIzOWJkOS8xL3paWTkwQjdJRGVuaE9NbmVS
S050U1BCcmtfMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAjWLRMA0EAgACMAcDBQMqEpbAMA0GCSqGSIb3
DQEBCwUAA4IBAQBk88aMqy7OaH8FmpSjapNBjZF/ncth1V/hLBMcMwdBTMoLisZF
Pqi5Bu8BMGMj5Ql/i0Cd7+b5nhyAM/bi+6QPnxA3EB9gXGpewRQUCr3rXlMlS4vL
I2Fpwufid6JD88JfnpOAyXWjyfPA4cteiWpVP/8vf66dlx0y/0mpGQ51pSye/U16
kSiNvUY9jc+xM8bjnTDAa5+p4XMBaSlJwbz7GUb+hXwU0qzHlHvd5uH8xn4c3RYZ
7GorKqCj+jGxNGmjxKs4UeOFtleKVrB6QLVqm7f6hic8P1kSzB08YAdi+16RyFPZ
y2qRsFH5iySvsDlil+PX/zoWMUDUZirV3b85
-----END CERTIFICATE-----