Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/zfy95jLRBvqtmMLBiVqHfKYBUho.cer
File:                     zfy95jLRBvqtmMLBiVqHfKYBUho.cer (raw, json)
Hash identifier:          0NRG4k3vGZ25FmQi9TrBnGq0+tbGwlwHuHMFnF1KBvo=
Subject key identifier:   CD:FC:BD:E6:32:D1:06:FA:AD:98:C2:C1:89:5A:87:7C:A6:01:52:1A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B7443A5280EC346AEACA4C378E527B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/75/fe45cf-4ad2-41d9-bbca-203cfa238696/1/zfy95jLRBvqtmMLBiVqHfKYBUho.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/75/fe45cf-4ad2-41d9-bbca-203cfa238696/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:30:16 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 137.120.0.0/16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:44:3a:52:80:ec:34:6a:ea:ca:4c:37:8e:52:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cdfcbde632d106faad98c2c1895a877ca601521a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e9:1e:76:bd:83:23:ca:65:b5:62:10:e9:40:
                    6b:7b:ef:1a:6d:56:f3:f0:e1:4d:fb:f7:f2:14:ac:
                    d9:20:43:bf:15:75:9f:1f:d2:c1:fc:c8:51:f3:85:
                    b8:4a:46:43:77:ad:4e:95:00:36:d5:e1:18:11:ca:
                    e5:53:7f:9e:df:f7:c8:70:bd:ce:b0:c9:21:19:17:
                    1e:7d:fb:66:61:99:ea:27:76:90:ed:21:54:66:fe:
                    fc:f2:dc:55:f4:5c:82:bb:9d:68:45:a3:a5:df:6b:
                    73:c1:e5:6c:39:8a:86:3f:3f:cb:47:c6:e5:a1:d6:
                    bf:49:96:f0:0e:8e:29:7a:f2:41:5d:ae:17:2d:bd:
                    85:ea:1c:0e:fa:69:2d:db:0e:71:59:a8:8a:f5:4b:
                    da:77:c6:8e:58:34:5e:75:ab:42:5d:8f:51:c4:b1:
                    df:84:e8:78:4a:6d:12:a4:50:e3:f8:41:64:08:f9:
                    fe:b5:1e:7f:eb:af:55:c2:94:12:a4:38:9f:00:a3:
                    40:c9:ca:92:de:76:23:7c:6f:3d:7f:6e:d1:84:82:
                    72:09:36:3f:66:83:bc:b3:5e:dd:53:4d:42:07:85:
                    9f:85:51:d0:a9:2a:f1:9a:78:57:7b:19:82:16:ed:
                    6c:d0:f9:b2:23:cb:dc:07:d6:e3:41:d6:94:a3:68:
                    f9:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:FC:BD:E6:32:D1:06:FA:AD:98:C2:C1:89:5A:87:7C:A6:01:52:1A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/fe45cf-4ad2-41d9-bbca-203cfa238696/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/fe45cf-4ad2-41d9-bbca-203cfa238696/1/zfy95jLRBvqtmMLBiVqHfKYBUho.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  137.120.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         aa:48:75:75:49:8f:63:a6:5f:a4:20:ae:75:12:d0:2e:3a:71:
         56:b8:9c:ea:68:31:80:30:39:24:35:5d:d7:a3:6c:d1:e8:94:
         d7:d6:b4:1a:b1:1d:dd:26:c2:d4:38:e8:01:0a:c5:77:69:96:
         c8:e3:43:ad:d1:67:53:5d:7c:f6:ad:43:7b:60:0d:e4:d6:7d:
         b7:19:64:ef:c7:15:c2:4a:bb:37:ab:69:80:ca:88:d6:62:38:
         fb:62:79:25:a3:eb:6e:fd:a5:91:51:a9:53:46:bc:57:05:b5:
         dc:48:78:dd:59:03:a6:6f:b7:fb:85:78:99:a3:a3:be:88:9b:
         6d:77:c7:7f:63:bf:78:cb:d8:42:ea:5c:bc:d9:e4:2d:fa:92:
         de:c3:44:3e:42:41:78:50:e3:7b:23:5e:b5:50:d1:03:60:de:
         9d:6a:2c:db:ec:ff:50:c4:69:b5:e1:20:fe:15:ef:63:8a:cb:
         e2:34:c0:9f:47:04:7d:3e:1f:d0:6b:e0:2b:03:f9:a7:b8:ad:
         86:f9:8e:25:d9:88:71:a2:df:c5:d3:b7:10:98:b7:c6:5f:ec:
         87:ee:b7:df:7a:20:66:f6:78:ff:eb:8a:96:49:6f:2d:30:b1:
         56:cf:b3:15:aa:7c:2f:cd:8c:e2:b4:d6:ee:cc:42:ee:29:b2:
         91:43:13:a8
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAYzDt0Q6UoDsNGrqykw3jlJ7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGZjYmRlNjMyZDEwNmZhYWQ5OGMyYzE4OTVhODc3Y2E2MDE1MjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArukedr2DI8pltWIQ6UBre+8abVbz
8OFN+/fyFKzZIEO/FXWfH9LB/MhR84W4SkZDd61OlQA21eEYEcrlU3+e3/fIcL3O
sMkhGRcefftmYZnqJ3aQ7SFUZv788txV9FyCu51oRaOl32tzweVsOYqGPz/LR8bl
oda/SZbwDo4pevJBXa4XLb2F6hwO+mkt2w5xWaiK9Uvad8aOWDRedatCXY9RxLHf
hOh4Sm0SpFDj+EFkCPn+tR5/669VwpQSpDifAKNAycqS3nYjfG89f27RhIJyCTY/
ZoO8s17dU01CB4WfhVHQqSrxmnhXexmCFu1s0PmyI8vcB9bjQdaUo2j5+wIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFM38veYy0Qb6rZjCwYlah3ymAVIaMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc1L2ZlNDVj
Zi00YWQyLTQxZDktYmJjYS0yMDNjZmEyMzg2OTYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzUvZmU0NWNm
LTRhZDItNDFkOS1iYmNhLTIwM2NmYTIzODY5Ni8xL3pmeTk1akxSQnZxdG1NTEJp
VnFIZktZQlVoby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUF
BwEHAQH/BA8wDTALBAIAATAFAwMAiXgwDQYJKoZIhvcNAQELBQADggEBAKpIdXVJ
j2OmX6QgrnUS0C46cVa4nOpoMYAwOSQ1XdejbNHolNfWtBqxHd0mwtQ46AEKxXdp
lsjjQ63RZ1NdfPatQ3tgDeTWfbcZZO/HFcJKuzeraYDKiNZiOPtieSWj6279pZFR
qVNGvFcFtdxIeN1ZA6Zvt/uFeJmjo76Im213x39jv3jL2ELqXLzZ5C36kt7DRD5C
QXhQ43sjXrVQ0QNg3p1qLNvs/1DEabXhIP4V72OKy+I0wJ9HBH0+H9Br4CsD+ae4
rYb5jiXZiHGi38XTtxCYt8Zf7Ifut996IGb2eP/ripZJby0wsVbPsxWqfC/NjOK0
1u7MQu4pspFDE6g=
-----END CERTIFICATE-----