Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/zltbNMXCbMP9SuDC5VH3ks7LbFM.cer
File:                     zltbNMXCbMP9SuDC5VH3ks7LbFM.cer (raw, json)
Hash identifier:          SD58VUVHFaTVTaWHVlqkhq9VREK9Gv81OVVvEp8m61s=
Subject key identifier:   CE:5B:5B:34:C5:C2:6C:C3:FD:4A:E0:C2:E5:51:F7:92:CE:CB:6C:53
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019421440AE2813447566F510B600E29CB42
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7c/e53aa0-5048-408f-a3a8-09cbf7b242c3/1/zltbNMXCbMP9SuDC5VH3ks7LbFM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7c/e53aa0-5048-408f-a3a8-09cbf7b242c3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 09:48:14 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 210013
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:0a:e2:81:34:47:56:6f:51:0b:60:0e:29:cb:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 09:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce5b5b34c5c26cc3fd4ae0c2e551f792cecb6c53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:72:e1:b1:50:8f:9f:c4:ab:69:97:2f:e3:ac:
                    a3:a7:82:e2:6d:6d:75:ec:9c:5d:97:23:74:a8:c7:
                    73:b7:d0:b9:96:ef:da:ed:a7:2a:f7:70:14:a7:e7:
                    26:27:74:dd:db:87:2b:01:1e:50:33:74:d5:4c:b2:
                    8c:37:49:79:04:c5:7b:cf:9e:02:e0:d5:7f:63:e9:
                    e8:1a:0d:de:f1:24:ee:67:e7:f1:a8:40:33:0b:b8:
                    b3:b1:28:1a:9b:36:95:c4:75:a6:73:82:56:c2:56:
                    0f:76:50:87:a4:42:f3:0d:93:ac:f0:9b:ec:72:31:
                    b6:61:69:90:c6:ed:2b:fe:c0:85:85:6c:2c:85:59:
                    a4:68:1b:e8:df:07:2a:e5:6c:8a:48:4c:df:2a:14:
                    40:0e:36:5b:2a:4d:e4:96:26:70:a8:e2:1d:75:88:
                    a9:08:9c:5d:ef:49:1e:44:df:95:f3:79:ca:5f:1e:
                    a8:73:a1:99:4b:21:e4:5a:33:07:49:f9:43:4f:98:
                    72:8e:6e:95:52:cb:24:54:4b:2e:73:55:a3:1a:1a:
                    39:38:cf:41:36:8b:06:48:27:1b:ed:da:0c:42:08:
                    92:ad:41:a6:00:09:84:e5:ec:31:d7:20:c3:b1:91:
                    99:1d:a0:fc:94:00:00:9b:d3:5e:63:b6:28:d7:28:
                    12:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:5B:5B:34:C5:C2:6C:C3:FD:4A:E0:C2:E5:51:F7:92:CE:CB:6C:53
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/e53aa0-5048-408f-a3a8-09cbf7b242c3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/e53aa0-5048-408f-a3a8-09cbf7b242c3/1/zltbNMXCbMP9SuDC5VH3ks7LbFM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210013

    Signature Algorithm: sha256WithRSAEncryption
         a0:a8:05:cf:d2:53:12:5a:9e:ec:47:5a:0b:42:0d:77:a5:c6:
         19:fe:23:71:67:74:cb:4a:ee:39:ae:85:f3:15:4e:ed:5e:bd:
         eb:7e:58:40:52:43:b6:7e:f8:c6:98:7b:8a:fd:1a:b7:2e:56:
         65:9a:1a:28:76:6a:64:67:d8:b6:5a:37:a9:a1:f1:58:19:3d:
         cc:8b:98:ae:46:97:40:a3:75:ab:89:1b:b8:15:12:45:73:60:
         51:8d:65:f0:a2:88:64:95:41:07:fd:56:3a:88:35:ff:58:4c:
         73:10:88:42:f7:d1:fd:38:24:f7:8a:d2:f3:10:3a:d9:68:7b:
         ca:e7:bd:b2:3c:0d:e5:ed:e5:2b:2a:05:18:65:08:22:9e:2d:
         72:ab:27:03:dd:06:d2:48:65:95:1a:31:ff:4e:75:8b:9b:90:
         f6:9b:52:96:ff:ef:ec:7a:1b:70:0c:e5:1d:98:bf:55:c4:30:
         14:49:cf:75:76:79:42:8c:ca:8a:fb:9a:2a:d0:56:95:af:19:
         3c:db:d9:ce:78:89:7a:13:31:ff:e3:7a:62:a6:af:0c:3d:12:
         8d:d5:f9:1e:1e:a2:79:6c:24:4f:fc:54:96:e5:75:98:63:47:
         12:12:38:2b:b6:88:5d:db:a3:c2:e6:61:78:ed:18:92:12:10:
         01:15:52:50
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQhRArigTRHVm9RC2AOKctCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDk0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTViNWIzNGM1YzI2Y2MzZmQ0YWUwYzJlNTUxZjc5MmNlY2I2YzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5HLhsVCPn8SraZcv46yjp4LibW11
7JxdlyN0qMdzt9C5lu/a7acq93AUp+cmJ3Td24crAR5QM3TVTLKMN0l5BMV7z54C
4NV/Y+noGg3e8STuZ+fxqEAzC7izsSgamzaVxHWmc4JWwlYPdlCHpELzDZOs8Jvs
cjG2YWmQxu0r/sCFhWwshVmkaBvo3wcq5WyKSEzfKhRADjZbKk3kliZwqOIddYip
CJxd70keRN+V83nKXx6oc6GZSyHkWjMHSflDT5hyjm6VUsskVEsuc1WjGho5OM9B
NosGSCcb7doMQgiSrUGmAAmE5ewx1yDDsZGZHaD8lAAAm9NeY7Yo1ygSdQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFM5bWzTFwmzD/UrgwuVR95LOy2xTMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdjL2U1M2Fh
MC01MDQ4LTQwOGYtYTNhOC0wOWNiZjdiMjQyYzMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2MvZTUzYWEw
LTUwNDgtNDA4Zi1hM2E4LTA5Y2JmN2IyNDJjMy8xL3psdGJOTVhDYk1QOVN1REM1
Vkgza3M3TGJGTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM0XTANBgkqhkiG9w0BAQsFAAOCAQEAoKgFz9JTElqe
7EdaC0INd6XGGf4jcWd0y0ruOa6F8xVO7V69635YQFJDtn74xph7iv0aty5WZZoa
KHZqZGfYtlo3qaHxWBk9zIuYrkaXQKN1q4kbuBUSRXNgUY1l8KKIZJVBB/1WOog1
/1hMcxCIQvfR/Tgk94rS8xA62Wh7yue9sjwN5e3lKyoFGGUIIp4tcqsnA90G0khl
lRox/051i5uQ9ptSlv/v7HobcAzlHZi/VcQwFEnPdXZ5QozKivuaKtBWla8ZPNvZ
zniJehMx/+N6YqavDD0SjdX5Hh6ieWwkT/xUluV1mGNHEhI4K7aIXdujwuZheO0Y
khIQARVSUA==
-----END CERTIFICATE-----