Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/zvOPSFaIM6X3FX7vWXh4M6AfU_U.cer
File:                     zvOPSFaIM6X3FX7vWXh4M6AfU_U.cer (raw, json)
Hash identifier:          biceVjQEyJ6UzaChd6Q2WX2kgjTQ2cJdfKAmVfusuiw=
Subject key identifier:   CE:F3:8F:48:56:88:33:A5:F7:15:7E:EF:59:78:78:33:A0:1F:53:F5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194252224BFDA6443647D6C27C0F4624860
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/94/e10abe-4148-451b-94f5-f95c6097a50d/1/zvOPSFaIM6X3FX7vWXh4M6AfU_U.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/94/e10abe-4148-451b-94f5-f95c6097a50d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 03:49:42 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.92.60.0/22
                          IP: 2a05:ef40::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:24:bf:da:64:43:64:7d:6c:27:c0:f4:62:48:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 03:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cef38f48568833a5f7157eef59787833a01f53f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:39:a3:b3:f6:b7:bd:9e:ac:8e:7d:97:41:b2:
                    15:88:84:38:fa:34:f3:03:6b:c9:0d:5b:2a:9e:d4:
                    34:03:13:8e:48:ff:4f:fd:b5:10:f3:87:60:73:9c:
                    ff:10:7d:32:25:38:73:50:d1:4c:88:19:69:53:73:
                    e8:30:cd:fd:e2:dc:ff:35:9c:9d:6c:8f:b6:b8:c9:
                    a0:f5:1f:91:24:b9:d5:45:89:56:13:ed:8a:08:bd:
                    dc:b5:3f:39:c0:0c:38:24:84:19:95:9f:a8:e1:f8:
                    07:b1:c3:00:17:ca:2c:92:5d:40:c3:9a:b0:a9:d1:
                    92:71:72:00:ca:87:fa:88:fd:19:22:98:a1:ab:e2:
                    18:ae:a6:23:ad:42:dd:12:95:45:d3:71:cf:e3:94:
                    3a:54:ba:7d:e2:b7:36:7f:8a:36:70:f8:41:f1:5d:
                    df:c4:26:34:f6:75:0d:6b:1a:13:f8:91:56:3f:0f:
                    b8:01:07:9a:8f:29:52:9e:7d:9a:74:d0:32:41:36:
                    5f:af:e0:d0:67:20:64:50:83:99:12:a2:85:31:9a:
                    97:c6:c3:e1:39:f1:a2:59:25:27:4d:0c:71:cd:b0:
                    e8:ed:e3:2d:e6:86:bb:ac:af:b2:86:ef:33:c8:aa:
                    1f:3a:e3:57:31:85:e8:77:18:26:37:1d:c4:47:61:
                    85:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:F3:8F:48:56:88:33:A5:F7:15:7E:EF:59:78:78:33:A0:1F:53:F5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/e10abe-4148-451b-94f5-f95c6097a50d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/e10abe-4148-451b-94f5-f95c6097a50d/1/zvOPSFaIM6X3FX7vWXh4M6AfU_U.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.92.60.0/22
                IPv6:
                  2a05:ef40::/29

    Signature Algorithm: sha256WithRSAEncryption
         95:0f:69:48:fb:d3:2e:b6:64:0c:08:13:bf:e5:9c:37:d6:25:
         e4:72:db:79:56:4a:c3:59:fe:37:ad:58:77:3f:ca:9d:5b:d9:
         e3:ef:a6:69:b9:f8:0f:0b:08:fb:3d:83:07:d0:1f:cd:c1:9b:
         04:de:49:94:10:59:5a:f9:8a:bf:46:6e:1e:c5:39:2c:74:29:
         cb:91:a8:6e:78:e2:0c:1a:88:50:20:fb:7f:41:50:c8:cf:a7:
         6b:5d:aa:ff:c4:00:2c:da:c6:e7:46:0c:6b:6c:69:fe:85:13:
         3c:fc:96:ef:cc:cc:8c:db:55:2a:c5:da:2a:1e:45:1c:c0:cd:
         e4:34:25:2b:74:fa:15:d6:8d:6e:d5:c6:d9:8d:4a:31:b5:e8:
         fb:35:6a:6a:96:6a:37:42:af:a5:61:61:ee:16:c3:f5:5d:a6:
         3e:87:21:de:96:a1:90:8d:ef:9c:9e:b3:bd:f3:61:24:35:55:
         8f:8b:93:fd:a5:51:c0:22:85:aa:2e:8a:94:85:83:21:57:f1:
         1f:99:23:25:7d:ca:10:63:5d:91:d5:67:10:45:cf:46:b4:d2:
         d6:a7:33:39:98:69:b0:c8:b1:78:80:ec:2f:bc:6b:6f:f2:8c:
         96:0d:88:72:d5:f7:8d:ea:0b:4a:99:17:ae:5a:97:a7:13:a7:
         b9:6d:fa:29
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQlIiS/2mRDZH1sJ8D0YkhgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDM0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWYzOGY0ODU2ODgzM2E1ZjcxNTdlZWY1OTc4NzgzM2EwMWY1M2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzmjs/a3vZ6sjn2XQbIViIQ4+jTz
A2vJDVsqntQ0AxOOSP9P/bUQ84dgc5z/EH0yJThzUNFMiBlpU3PoMM394tz/NZyd
bI+2uMmg9R+RJLnVRYlWE+2KCL3ctT85wAw4JIQZlZ+o4fgHscMAF8oskl1Aw5qw
qdGScXIAyof6iP0ZIpihq+IYrqYjrULdEpVF03HP45Q6VLp94rc2f4o2cPhB8V3f
xCY09nUNaxoT+JFWPw+4AQeajylSnn2adNAyQTZfr+DQZyBkUIOZEqKFMZqXxsPh
OfGiWSUnTQxxzbDo7eMt5oa7rK+yhu8zyKofOuNXMYXodxgmNx3ER2GFHwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFM7zj0hWiDOl9xV+71l4eDOgH1P1MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk0L2UxMGFi
ZS00MTQ4LTQ1MWItOTRmNS1mOTVjNjA5N2E1MGQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTQvZTEwYWJl
LTQxNDgtNDUxYi05NGY1LWY5NWM2MDk3YTUwZC8xL3p2T1BTRmFJTTZYM0ZYN3ZX
WGg0TTZBZlVfVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuVw8MA0EAgACMAcDBQMqBe9AMA0GCSqGSIb3
DQEBCwUAA4IBAQCVD2lI+9MutmQMCBO/5Zw31iXkctt5VkrDWf43rVh3P8qdW9nj
76ZpufgPCwj7PYMH0B/NwZsE3kmUEFla+Yq/Rm4exTksdCnLkahueOIMGohQIPt/
QVDIz6drXar/xAAs2sbnRgxrbGn+hRM8/JbvzMyM21UqxdoqHkUcwM3kNCUrdPoV
1o1u1cbZjUoxtej7NWpqlmo3Qq+lYWHuFsP1XaY+hyHelqGQje+cnrO982EkNVWP
i5P9pVHAIoWqLoqUhYMhV/EfmSMlfcoQY12R1WcQRc9GtNLWpzM5mGmwyLF4gOwv
vGtv8oyWDYhy1feN6gtKmReuWpenE6e5bfop
-----END CERTIFICATE-----