Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2wU2Dphzgl911nHa8WJKUumFOQw.cer
File:                     2wU2Dphzgl911nHa8WJKUumFOQw.cer (raw, json)
Hash identifier:          WvL2OQLVr3csa9oY3gLyKjDfUaEtIW/6WG0Py0bRzbE=
Subject key identifier:   DB:05:36:0E:98:73:82:5F:75:D6:71:DA:F1:62:4A:52:E9:85:39:0C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01974473EFF88B2C175F0ACEE52B013DB6A6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e1/8fc1e2-41d7-4f35-a13e-d62d224e3caf/1/2wU2Dphzgl911nHa8WJKUumFOQw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e1/8fc1e2-41d7-4f35-a13e-d62d224e3caf/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 06 Jun 2025 08:55:38 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 195.49.180.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Jun 2025 13:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:44:73:ef:f8:8b:2c:17:5f:0a:ce:e5:2b:01:3d:b6:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jun  6 08:55:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db05360e9873825f75d671daf1624a52e985390c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:72:17:9b:d2:76:b4:90:31:c2:e8:70:53:19:
                    1a:2f:30:69:3d:c6:64:4d:c2:41:5d:0c:d0:e8:74:
                    97:de:72:b6:a7:b5:52:bd:f7:eb:2c:3b:31:e5:a5:
                    05:08:c5:89:2d:d2:19:b0:20:99:43:11:24:00:21:
                    6b:68:2e:fb:67:84:56:f5:6e:8f:51:22:b0:d6:0d:
                    e4:dc:07:03:2b:66:0e:2a:eb:da:62:78:a6:ee:76:
                    96:f5:01:88:2c:c0:a4:43:77:93:2f:a8:f3:0a:17:
                    6d:cc:cd:ef:01:8a:4b:cc:2f:cd:e2:cd:73:61:64:
                    6f:fe:d9:bd:fc:e9:a1:46:0c:46:7f:92:85:d9:d5:
                    49:f1:be:a3:08:f7:79:c2:98:14:ef:9b:5c:7d:85:
                    13:90:1d:1b:e5:6f:92:b7:bf:90:71:fe:2a:a7:ad:
                    c8:f0:3a:a7:53:75:1d:5d:82:1c:6b:71:fd:d8:a1:
                    68:34:62:61:94:b4:79:de:c7:1f:c4:32:1a:90:dc:
                    c0:a6:86:13:b8:cb:20:4f:04:8d:ff:d6:ed:83:9a:
                    f2:d7:b2:6e:46:53:7d:77:65:50:87:a1:c4:02:7f:
                    7d:e5:5c:73:ba:e4:60:a6:a0:59:4e:f5:e3:df:d1:
                    12:ea:21:92:0d:01:7c:8b:05:63:08:6b:45:27:52:
                    db:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:05:36:0E:98:73:82:5F:75:D6:71:DA:F1:62:4A:52:E9:85:39:0C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/8fc1e2-41d7-4f35-a13e-d62d224e3caf/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/8fc1e2-41d7-4f35-a13e-d62d224e3caf/1/2wU2Dphzgl911nHa8WJKUumFOQw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.49.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:7a:ac:c4:4c:76:1c:72:ea:c3:81:3c:81:c3:f3:20:ef:23:
         fa:a1:4c:ae:e2:ac:8b:b5:e4:44:f3:14:83:f3:58:78:0f:13:
         7c:74:81:9e:7a:f5:39:f7:8c:b2:61:17:5d:ba:db:28:0d:77:
         b2:69:ff:cd:af:16:56:3c:8f:14:eb:9c:22:fc:d0:71:3f:2f:
         d3:85:0c:e6:53:ba:2a:a2:b3:8a:ed:34:ba:d2:bf:91:3b:0a:
         0d:13:1e:75:b2:f4:a6:7c:b8:86:cf:74:55:8f:20:bc:1c:65:
         ea:d9:de:4a:7f:d2:e3:a8:e2:6d:87:bd:84:4d:81:fe:70:6f:
         e7:aa:a2:91:43:1d:b4:c4:5e:e4:5a:92:39:5e:82:9b:73:13:
         f0:b2:6b:37:c6:e2:47:82:03:f4:78:69:d8:0e:ac:0f:4e:9c:
         6b:2d:6e:00:19:aa:84:66:96:8c:7e:83:9c:89:a2:c9:84:fb:
         76:38:5d:0b:f9:a2:32:97:4b:fa:1c:d0:fe:a1:d4:73:ee:4e:
         54:7b:ce:b8:76:e4:31:d3:31:67:84:79:cf:56:d0:28:79:68:
         8f:9b:8a:3f:39:c9:21:a1:2e:b0:dc:55:fe:01:8f:e2:7c:d5:
         b0:34:1e:8f:6b:6c:b7:8c:a3:f3:ca:d4:8a:85:4a:28:f7:50:
         8c:1f:16:fa
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZdEc+/4iywXXwrO5SsBPbamMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNjA2MDg1NTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjA1MzYwZTk4NzM4MjVmNzVkNjcxZGFmMTYyNGE1MmU5ODUzOTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0HIXm9J2tJAxwuhwUxkaLzBpPcZk
TcJBXQzQ6HSX3nK2p7VSvffrLDsx5aUFCMWJLdIZsCCZQxEkACFraC77Z4RW9W6P
USKw1g3k3AcDK2YOKuvaYnim7naW9QGILMCkQ3eTL6jzChdtzM3vAYpLzC/N4s1z
YWRv/tm9/OmhRgxGf5KF2dVJ8b6jCPd5wpgU75tcfYUTkB0b5W+St7+Qcf4qp63I
8DqnU3UdXYIca3H92KFoNGJhlLR53scfxDIakNzApoYTuMsgTwSN/9btg5ry17Ju
RlN9d2VQh6HEAn995VxzuuRgpqBZTvXj39ES6iGSDQF8iwVjCGtFJ1LbyQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFNsFNg6Yc4JfddZx2vFiSlLphTkMMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2UxLzhmYzFl
Mi00MWQ3LTRmMzUtYTEzZS1kNjJkMjI0ZTNjYWYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTEvOGZjMWUy
LTQxZDctNGYzNS1hMTNlLWQ2MmQyMjRlM2NhZi8xLzJ3VTJEcGh6Z2w5MTFuSGE4
V0pLVXVtRk9Rdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwzG0MA0GCSqGSIb3DQEBCwUAA4IBAQBNeqzE
THYccurDgTyBw/Mg7yP6oUyu4qyLteRE8xSD81h4DxN8dIGeevU594yyYRddutso
DXeyaf/NrxZWPI8U65wi/NBxPy/ThQzmU7oqorOK7TS60r+ROwoNEx51svSmfLiG
z3RVjyC8HGXq2d5Kf9LjqOJth72ETYH+cG/nqqKRQx20xF7kWpI5XoKbcxPwsms3
xuJHggP0eGnYDqwPTpxrLW4AGaqEZpaMfoOciaLJhPt2OF0L+aIyl0v6HND+odRz
7k5Ue864duQx0zFnhHnPVtAoeWiPm4o/OckhoS6w3FX+AY/ifNWwNB6Pa2y3jKPz
ytSKhUoo91CMHxb6
-----END CERTIFICATE-----