Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Vkd5jyU8ck6wfy6K2MLtlJQ2SZw.cer
File:                     Vkd5jyU8ck6wfy6K2MLtlJQ2SZw.cer (raw, json)
Hash identifier:          /c+BBgTivAj1h0h5XR8mce3dXCgU6ITZidOTIzBDgpo=
Subject key identifier:   56:47:79:8F:25:3C:72:4E:B0:7F:2E:8A:D8:C2:ED:94:94:36:49:9C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0196823B4D2B63402E7C11C7184AA14944A3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/18/4c4f66-9039-4fb1-bd49-1a4b6edb03a7/1/Vkd5jyU8ck6wfy6K2MLtlJQ2SZw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/18/4c4f66-9039-4fb1-bd49-1a4b6edb03a7/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 29 Apr 2025 15:47:26 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 109.70.75.0/24
                          IP: 2a13:eec0::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 04 May 2025 10:06:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:82:3b:4d:2b:63:40:2e:7c:11:c7:18:4a:a1:49:44:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr 29 15:47:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5647798f253c724eb07f2e8ad8c2ed949436499c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:d7:fe:3a:38:3f:f0:f6:b6:14:b7:80:80:43:
                    79:a2:d7:2f:2b:b4:a0:e1:d2:f9:18:85:0b:d8:95:
                    7c:b8:45:aa:8b:85:48:6b:04:d9:cc:a5:8c:b2:b9:
                    e5:fb:7a:96:77:b8:b8:94:8a:49:79:4e:e1:72:dc:
                    ab:59:29:ee:81:f8:77:c7:f7:3b:66:6b:1c:6f:ad:
                    46:ba:93:75:15:35:2c:25:46:33:84:e0:7c:f5:59:
                    56:cc:e0:e7:b6:f0:82:8b:02:45:2d:a5:d0:83:03:
                    39:88:81:b9:bf:4c:6e:08:97:85:86:54:6c:92:eb:
                    c5:87:21:bc:f1:21:5f:8e:94:16:3f:b4:a0:2c:2a:
                    01:36:d0:c5:91:df:c3:99:f3:a5:00:40:b6:8a:57:
                    da:f4:35:9f:cb:8e:d5:c9:c7:ab:7d:8b:e9:c0:f9:
                    65:49:d5:e1:5a:7e:a1:37:f7:21:e9:73:bb:08:23:
                    e4:9a:6d:a0:d7:79:4b:11:b2:6a:80:6b:05:d4:c1:
                    ad:ee:28:35:b4:0a:42:5d:ca:d5:72:77:a9:6f:3b:
                    c6:fd:38:a1:a4:6c:bf:02:f6:b6:9a:5f:14:e6:31:
                    bd:9e:7f:3b:15:3f:92:cd:f5:b3:de:95:55:11:e9:
                    31:72:8a:75:0b:49:71:1c:aa:f0:07:74:33:14:35:
                    ee:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:47:79:8F:25:3C:72:4E:B0:7F:2E:8A:D8:C2:ED:94:94:36:49:9C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/4c4f66-9039-4fb1-bd49-1a4b6edb03a7/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/4c4f66-9039-4fb1-bd49-1a4b6edb03a7/1/Vkd5jyU8ck6wfy6K2MLtlJQ2SZw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.70.75.0/24
                IPv6:
                  2a13:eec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         78:fb:f1:b7:71:d7:2e:a5:50:15:24:fc:0e:7c:ca:6d:64:f3:
         0b:84:2e:1a:be:26:e5:7a:e9:16:72:59:4a:5b:d1:0e:85:a2:
         bb:ad:2a:22:1e:0e:0b:a9:1d:8b:6a:b6:0c:69:eb:22:22:e5:
         b9:8d:18:54:49:fc:cf:3f:2c:71:81:d9:c1:af:47:93:1e:3a:
         8f:15:39:08:3f:d1:b8:8e:b7:06:f3:c6:08:19:fe:3e:8b:6f:
         18:6a:19:14:5e:36:36:55:ea:54:0f:ec:de:b8:f0:fe:91:dc:
         b7:82:00:4d:6f:69:c9:8d:93:bd:29:89:96:90:ce:5e:51:3c:
         38:2a:d9:7a:04:cb:53:f3:23:e2:2e:63:b6:3e:39:4e:e4:48:
         49:d4:e4:d9:bd:08:7a:7f:55:de:20:6e:8b:a3:4c:21:8c:8d:
         42:29:ea:5c:e0:6e:0a:e1:6a:35:47:a0:25:a8:09:35:6a:a6:
         0a:e5:a1:9a:a3:9e:c9:db:8d:05:7b:c4:f0:ad:25:c5:dd:d1:
         70:bb:b1:55:9b:05:49:73:c7:9d:4e:32:a4:a5:db:4c:ff:0d:
         45:65:3b:6e:ee:38:59:f0:c4:18:ec:ae:86:a0:5c:fc:10:8d:
         db:9e:5b:6c:c6:26:d6:43:79:cf:62:09:93:dd:f1:12:4e:6a:
         eb:b8:17:05
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZaCO00rY0AufBHHGEqhSUSjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNDI5MTU0NzI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjQ3Nzk4ZjI1M2M3MjRlYjA3ZjJlOGFkOGMyZWQ5NDk0MzY0OTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztf+Ojg/8Pa2FLeAgEN5otcvK7Sg
4dL5GIUL2JV8uEWqi4VIawTZzKWMsrnl+3qWd7i4lIpJeU7hctyrWSnugfh3x/c7
Zmscb61GupN1FTUsJUYzhOB89VlWzODntvCCiwJFLaXQgwM5iIG5v0xuCJeFhlRs
kuvFhyG88SFfjpQWP7SgLCoBNtDFkd/DmfOlAEC2ilfa9DWfy47VycerfYvpwPll
SdXhWn6hN/ch6XO7CCPkmm2g13lLEbJqgGsF1MGt7ig1tApCXcrVcnepbzvG/Tih
pGy/Ava2ml8U5jG9nn87FT+SzfWz3pVVEekxcop1C0lxHKrwB3QzFDXu4wIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFFZHeY8lPHJOsH8uitjC7ZSUNkmcMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE4LzRjNGY2
Ni05MDM5LTRmYjEtYmQ0OS0xYTRiNmVkYjAzYTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTgvNGM0ZjY2
LTkwMzktNGZiMS1iZDQ5LTFhNGI2ZWRiMDNhNy8xL1ZrZDVqeVU4Y2s2d2Z5Nksy
TUx0bEpRMlNady5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAbUZLMA0EAgACMAcDBQMqE+7AMA0GCSqGSIb3
DQEBCwUAA4IBAQB4+/G3cdcupVAVJPwOfMptZPMLhC4avibleukWcllKW9EOhaK7
rSoiHg4LqR2LarYMaesiIuW5jRhUSfzPPyxxgdnBr0eTHjqPFTkIP9G4jrcG88YI
Gf4+i28YahkUXjY2VepUD+zeuPD+kdy3ggBNb2nJjZO9KYmWkM5eUTw4Ktl6BMtT
8yPiLmO2PjlO5EhJ1OTZvQh6f1XeIG6Lo0whjI1CKepc4G4K4Wo1R6AlqAk1aqYK
5aGao57J240Fe8TwrSXF3dFwu7FVmwVJc8edTjKkpdtM/w1FZTtu7jhZ8MQY7K6G
oFz8EI3bnltsxibWQ3nPYgmT3fESTmrruBcF
-----END CERTIFICATE-----