Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/WNidwYngCTYayyZVaA5mnAvEdFY.cer
File:                     WNidwYngCTYayyZVaA5mnAvEdFY.cer (raw, json)
Hash identifier:          R7Nc0l8kTbGW8mYHKYt1QkFOBCTpdQDVq70l7tVhhgM=
Subject key identifier:   58:D8:9D:C1:89:E0:09:36:1A:CB:26:55:68:0E:66:9C:0B:C4:74:56
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019652F2F5F0890BA2AB8AF9FDE5F8DD0638
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c2/51ef46-d069-474c-9b4b-9dff5bd5488a/1/WNidwYngCTYayyZVaA5mnAvEdFY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c2/51ef46-d069-474c-9b4b-9dff5bd5488a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 20 Apr 2025 11:26:16 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.241.204.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 20:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:52:f2:f5:f0:89:0b:a2:ab:8a:f9:fd:e5:f8:dd:06:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr 20 11:26:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58d89dc189e009361acb2655680e669c0bc47456
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:43:5c:5d:d8:56:20:ef:1b:24:7e:73:8e:8f:
                    b1:44:ac:4e:22:d8:f0:e3:97:e0:9a:f1:e3:f5:47:
                    42:25:40:49:ec:a4:d3:dc:ee:87:7c:92:97:ff:ed:
                    2e:5d:c3:93:a2:fe:52:22:0e:65:5e:74:fe:c7:f6:
                    26:0a:26:a2:31:57:e5:85:50:1f:7e:ef:f2:d9:b6:
                    92:14:e5:b3:59:94:b1:27:f2:1c:dd:7e:6f:ad:19:
                    f8:f8:69:a3:6f:cf:2f:d6:20:82:53:4e:57:c3:fb:
                    cc:4d:65:1b:41:d4:db:c4:24:46:dc:79:04:9a:63:
                    31:0e:47:15:ca:7b:40:86:36:6c:73:ba:57:1e:99:
                    60:43:2f:e9:2c:23:e6:1a:79:d7:53:a4:b6:eb:43:
                    6c:03:56:af:5a:08:23:b9:9a:fb:10:70:2a:2a:b6:
                    43:c5:5f:d8:08:0a:9b:66:ef:57:43:a2:d9:c3:68:
                    95:e8:86:7b:64:0b:5b:79:02:8d:03:84:6d:3b:75:
                    7f:3a:4f:22:43:5d:79:3c:39:92:ec:5e:50:58:18:
                    6a:ca:48:86:91:83:95:4e:79:3d:9d:58:50:c7:e8:
                    98:de:bc:10:c0:69:6a:b6:c5:6b:5d:25:d9:11:da:
                    6d:c8:bb:58:3b:97:c3:21:12:c2:84:c3:13:f4:0b:
                    c3:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:D8:9D:C1:89:E0:09:36:1A:CB:26:55:68:0E:66:9C:0B:C4:74:56
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/51ef46-d069-474c-9b4b-9dff5bd5488a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/51ef46-d069-474c-9b4b-9dff5bd5488a/1/WNidwYngCTYayyZVaA5mnAvEdFY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:2f:93:4d:0f:00:59:de:c9:35:5c:16:5c:df:66:e0:05:f9:
         b1:ae:4a:45:8d:9b:f5:98:72:d1:b0:28:45:34:9f:d2:7c:0c:
         51:6e:2e:e6:a6:b3:ae:1c:c1:c6:96:80:eb:b4:bb:d9:04:10:
         39:25:cb:d9:25:4a:69:d5:02:7e:ae:eb:89:06:2d:62:05:29:
         51:c9:cd:db:33:ee:99:48:7c:e0:cf:f2:d9:2d:46:bf:83:d6:
         42:cf:75:19:73:c0:73:6b:81:66:e1:d4:1e:ef:3c:8c:f4:ff:
         02:9f:aa:f4:50:c8:19:c1:35:56:c9:4b:03:2a:c6:36:74:a4:
         26:c8:ec:11:a9:64:5d:e4:f4:b4:1a:11:ff:24:8e:69:26:a2:
         e8:db:b9:4a:28:05:c7:94:50:21:b3:79:b0:0f:2b:39:f6:35:
         21:2b:90:13:4e:34:d1:61:57:a8:fd:40:f5:63:ca:11:17:81:
         2f:8f:b2:3c:a0:55:26:7f:73:dc:6f:9c:af:4b:61:a2:18:4b:
         2e:61:5f:82:95:1a:a4:27:2b:85:3c:02:b2:99:a1:3c:b8:a1:
         a6:29:7c:5c:db:97:cb:c1:87:7a:a7:50:38:78:9f:9d:15:9d:
         32:49:26:aa:19:6e:c0:31:ba:55:61:2f:43:cc:2d:58:24:a0:
         a6:19:df:83
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZZS8vXwiQuiq4r5/eX43QY4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNDIwMTEyNjE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGQ4OWRjMTg5ZTAwOTM2MWFjYjI2NTU2ODBlNjY5YzBiYzQ3NDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkNcXdhWIO8bJH5zjo+xRKxOItjw
45fgmvHj9UdCJUBJ7KTT3O6HfJKX/+0uXcOTov5SIg5lXnT+x/YmCiaiMVflhVAf
fu/y2baSFOWzWZSxJ/Ic3X5vrRn4+Gmjb88v1iCCU05Xw/vMTWUbQdTbxCRG3HkE
mmMxDkcVyntAhjZsc7pXHplgQy/pLCPmGnnXU6S260NsA1avWggjuZr7EHAqKrZD
xV/YCAqbZu9XQ6LZw2iV6IZ7ZAtbeQKNA4RtO3V/Ok8iQ115PDmS7F5QWBhqykiG
kYOVTnk9nVhQx+iY3rwQwGlqtsVrXSXZEdptyLtYO5fDIRLChMMT9AvDrQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFFjYncGJ4Ak2GssmVWgOZpwLxHRWMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MyLzUxZWY0
Ni1kMDY5LTQ3NGMtOWI0Yi05ZGZmNWJkNTQ4OGEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzIvNTFlZjQ2
LWQwNjktNDc0Yy05YjRiLTlkZmY1YmQ1NDg4YS8xL1dOaWR3WW5nQ1RZYXl5WlZh
QTVtbkF2RWRGWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAufHMMA0GCSqGSIb3DQEBCwUAA4IBAQA1L5NN
DwBZ3sk1XBZc32bgBfmxrkpFjZv1mHLRsChFNJ/SfAxRbi7mprOuHMHGloDrtLvZ
BBA5JcvZJUpp1QJ+ruuJBi1iBSlRyc3bM+6ZSHzgz/LZLUa/g9ZCz3UZc8Bza4Fm
4dQe7zyM9P8Cn6r0UMgZwTVWyUsDKsY2dKQmyOwRqWRd5PS0GhH/JI5pJqLo27lK
KAXHlFAhs3mwDys59jUhK5ATTjTRYVeo/UD1Y8oRF4Evj7I8oFUmf3Pcb5yvS2Gi
GEsuYV+ClRqkJyuFPAKymaE8uKGmKXxc25fLwYd6p1A4eJ+dFZ0ySSaqGW7AMbpV
YS9DzC1YJKCmGd+D
-----END CERTIFICATE-----