Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3wBu2HGlzgDSu_lovAlA7lhqPOs.cer
File:                     3wBu2HGlzgDSu_lovAlA7lhqPOs.cer (raw, json)
Hash identifier:          s1kntZxcS5A/UfvHsLe0kzS/0drTNWIvpq340YeRyjw=
Subject key identifier:   DF:00:6E:D8:71:A5:CE:00:D2:BB:F9:68:BC:09:40:EE:58:6A:3C:EB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0196CDB665AD2B77155954390CE6D6CCF41E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/5d/c8f6e1-46c8-4e12-8ce6-95b9e362f077/1/3wBu2HGlzgDSu_lovAlA7lhqPOs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/5d/c8f6e1-46c8-4e12-8ce6-95b9e362f077/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 14 May 2025 07:33:25 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 147.220.0.0/16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 May 2025 14:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:cd:b6:65:ad:2b:77:15:59:54:39:0c:e6:d6:cc:f4:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: May 14 07:33:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df006ed871a5ce00d2bbf968bc0940ee586a3ceb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:77:af:0c:d1:93:bd:d4:28:5c:dd:a4:05:85:
                    53:41:b0:a6:54:ed:2e:bc:86:87:53:ee:ba:38:5c:
                    e4:99:15:ec:38:6e:ab:dd:87:00:95:e6:51:7e:65:
                    d9:f3:6d:08:66:8d:a3:1b:0a:d3:30:69:9e:c5:da:
                    bf:8d:19:0d:f7:92:cc:fe:95:a8:55:10:21:c4:3e:
                    0c:5f:56:61:78:9e:7c:b7:3b:1a:d7:35:54:d0:97:
                    3a:2b:c2:08:0d:82:d0:9d:0a:d6:20:b9:bf:54:ac:
                    c6:6d:02:63:70:0d:c1:43:10:e3:f6:2c:98:a8:f7:
                    36:c2:d0:31:ff:25:c7:6c:55:4a:91:03:3e:f9:87:
                    47:9e:34:c3:39:6b:f7:0e:8f:fd:f3:02:ab:5a:64:
                    ff:c8:af:7d:cd:ea:fc:d4:90:42:0f:13:10:1f:39:
                    e4:3c:cc:ab:66:14:59:09:d6:d8:75:db:fb:cd:c3:
                    39:e5:a1:1a:d1:c8:6d:fa:ff:18:17:04:36:dd:e5:
                    1c:be:b8:40:f8:41:17:db:db:63:cc:fb:a4:07:58:
                    44:1d:84:66:54:81:7d:1a:76:db:32:0b:f6:f3:a1:
                    71:61:68:11:b3:42:25:12:9e:61:fb:a8:9d:7e:85:
                    8d:7b:84:e1:57:35:d5:96:20:20:0f:8f:94:eb:65:
                    32:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:00:6E:D8:71:A5:CE:00:D2:BB:F9:68:BC:09:40:EE:58:6A:3C:EB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/c8f6e1-46c8-4e12-8ce6-95b9e362f077/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/c8f6e1-46c8-4e12-8ce6-95b9e362f077/1/3wBu2HGlzgDSu_lovAlA7lhqPOs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.220.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         99:4c:05:d6:7c:f8:6a:44:a3:aa:9a:b4:55:d1:74:e2:82:6e:
         93:76:8c:a0:27:1d:24:86:bf:f9:ab:ea:af:63:50:15:9d:fb:
         79:1f:16:73:48:c1:d3:55:83:a2:b8:79:2a:f4:ab:56:d2:9e:
         a5:77:00:4d:d3:c5:33:7e:b6:a8:4a:ff:99:db:23:bd:f4:bc:
         fa:9c:91:a8:dd:54:0a:62:4f:fd:59:e9:8e:f0:b0:38:15:f7:
         6b:5c:86:a8:82:96:1a:66:e4:cb:6c:cc:9d:87:bb:6e:a1:96:
         cf:e3:e4:7e:b7:73:11:1b:f6:61:68:89:d1:5d:4f:cd:84:8d:
         a2:57:d6:d5:ed:18:24:b4:07:66:36:4e:d9:5a:1e:6b:6a:41:
         f1:59:fe:3a:4e:4c:07:ac:66:af:e5:8b:e7:cc:f9:c0:74:5c:
         67:fb:31:58:7b:c9:95:38:a2:e6:89:07:b9:2b:68:81:40:79:
         1d:b4:5a:9e:95:9f:c7:cf:b3:2e:05:0e:da:1b:69:3f:37:a8:
         4e:fb:0f:a8:1f:5a:cf:bb:fd:c7:ef:4a:97:6e:2b:c2:f4:1c:
         9a:c0:6a:4a:ca:6c:5f:68:87:0a:89:29:38:5c:6f:f6:4e:34:
         f2:4e:50:6c:75:d8:85:72:0a:35:0d:22:38:3a:f3:71:3f:5f:
         b7:fa:7f:56
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAZbNtmWtK3cVWVQ5DObWzPQeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNTE0MDczMzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjAwNmVkODcxYTVjZTAwZDJiYmY5NjhiYzA5NDBlZTU4NmEzY2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXevDNGTvdQoXN2kBYVTQbCmVO0u
vIaHU+66OFzkmRXsOG6r3YcAleZRfmXZ820IZo2jGwrTMGmexdq/jRkN95LM/pWo
VRAhxD4MX1ZheJ58tzsa1zVU0Jc6K8IIDYLQnQrWILm/VKzGbQJjcA3BQxDj9iyY
qPc2wtAx/yXHbFVKkQM++YdHnjTDOWv3Do/98wKrWmT/yK99zer81JBCDxMQHznk
PMyrZhRZCdbYddv7zcM55aEa0cht+v8YFwQ23eUcvrhA+EEX29tjzPukB1hEHYRm
VIF9GnbbMgv286FxYWgRs0IlEp5h+6idfoWNe4ThVzXVliAgD4+U62UyLwIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFN8Abthxpc4A0rv5aLwJQO5YajzrMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVkL2M4ZjZl
MS00NmM4LTRlMTItOGNlNi05NWI5ZTM2MmYwNzcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWQvYzhmNmUx
LTQ2YzgtNGUxMi04Y2U2LTk1YjllMzYyZjA3Ny8xLzN3QnUySEdsemdEU3VfbG92
QWxBN2xocVBPcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUF
BwEHAQH/BA8wDTALBAIAATAFAwMAk9wwDQYJKoZIhvcNAQELBQADggEBAJlMBdZ8
+GpEo6qatFXRdOKCbpN2jKAnHSSGv/mr6q9jUBWd+3kfFnNIwdNVg6K4eSr0q1bS
nqV3AE3TxTN+tqhK/5nbI730vPqckajdVApiT/1Z6Y7wsDgV92tchqiClhpm5Mts
zJ2Hu26hls/j5H63cxEb9mFoidFdT82EjaJX1tXtGCS0B2Y2TtlaHmtqQfFZ/jpO
TAesZq/li+fM+cB0XGf7MVh7yZU4ouaJB7kraIFAeR20Wp6Vn8fPsy4FDtobaT83
qE77D6gfWs+7/cfvSpduK8L0HJrAakrKbF9ohwqJKThcb/ZONPJOUGx12IVyCjUN
Ijg683E/X7f6f1Y=
-----END CERTIFICATE-----