Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/avtfHyEUagk_P9rQxr_3V3avN8Y.cer
File:                     avtfHyEUagk_P9rQxr_3V3avN8Y.cer (raw, json)
Hash identifier:          VSleciWAvVFwzl0mw7Ar+9jP4JalEXYzVglEnqh5+7w=
Subject key identifier:   6A:FB:5F:1F:21:14:6A:09:3F:3F:DA:D0:C6:BF:F7:57:76:AF:37:C6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01979B9C5BC6A2E0D508F2B3E743A93EE64F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/cc/e3c0c0-2383-48d5-8618-f98b9d227a94/1/avtfHyEUagk_P9rQxr_3V3avN8Y.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/cc/e3c0c0-2383-48d5-8618-f98b9d227a94/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 23 Jun 2025 07:06:45 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.222.204.0/22
                          IP: 2a0c:e800::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 10:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9b:9c:5b:c6:a2:e0:d5:08:f2:b3:e7:43:a9:3e:e6:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jun 23 07:06:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6afb5f1f21146a093f3fdad0c6bff75776af37c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:ec:a7:c0:0d:64:68:c5:d1:1f:e3:da:34:ad:
                    91:3c:5a:f2:15:f8:07:6d:d4:3e:88:a0:b1:d3:3f:
                    37:7b:b7:29:16:78:73:45:e9:cf:b2:b0:5a:c7:fa:
                    d2:c0:3a:46:ba:9b:78:af:85:e9:a7:2a:fa:8b:ca:
                    ec:98:2b:e7:48:13:a3:f5:26:2b:a5:a7:77:e9:c7:
                    36:a1:72:10:6c:0c:be:dc:b1:e6:95:46:63:e2:5e:
                    d6:a4:72:71:a4:7c:a3:e4:8c:e3:e0:34:55:b8:93:
                    d5:b1:44:72:4f:fc:e1:a2:3b:4c:c9:b1:d5:d8:cb:
                    6a:11:be:4a:27:53:eb:b3:b5:b5:90:2e:4b:fb:94:
                    35:3b:2e:b0:aa:80:a3:e1:28:d3:14:8f:88:f9:5d:
                    fe:df:9f:a0:7b:84:0b:f1:91:5f:df:ee:be:53:ec:
                    82:ef:7f:42:5d:17:3e:2e:7f:22:24:a4:ca:7e:f9:
                    48:77:30:26:6a:57:95:16:e9:22:88:d9:cc:64:2f:
                    e1:9b:4a:c9:9f:fe:a3:bd:47:22:4d:eb:a1:dc:c8:
                    3f:38:40:59:bf:8a:b7:0d:02:d0:6c:4c:14:34:6d:
                    3c:1d:fa:ca:ee:d5:ce:7b:0d:38:10:38:97:21:2d:
                    24:16:de:52:c5:65:a9:83:e6:30:ae:11:a4:ed:b9:
                    56:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:FB:5F:1F:21:14:6A:09:3F:3F:DA:D0:C6:BF:F7:57:76:AF:37:C6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/e3c0c0-2383-48d5-8618-f98b9d227a94/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/e3c0c0-2383-48d5-8618-f98b9d227a94/1/avtfHyEUagk_P9rQxr_3V3avN8Y.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.204.0/22
                IPv6:
                  2a0c:e800::/29

    Signature Algorithm: sha256WithRSAEncryption
         24:02:93:14:e5:f2:c3:cd:18:d5:fc:02:b5:7a:7e:70:d6:8b:
         cf:0c:8e:56:c4:a7:3b:0b:45:8a:4c:e5:20:98:23:6a:5d:31:
         7b:7e:a3:8e:2a:8e:0c:5c:7d:60:bd:05:98:58:52:ef:b7:84:
         15:3f:da:99:7f:b6:a6:db:a3:3c:89:8e:c4:fc:9e:98:ef:24:
         97:e3:35:0f:7d:84:38:5a:7c:71:d7:58:9a:08:67:3d:9c:cd:
         46:1b:50:84:b9:81:44:41:d2:14:7e:18:dc:21:5e:6c:e8:e5:
         b7:ab:aa:fb:24:9c:1c:f1:37:15:9b:58:a0:29:65:49:61:65:
         82:b0:ee:3a:1b:7c:7a:fc:d8:92:35:a8:d1:5c:ec:ad:21:b1:
         46:47:9c:dd:be:dc:4d:31:3b:6b:f9:95:54:b2:85:af:29:bb:
         f3:0c:3a:0c:25:6b:e9:7d:cb:42:8d:d9:ef:91:b6:58:57:c3:
         b9:1d:e0:f1:98:40:f9:e8:10:f5:ef:13:29:38:dd:b8:f8:49:
         80:fa:e8:0f:58:00:08:7f:c3:11:8e:e8:9f:86:55:59:67:c2:
         86:34:de:b8:0b:d1:63:06:5c:f0:5d:74:4b:62:a1:37:0a:b3:
         b2:55:a7:ea:7c:05:49:49:b2:a6:16:a5:4c:84:2d:35:a4:ca:
         01:9e:0a:28
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZebnFvGouDVCPKz50OpPuZPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNjIzMDcwNjQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWZiNWYxZjIxMTQ2YTA5M2YzZmRhZDBjNmJmZjc1Nzc2YWYzN2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuynwA1kaMXRH+PaNK2RPFryFfgH
bdQ+iKCx0z83e7cpFnhzRenPsrBax/rSwDpGupt4r4Xppyr6i8rsmCvnSBOj9SYr
pad36cc2oXIQbAy+3LHmlUZj4l7WpHJxpHyj5Izj4DRVuJPVsURyT/zhojtMybHV
2MtqEb5KJ1Prs7W1kC5L+5Q1Oy6wqoCj4SjTFI+I+V3+35+ge4QL8ZFf3+6+U+yC
739CXRc+Ln8iJKTKfvlIdzAmaleVFukiiNnMZC/hm0rJn/6jvUciTeuh3Mg/OEBZ
v4q3DQLQbEwUNG08HfrK7tXOew04EDiXIS0kFt5SxWWpg+YwrhGk7blWawIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFGr7Xx8hFGoJPz/a0Ma/91d2rzfGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NjL2UzYzBj
MC0yMzgzLTQ4ZDUtODYxOC1mOThiOWQyMjdhOTQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2MvZTNjMGMw
LTIzODMtNDhkNS04NjE4LWY5OGI5ZDIyN2E5NC8xL2F2dGZIeUVVYWdrX1A5clF4
cl8zVjNhdk44WS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCud7MMA0EAgACMAcDBQMqDOgAMA0GCSqGSIb3
DQEBCwUAA4IBAQAkApMU5fLDzRjV/AK1en5w1ovPDI5WxKc7C0WKTOUgmCNqXTF7
fqOOKo4MXH1gvQWYWFLvt4QVP9qZf7am26M8iY7E/J6Y7ySX4zUPfYQ4Wnxx11ia
CGc9nM1GG1CEuYFEQdIUfhjcIV5s6OW3q6r7JJwc8TcVm1igKWVJYWWCsO46G3x6
/NiSNajRXOytIbFGR5zdvtxNMTtr+ZVUsoWvKbvzDDoMJWvpfctCjdnvkbZYV8O5
HeDxmED56BD17xMpON24+EmA+ugPWAAIf8MRjuifhlVZZ8KGNN64C9FjBlzwXXRL
YqE3CrOyVafqfAVJSbKmFqVMhC01pMoBngoo
-----END CERTIFICATE-----