Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/sRONAhJPsjJs8_s1GtMlGmO-xzk.cer
File:                     sRONAhJPsjJs8_s1GtMlGmO-xzk.cer (raw, json)
Hash identifier:          kuwomz/VB4JsznEQqBsFbYD3lJKV2KLbGaLTXvCcxFQ=
Subject key identifier:   B1:13:8D:02:12:4F:B2:32:6C:F3:FB:35:1A:D3:25:1A:63:BE:C7:39
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01969AD8BCD268D7DB8A044E96735812A3AB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/c6fd4ea1-a266-4dea-b48a-15da35452109/0/B1138D02124FB2326CF3FB351AD3251A63BEC739.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/c6fd4ea1-a266-4dea-b48a-15da35452109/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Sun 04 May 2025 10:30:17 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 198025
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:9a:d8:bc:d2:68:d7:db:8a:04:4e:96:73:58:12:a3:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: May  4 10:30:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1138d02124fb2326cf3fb351ad3251a63bec739
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:1e:c4:d9:de:b2:56:4d:33:a4:59:eb:29:61:
                    e9:4e:b9:59:bd:11:e6:d3:8d:39:62:06:f8:ac:7a:
                    9c:33:25:d0:f5:4c:3c:6d:fc:cc:64:85:9a:da:7e:
                    98:4c:d1:98:77:20:fb:ce:22:c3:5e:ec:27:1b:9a:
                    d1:8f:4d:1b:0e:f0:7c:c4:e6:7d:c0:eb:bf:55:20:
                    82:75:4e:c3:ba:d8:11:f0:2c:44:27:51:8d:8f:af:
                    52:f7:14:43:05:9f:a2:00:f8:71:f5:12:c5:76:25:
                    0e:fd:6e:d2:86:c8:0e:15:57:d2:be:a2:88:49:92:
                    2f:bd:60:7d:40:64:b9:3f:23:08:45:a3:a1:fe:7c:
                    57:ed:a9:79:ea:1f:b1:d1:c9:30:fd:7f:49:57:19:
                    e6:98:19:0e:96:cb:20:f0:14:af:ed:04:64:26:56:
                    99:ca:18:cc:6c:4f:44:28:43:3d:ec:a0:1a:c6:fb:
                    1d:de:7a:36:bc:d2:6f:aa:dc:44:c4:36:89:6c:7e:
                    72:90:07:f9:8b:48:b4:48:7c:86:63:5a:31:73:ea:
                    3d:4e:fb:31:1b:6b:d6:10:8e:99:80:31:91:87:9f:
                    d0:bd:12:cc:1b:86:fc:27:4b:10:d9:b8:45:d8:ff:
                    8b:12:53:7f:20:ed:c1:3b:1c:53:71:18:ed:b8:ad:
                    7d:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:13:8D:02:12:4F:B2:32:6C:F3:FB:35:1A:D3:25:1A:63:BE:C7:39
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/c6fd4ea1-a266-4dea-b48a-15da35452109/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/c6fd4ea1-a266-4dea-b48a-15da35452109/0/B1138D02124FB2326CF3FB351AD3251A63BEC739.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198025

    Signature Algorithm: sha256WithRSAEncryption
         a0:a7:73:e6:d4:f7:0e:cd:1b:60:5e:69:97:27:14:e9:85:d4:
         fa:ff:9f:f6:2a:75:74:fa:26:c2:9d:20:0f:14:4d:02:f8:81:
         ca:08:d5:1b:05:1d:e9:4d:25:7a:dd:4f:a4:a1:d4:bd:de:7a:
         b3:94:c6:09:ea:a1:ca:bb:2f:34:b8:fe:c7:77:b7:7a:90:d3:
         e4:99:d9:b5:c1:3a:27:ab:a2:d1:85:44:48:a5:a0:05:e5:c9:
         af:4c:e1:a6:b5:a9:68:a6:da:71:89:0b:2c:94:17:27:4d:ca:
         8c:73:68:2e:74:41:eb:59:dc:32:75:30:8b:fe:cb:73:98:73:
         da:5c:4e:a4:62:bc:82:36:09:7a:6c:50:0a:fc:bd:03:1d:e8:
         83:04:13:54:a8:44:88:a4:03:32:c6:3d:47:59:24:89:78:e2:
         dc:76:42:09:c3:e1:8e:dc:9f:df:dd:79:09:5d:ee:63:01:72:
         f7:f6:1f:d3:73:c0:e1:19:68:75:f9:94:0b:cf:8d:42:ab:ca:
         7c:f8:cd:43:30:88:c2:60:ad:d8:64:03:73:45:39:40:16:ed:
         32:1b:fe:c3:b6:d3:cc:f9:06:17:a9:54:15:b1:72:f9:b2:a8:
         eb:5c:d2:0b:43:e4:ed:25:96:ed:63:c3:c6:c9:b8:62:ac:c3:
         7a:ce:3c:c5
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZaa2LzSaNfbigROlnNYEqOrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNTA0MTAzMDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTEzOGQwMjEyNGZiMjMyNmNmM2ZiMzUxYWQzMjUxYTYzYmVjNzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvx7E2d6yVk0zpFnrKWHpTrlZvRHm
0405Ygb4rHqcMyXQ9Uw8bfzMZIWa2n6YTNGYdyD7ziLDXuwnG5rRj00bDvB8xOZ9
wOu/VSCCdU7DutgR8CxEJ1GNj69S9xRDBZ+iAPhx9RLFdiUO/W7ShsgOFVfSvqKI
SZIvvWB9QGS5PyMIRaOh/nxX7al56h+x0ckw/X9JVxnmmBkOlssg8BSv7QRkJlaZ
yhjMbE9EKEM97KAaxvsd3no2vNJvqtxExDaJbH5ykAf5i0i0SHyGY1oxc+o9Tvsx
G2vWEI6ZgDGRh5/QvRLMG4b8J0sQ2bhF2P+LElN/IO3BOxxTcRjtuK19JQIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFLETjQIST7IybPP7NRrTJRpjvsc5MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M2ZmQ0
ZWExLWEyNjYtNGRlYS1iNDhhLTE1ZGEzNTQ1MjEwOS8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzZm
ZDRlYTEtYTI2Ni00ZGVhLWI0OGEtMTVkYTM1NDUyMTA5LzAvQjExMzhEMDIxMjRG
QjIzMjZDRjNGQjM1MUFEMzI1MUE2M0JFQzczOS5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDBYkw
DQYJKoZIhvcNAQELBQADggEBAKCnc+bU9w7NG2BeaZcnFOmF1Pr/n/YqdXT6JsKd
IA8UTQL4gcoI1RsFHelNJXrdT6Sh1L3eerOUxgnqocq7LzS4/sd3t3qQ0+SZ2bXB
OierotGFREiloAXlya9M4aa1qWim2nGJCyyUFydNyoxzaC50QetZ3DJ1MIv+y3OY
c9pcTqRivII2CXpsUAr8vQMd6IMEE1SoRIikAzLGPUdZJIl44tx2QgnD4Y7cn9/d
eQld7mMBcvf2H9NzwOEZaHX5lAvPjUKrynz4zUMwiMJgrdhkA3NFOUAW7TIb/sO2
08z5BhepVBWxcvmyqOtc0gtD5O0llu1jw8bJuGKsw3rOPMU=
-----END CERTIFICATE-----