Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/wTfvGmd1FgQ6qvdQdbuOX4v_Gs8.cer
File:                     wTfvGmd1FgQ6qvdQdbuOX4v_Gs8.cer (raw, json)
Hash identifier:          4OOEGM65WuMiDQNMGwTaFO8KzH7r6gIz9WJSxbLmfIs=
Subject key identifier:   C1:37:EF:1A:67:75:16:04:3A:AA:F7:50:75:BB:8E:5F:8B:FF:1A:CF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01978D8DC1056124C32445B531338A5B47F8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/5799be86-8eae-482c-b6b5-355f7590942b/0/C137EF1A677516043AAAF75075BB8E5F8BFF1ACF.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/5799be86-8eae-482c-b6b5-355f7590942b/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Fri 20 Jun 2025 13:36:06 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 213915
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 10:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8d:8d:c1:05:61:24:c3:24:45:b5:31:33:8a:5b:47:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jun 20 13:36:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c137ef1a677516043aaaf75075bb8e5f8bff1acf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:e0:40:71:79:32:82:67:ff:bb:4c:71:e7:3a:
                    8b:5f:ad:fb:90:bb:1d:7e:7e:e3:37:5a:a5:61:c4:
                    d3:f9:e4:9f:0c:99:66:7f:e8:e7:66:6a:49:4e:57:
                    27:ed:e9:9e:6c:90:7a:0c:23:a1:cb:de:17:f9:a6:
                    12:34:74:73:6f:89:38:43:61:12:f4:9b:85:dd:a5:
                    13:54:d2:5d:5f:3d:e3:83:5d:b5:79:f9:2e:c5:8d:
                    c4:3b:11:ec:95:4f:f6:c4:b2:03:f9:4e:5c:7c:4b:
                    0f:a7:7f:cc:e9:4a:59:0c:91:f4:e6:b7:d7:b7:da:
                    60:91:0e:a4:01:e9:db:71:4e:84:1d:2b:17:c5:20:
                    7b:a9:71:57:ab:25:4c:b9:8c:68:19:7b:71:99:c9:
                    24:9d:40:2b:7f:c8:0b:3e:f3:12:fc:18:0e:66:66:
                    af:6c:84:56:68:5e:ff:72:40:75:e1:95:8c:c0:3f:
                    0b:e3:54:fe:8b:ab:43:58:18:11:4d:a1:a5:2e:a2:
                    b8:73:7a:dc:f3:b6:e2:1c:c4:92:5a:b9:09:ec:cf:
                    36:71:aa:fb:21:21:3f:c9:49:3f:44:9d:a9:e3:98:
                    ed:41:24:cd:46:9a:5d:13:12:2b:bc:2e:42:7b:93:
                    65:61:2a:3e:43:03:50:1f:35:8b:a2:af:7d:0f:df:
                    95:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:37:EF:1A:67:75:16:04:3A:AA:F7:50:75:BB:8E:5F:8B:FF:1A:CF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/5799be86-8eae-482c-b6b5-355f7590942b/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/5799be86-8eae-482c-b6b5-355f7590942b/0/C137EF1A677516043AAAF75075BB8E5F8BFF1ACF.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213915

    Signature Algorithm: sha256WithRSAEncryption
         26:91:ae:42:a5:72:c1:0e:ab:79:28:87:13:9b:d3:21:38:50:
         b2:13:39:e1:3f:9a:d9:97:72:0f:84:81:4e:07:fb:e7:28:39:
         a8:44:1a:dd:54:d5:3a:b2:f7:25:19:fe:29:f6:f0:19:86:55:
         13:95:44:07:f8:63:18:24:cb:c0:de:b6:63:d5:42:0b:b9:e9:
         8c:56:ab:b0:53:13:7f:62:34:d1:e1:d5:30:58:09:32:d6:8c:
         54:0a:d6:b4:d0:da:0b:c9:8b:a3:00:cd:75:89:b5:49:7a:c6:
         ca:03:8e:7b:86:a5:36:27:a5:64:8f:1b:5a:1a:30:93:5c:c3:
         e0:65:bd:e8:bd:41:63:bc:6c:1d:40:e1:05:20:a2:90:6e:fe:
         03:d7:eb:8a:02:e9:b9:68:50:34:51:ab:c1:68:42:3a:9e:ed:
         5f:d2:d1:7f:0f:58:e1:88:de:f6:43:9b:5d:c1:de:34:b9:c2:
         d6:94:4b:7c:11:d9:58:2e:e6:fa:a2:dc:9b:89:93:fb:98:2d:
         5e:9d:fa:66:f4:e8:28:90:1c:ec:ac:aa:32:42:6b:a5:8f:50:
         c8:04:d9:a2:42:d3:a1:6b:83:59:76:76:05:6f:59:c8:92:91:
         86:a8:38:66:e4:d8:55:c2:d5:6e:cb:4f:35:ce:e7:93:c8:ec:
         34:e9:84:0e
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZeNjcEFYSTDJEW1MTOKW0f4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNjIwMTMzNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTM3ZWYxYTY3NzUxNjA0M2FhYWY3NTA3NWJiOGU1ZjhiZmYxYWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0OBAcXkygmf/u0xx5zqLX637kLsd
fn7jN1qlYcTT+eSfDJlmf+jnZmpJTlcn7emebJB6DCOhy94X+aYSNHRzb4k4Q2ES
9JuF3aUTVNJdXz3jg121efkuxY3EOxHslU/2xLID+U5cfEsPp3/M6UpZDJH05rfX
t9pgkQ6kAenbcU6EHSsXxSB7qXFXqyVMuYxoGXtxmckknUArf8gLPvMS/BgOZmav
bIRWaF7/ckB14ZWMwD8L41T+i6tDWBgRTaGlLqK4c3rc87biHMSSWrkJ7M82car7
ISE/yUk/RJ2p45jtQSTNRppdExIrvC5Ce5NlYSo+QwNQHzWLoq99D9+V4wIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFME37xpndRYEOqr3UHW7jl+L/xrPMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzU3OTli
ZTg2LThlYWUtNDgyYy1iNmI1LTM1NWY3NTkwOTQyYi8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNTc5
OWJlODYtOGVhZS00ODJjLWI2YjUtMzU1Zjc1OTA5NDJiLzAvQzEzN0VGMUE2Nzc1
MTYwNDNBQUFGNzUwNzVCQjhFNUY4QkZGMUFDRi5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDQ5sw
DQYJKoZIhvcNAQELBQADggEBACaRrkKlcsEOq3kohxOb0yE4ULITOeE/mtmXcg+E
gU4H++coOahEGt1U1Tqy9yUZ/in28BmGVROVRAf4Yxgky8DetmPVQgu56YxWq7BT
E39iNNHh1TBYCTLWjFQK1rTQ2gvJi6MAzXWJtUl6xsoDjnuGpTYnpWSPG1oaMJNc
w+Blvei9QWO8bB1A4QUgopBu/gPX64oC6bloUDRRq8FoQjqe7V/S0X8PWOGI3vZD
m13B3jS5wtaUS3wR2Vgu5vqi3JuJk/uYLV6d+mb06CiQHOysqjJCa6WPUMgE2aJC
06Frg1l2dgVvWciSkYaoOGbk2FXC1W7LTzXO55PI7DTphA4=
-----END CERTIFICATE-----