Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/xEX2wcOnyosw-F59uFYwnKvmigg.cer
File:                     xEX2wcOnyosw-F59uFYwnKvmigg.cer (raw, json)
Hash identifier:          Wym/ENHWdfrrqFte7lTPj+OFpjP7z2w9BYcEGAfLT88=
Subject key identifier:   C4:45:F6:C1:C3:A7:CA:8B:30:F8:5E:7D:B8:56:30:9C:AB:E6:8A:08
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019767FBB7C64BC8ADF1300219581FB5FBF3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/855c7d5a-15c4-4589-85fa-b491a071048c/2/C445F6C1C3A7CA8B30F85E7DB856309CABE68A08.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/855c7d5a-15c4-4589-85fa-b491a071048c/2/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Fri 13 Jun 2025 06:30:39 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 215364
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 06:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:67:fb:b7:c6:4b:c8:ad:f1:30:02:19:58:1f:b5:fb:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jun 13 06:30:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c445f6c1c3a7ca8b30f85e7db856309cabe68a08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:1f:eb:1e:d3:7a:ef:89:82:5c:b3:b0:c7:3f:
                    b4:93:e5:6a:31:3e:8c:46:1b:a3:58:6f:10:9a:2c:
                    7e:6d:94:9d:55:0c:6e:72:80:36:bd:3e:26:23:77:
                    53:f8:c4:5c:b5:ab:4f:ad:47:5b:1d:97:5a:28:3e:
                    ed:58:fa:00:23:31:4c:80:dc:2f:c1:fa:51:4c:f0:
                    bb:80:c2:77:6b:ea:50:21:23:23:c8:85:04:8b:a3:
                    91:9b:83:26:37:4f:fd:a5:17:6b:1d:e0:3c:38:46:
                    47:a9:28:59:bb:0d:77:f9:77:09:56:87:da:74:d4:
                    93:cc:4c:16:35:f4:fd:7e:6a:82:2c:b4:a4:d2:ec:
                    2b:50:dc:f1:17:1f:0a:7b:0b:17:f0:30:e9:9e:51:
                    14:b1:84:2f:c9:5d:c9:3c:f1:d8:19:14:a9:29:ac:
                    1b:83:9e:17:71:45:57:21:60:8f:66:da:41:c1:b9:
                    bb:df:73:03:ad:b1:04:45:80:13:b9:1a:20:9c:c4:
                    bb:83:69:f9:c1:cb:4c:99:56:72:cd:fd:23:dd:66:
                    5a:8d:f9:8b:09:7e:36:00:a9:16:b4:4f:90:78:77:
                    26:a4:f7:d9:b5:89:2c:c6:2b:b5:d8:05:bb:eb:0d:
                    b9:c1:1a:79:46:91:28:74:20:ba:a4:bd:74:5a:f8:
                    3d:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:45:F6:C1:C3:A7:CA:8B:30:F8:5E:7D:B8:56:30:9C:AB:E6:8A:08
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/855c7d5a-15c4-4589-85fa-b491a071048c/2/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/855c7d5a-15c4-4589-85fa-b491a071048c/2/C445F6C1C3A7CA8B30F85E7DB856309CABE68A08.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215364

    Signature Algorithm: sha256WithRSAEncryption
         72:d1:fc:b7:07:53:69:88:3c:9e:8f:d9:02:cc:7c:3d:40:3a:
         36:6d:66:1d:bc:2c:5e:e0:9f:f7:24:26:17:99:34:dd:73:4e:
         a3:f0:71:cd:90:14:30:c3:80:1b:b0:84:8a:52:04:e6:a5:99:
         b9:3e:b3:46:8b:9b:da:8c:fb:b8:c7:e8:a1:19:8b:fd:bc:98:
         20:e8:bf:96:5b:f2:7c:6a:a4:e3:eb:68:88:55:b2:02:0b:54:
         70:90:3a:8e:df:04:bf:e4:3b:cc:67:6f:88:34:fe:86:95:35:
         49:1e:ce:0d:ea:17:f2:a4:2c:a5:45:48:36:0f:c7:99:19:cf:
         24:70:9a:a3:1d:34:7a:50:b6:1b:6e:a6:16:a6:a4:e2:10:19:
         35:84:8f:bf:54:1b:11:6c:4f:6e:48:74:54:3c:e3:1a:a3:0c:
         a7:4a:9b:00:a0:c8:9e:2b:bf:ea:10:98:be:35:a8:54:e3:cd:
         d6:4a:ec:c2:9d:08:10:81:b1:a3:b1:9f:9d:4f:ce:d5:71:14:
         6f:46:6f:3f:22:61:5a:70:c7:a9:13:e5:4d:11:71:ed:bc:a5:
         61:36:ae:6e:15:9b:d2:d0:f1:46:84:8a:81:10:d5:c2:39:f6:
         11:6e:b5:a3:dc:80:86:8b:d5:7f:81:55:41:42:b9:89:34:ce:
         0f:77:10:4d
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZdn+7fGS8it8TACGVgftfvzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNjEzMDYzMDM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDQ1ZjZjMWMzYTdjYThiMzBmODVlN2RiODU2MzA5Y2FiZTY4YTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArh/rHtN674mCXLOwxz+0k+VqMT6M
RhujWG8Qmix+bZSdVQxucoA2vT4mI3dT+MRctatPrUdbHZdaKD7tWPoAIzFMgNwv
wfpRTPC7gMJ3a+pQISMjyIUEi6ORm4MmN0/9pRdrHeA8OEZHqShZuw13+XcJVofa
dNSTzEwWNfT9fmqCLLSk0uwrUNzxFx8KewsX8DDpnlEUsYQvyV3JPPHYGRSpKawb
g54XcUVXIWCPZtpBwbm733MDrbEERYATuRognMS7g2n5wctMmVZyzf0j3WZajfmL
CX42AKkWtE+QeHcmpPfZtYksxiu12AW76w25wRp5RpEodCC6pL10Wvg9IwIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFMRF9sHDp8qLMPhefbhWMJyr5ooIMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg1NWM3
ZDVhLTE1YzQtNDU4OS04NWZhLWI0OTFhMDcxMDQ4Yy8yLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODU1
YzdkNWEtMTVjNC00NTg5LTg1ZmEtYjQ5MWEwNzEwNDhjLzIvQzQ0NUY2QzFDM0E3
Q0E4QjMwRjg1RTdEQjg1NjMwOUNBQkU2OEEwOC5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDSUQw
DQYJKoZIhvcNAQELBQADggEBAHLR/LcHU2mIPJ6P2QLMfD1AOjZtZh28LF7gn/ck
JheZNN1zTqPwcc2QFDDDgBuwhIpSBOalmbk+s0aLm9qM+7jH6KEZi/28mCDov5Zb
8nxqpOPraIhVsgILVHCQOo7fBL/kO8xnb4g0/oaVNUkezg3qF/KkLKVFSDYPx5kZ
zyRwmqMdNHpQthtuphampOIQGTWEj79UGxFsT25IdFQ84xqjDKdKmwCgyJ4rv+oQ
mL41qFTjzdZK7MKdCBCBsaOxn51PztVxFG9Gbz8iYVpwx6kT5U0Rce28pWE2rm4V
m9LQ8UaEioEQ1cI59hFutaPcgIaL1X+BVUFCuYk0zg93EE0=
-----END CERTIFICATE-----