Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7MhALy-qswSHn_cSz8v1rlK2aZw.cer
File:                     7MhALy-qswSHn_cSz8v1rlK2aZw.cer (raw, json)
Hash identifier:          YrO3oM/YDOtXAr2oiQfPowFGK2ySImMTvC0IOEBANYQ=
Subject key identifier:   EC:C8:40:2F:2F:AA:B3:04:87:9F:F7:12:CF:CB:F5:AE:52:B6:69:9C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC348FE94BBA7C3214DF7146AB1813FD0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ff/003d6d-bbbf-4091-8c2d-ffa7f280d253/1/7MhALy-qswSHn_cSz8v1rlK2aZw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ff/003d6d-bbbf-4091-8c2d-ffa7f280d253/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:29:50 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.153.140.0/22
                          IP: 2a0f:8880::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:fe:94:bb:a7:c3:21:4d:f7:14:6a:b1:81:3f:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ecc8402f2faab304879ff712cfcbf5ae52b6699c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:54:f5:03:7f:4f:b9:6d:9f:c3:7b:c9:2c:03:
                    d1:c1:ca:0d:40:70:50:73:45:12:a8:a3:c0:10:73:
                    f4:e3:cf:50:85:91:f0:e1:51:6b:3c:e2:e1:c5:75:
                    14:28:9c:a1:77:14:63:20:20:90:e6:22:5e:a7:a2:
                    a9:f1:9d:84:2e:b0:ca:30:27:58:0b:dd:76:14:77:
                    26:54:dd:f2:af:21:d1:ca:70:c2:ff:a8:47:63:f4:
                    b3:dc:12:64:16:cf:e2:3b:72:61:f5:5c:f4:eb:17:
                    c4:a0:77:f4:f5:f9:e8:48:38:5b:65:1c:5a:30:a3:
                    fe:5e:65:42:c4:0f:89:87:e4:61:9b:97:d4:36:ea:
                    90:63:5f:47:4c:2c:3e:5a:72:29:94:bf:3b:fb:c6:
                    44:e3:82:7a:05:3d:26:d8:ee:c4:80:0f:82:4c:8d:
                    39:3f:52:75:56:17:0b:07:3d:a0:74:15:54:7e:85:
                    46:80:b9:3f:a2:ce:c8:2c:60:b3:ef:ae:1a:4b:f0:
                    8d:65:f4:29:85:68:d7:8d:5c:db:44:fa:b6:10:64:
                    51:e1:75:d6:59:9d:47:fe:7e:1f:12:b3:9f:d2:1b:
                    77:e8:20:12:34:cd:d4:25:73:32:d6:48:10:e9:aa:
                    b5:e2:dd:42:23:e5:a2:fa:8a:69:f2:0d:48:b7:03:
                    d0:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:C8:40:2F:2F:AA:B3:04:87:9F:F7:12:CF:CB:F5:AE:52:B6:69:9C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/003d6d-bbbf-4091-8c2d-ffa7f280d253/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/003d6d-bbbf-4091-8c2d-ffa7f280d253/1/7MhALy-qswSHn_cSz8v1rlK2aZw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.153.140.0/22
                IPv6:
                  2a0f:8880::/29

    Signature Algorithm: sha256WithRSAEncryption
         9c:df:45:5b:68:84:96:66:a0:71:73:d9:c9:cf:5b:ae:5d:3a:
         17:de:6a:27:4d:df:d0:7f:55:4c:55:d3:4a:59:d4:5d:b0:69:
         24:d4:88:7b:3f:19:c2:5d:55:bc:87:a7:07:52:75:4c:9b:16:
         ba:49:f9:a0:05:b4:e1:f0:52:7f:f6:09:c2:8f:90:73:3e:14:
         54:64:be:6e:2c:9e:5a:1d:8f:de:09:30:b7:f5:f7:84:2d:3d:
         de:d4:88:44:29:a3:53:66:b4:a7:73:7c:a6:96:14:c1:de:7c:
         51:36:e6:4c:67:74:99:a5:48:af:31:78:29:dd:0f:81:95:b4:
         98:8f:cd:81:ca:11:9a:6f:69:21:45:85:68:e8:02:79:fe:08:
         e1:5d:2e:5d:f2:c3:52:b8:ee:c5:87:77:f8:cd:e9:a9:de:f3:
         dc:37:0b:96:51:65:79:2d:e4:fe:2a:9d:38:7e:13:32:52:49:
         1a:1b:ea:48:ea:9e:4d:40:6d:8c:68:e4:4d:40:d8:cc:26:d7:
         37:1b:28:9a:b7:6e:6e:64:fa:9f:04:4b:20:02:34:d2:4e:2b:
         55:e1:98:23:aa:e7:cc:56:c8:17:39:19:40:10:fa:fc:87:b7:
         7f:64:ea:ca:9d:13:b2:c8:dd:34:1c:b6:bc:1b:f9:d4:bc:f9:
         94:71:ef:02
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzDSP6Uu6fDIU33FGqxgT/QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2M4NDAyZjJmYWFiMzA0ODc5ZmY3MTJjZmNiZjVhZTUyYjY2OTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVT1A39PuW2fw3vJLAPRwcoNQHBQ
c0USqKPAEHP0489QhZHw4VFrPOLhxXUUKJyhdxRjICCQ5iJep6Kp8Z2ELrDKMCdY
C912FHcmVN3yryHRynDC/6hHY/Sz3BJkFs/iO3Jh9Vz06xfEoHf09fnoSDhbZRxa
MKP+XmVCxA+Jh+Rhm5fUNuqQY19HTCw+WnIplL87+8ZE44J6BT0m2O7EgA+CTI05
P1J1VhcLBz2gdBVUfoVGgLk/os7ILGCz764aS/CNZfQphWjXjVzbRPq2EGRR4XXW
WZ1H/n4fErOf0ht36CASNM3UJXMy1kgQ6aq14t1CI+Wi+opp8g1ItwPQrQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFOzIQC8vqrMEh5/3Es/L9a5StmmcMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZmLzAwM2Q2
ZC1iYmJmLTQwOTEtOGMyZC1mZmE3ZjI4MGQyNTMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmYvMDAzZDZk
LWJiYmYtNDA5MS04YzJkLWZmYTdmMjgwZDI1My8xLzdNaEFMeS1xc3dTSG5fY1N6
OHYxcmxLMmFady5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuZmMMA0EAgACMAcDBQMqD4iAMA0GCSqGSIb3
DQEBCwUAA4IBAQCc30VbaISWZqBxc9nJz1uuXToX3monTd/Qf1VMVdNKWdRdsGkk
1Ih7PxnCXVW8h6cHUnVMmxa6SfmgBbTh8FJ/9gnCj5BzPhRUZL5uLJ5aHY/eCTC3
9feELT3e1IhEKaNTZrSnc3ymlhTB3nxRNuZMZ3SZpUivMXgp3Q+BlbSYj82ByhGa
b2khRYVo6AJ5/gjhXS5d8sNSuO7Fh3f4zemp3vPcNwuWUWV5LeT+Kp04fhMyUkka
G+pI6p5NQG2MaORNQNjMJtc3Gyiat25uZPqfBEsgAjTSTitV4ZgjqufMVsgXORlA
EPr8h7d/ZOrKnROyyN00HLa8G/nUvPmUce8C
-----END CERTIFICATE-----