Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/CBg0SlIKOZknm7gkfheeiEBuNXg.cer
File:                     CBg0SlIKOZknm7gkfheeiEBuNXg.cer (raw, json)
Hash identifier:          I7Kx5wWppFU1guLimYYk5YYjTnlmmJp7Ys6AXw+XHW4=
Subject key identifier:   08:18:34:4A:52:0A:39:99:27:9B:B8:24:7E:17:9E:88:40:6E:35:78
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DB6267A1121AB676095CCCCCDA07C0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/31/56b818-9ee1-4a06-a8ec-851ea65cb98b/1/CBg0SlIKOZknm7gkfheeiEBuNXg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/31/56b818-9ee1-4a06-a8ec-851ea65cb98b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:30:06 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 31.131.188.0/23
                          IP: 91.232.248.0/24
                          IP: 195.69.224.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:62:67:a1:12:1a:b6:76:09:5c:cc:cc:da:07:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0818344a520a3999279bb8247e179e88406e3578
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:6e:33:dd:b3:dd:14:c6:9b:38:e2:f9:8a:88:
                    39:ce:da:0f:4f:46:3e:13:f1:0a:7c:7c:f4:8e:04:
                    cc:b5:14:64:ac:83:7c:82:b4:84:f2:7c:87:59:ce:
                    03:4f:db:fc:8f:51:00:d9:a8:70:dd:b2:50:1c:f5:
                    93:66:c9:a0:b5:cd:30:42:5c:54:bc:19:42:75:2e:
                    e4:ad:ba:a2:e1:0b:c9:40:70:9e:e1:2b:6a:2f:d3:
                    cb:85:fc:cf:8d:bf:dc:d2:9b:c0:ec:d2:b4:33:57:
                    0e:e9:b0:60:26:d3:37:da:65:70:87:a8:d3:cb:6b:
                    40:bc:17:ae:d9:33:53:a5:63:ab:56:c1:27:f4:f9:
                    d8:7a:bb:0f:af:2d:58:33:61:a6:e5:f6:ad:72:7e:
                    78:ba:f1:4b:cf:4e:b8:a9:55:74:b3:db:73:39:52:
                    53:6d:77:77:64:f4:12:d4:25:9f:61:92:90:b6:ec:
                    23:81:5d:35:bb:70:aa:9b:50:2a:06:ba:1e:dc:a3:
                    a4:d7:32:16:df:17:51:96:26:e6:de:a8:2a:91:95:
                    6b:08:89:54:7c:9c:36:0e:9c:0e:62:2c:39:92:ff:
                    90:6c:ad:b7:92:57:90:9e:8a:be:97:e0:9c:98:b8:
                    c0:41:74:27:4d:74:d4:36:45:a2:e5:8a:f0:bf:3d:
                    fc:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:18:34:4A:52:0A:39:99:27:9B:B8:24:7E:17:9E:88:40:6E:35:78
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/56b818-9ee1-4a06-a8ec-851ea65cb98b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/56b818-9ee1-4a06-a8ec-851ea65cb98b/1/CBg0SlIKOZknm7gkfheeiEBuNXg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.131.188.0/23
                  91.232.248.0/24
                  195.69.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:ff:66:82:3e:ba:03:97:fd:10:cc:dd:fe:7e:f1:df:c1:8a:
         1d:93:50:5d:0b:d3:c8:8d:33:d9:91:3e:05:30:f5:a7:de:53:
         4c:48:62:d5:cb:eb:2b:af:e7:94:dd:4d:a7:9a:54:ad:17:7b:
         90:5a:1e:f3:8a:3e:a2:b3:f4:9b:98:7f:d2:2f:3c:8b:e3:9c:
         62:68:f1:22:94:25:4c:cc:7a:f3:50:b6:19:34:e9:e0:05:ad:
         10:b4:3a:d8:d1:7e:0e:3f:0f:00:7c:10:9a:6a:53:cd:01:12:
         20:53:61:41:30:b9:7a:67:20:50:24:66:f6:d4:dc:a4:4e:d0:
         cc:3a:d2:89:7f:9b:0e:56:f4:ac:cb:8f:d3:4a:74:cf:15:1d:
         5d:88:ca:8c:3b:0d:0c:6b:ad:81:5a:17:11:07:aa:78:9a:aa:
         ca:dc:15:57:bc:e2:78:94:82:8e:af:f4:f7:22:4c:8b:30:2e:
         34:74:22:62:aa:a7:7e:fc:3a:a0:22:78:67:ff:fd:4d:8d:70:
         65:37:2d:48:33:9c:00:e4:4e:1f:d9:e3:4f:95:42:45:c6:9f:
         e9:17:59:5e:12:1f:cc:17:dd:72:40:8a:bc:90:38:2a:70:0f:
         1e:41:f0:ef:3c:6a:a5:74:41:af:e7:d1:db:54:b2:c3:65:e1:
         64:c6:c7:18
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgISAYzC22JnoRIatnYJXMzM2gfAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODE4MzQ0YTUyMGEzOTk5Mjc5YmI4MjQ3ZTE3OWU4ODQwNmUzNTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3G4z3bPdFMabOOL5iog5ztoPT0Y+
E/EKfHz0jgTMtRRkrIN8grSE8nyHWc4DT9v8j1EA2ahw3bJQHPWTZsmgtc0wQlxU
vBlCdS7krbqi4QvJQHCe4StqL9PLhfzPjb/c0pvA7NK0M1cO6bBgJtM32mVwh6jT
y2tAvBeu2TNTpWOrVsEn9PnYersPry1YM2Gm5fatcn54uvFLz064qVV0s9tzOVJT
bXd3ZPQS1CWfYZKQtuwjgV01u3Cqm1AqBroe3KOk1zIW3xdRlibm3qgqkZVrCIlU
fJw2DpwOYiw5kv+QbK23kleQnoq+l+CcmLjAQXQnTXTUNkWi5Yrwvz38SQIDAQAB
o4ICkDCCAowwHQYDVR0OBBYEFAgYNEpSCjmZJ5u4JH4XnohAbjV4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMxLzU2Yjgx
OC05ZWUxLTRhMDYtYThlYy04NTFlYTY1Y2I5OGIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzEvNTZiODE4
LTllZTEtNGEwNi1hOGVjLTg1MWVhNjVjYjk4Yi8xL0NCZzBTbElLT1prbm03Z2tm
aGVlaUVCdU5YZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUF
BwEHAQH/BBwwGjAYBAIAATASAwQBH4O8AwQAW+j4AwQAw0XgMA0GCSqGSIb3DQEB
CwUAA4IBAQCV/2aCProDl/0QzN3+fvHfwYodk1BdC9PIjTPZkT4FMPWn3lNMSGLV
y+srr+eU3U2nmlStF3uQWh7zij6is/SbmH/SLzyL45xiaPEilCVMzHrzULYZNOng
Ba0QtDrY0X4OPw8AfBCaalPNARIgU2FBMLl6ZyBQJGb21NykTtDMOtKJf5sOVvSs
y4/TSnTPFR1diMqMOw0Ma62BWhcRB6p4mqrK3BVXvOJ4lIKOr/T3IkyLMC40dCJi
qqd+/DqgInhn//1NjXBlNy1IM5wA5E4f2eNPlUJFxp/pF1leEh/MF91yQIq8kDgq
cA8eQfDvPGqldEGv59HbVLLDZeFkxscY
-----END CERTIFICATE-----