Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/DigqFcGl0VS72ocrNXYHqR-VCqU.cer
File:                     DigqFcGl0VS72ocrNXYHqR-VCqU.cer (raw, json)
Hash identifier:          j+bo/Z2DJkC6YchJHGlqjEqr5DaZLXAAq23+6LPpdj0=
Subject key identifier:   0E:28:2A:15:C1:A5:D1:54:BB:DA:87:2B:35:76:07:A9:1F:95:0A:A5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018EE15AFA3860A602CED3D1C340D659E136
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/70/daf1ae-d5eb-4ca4-8aaf-78741ac93b30/1/DigqFcGl0VS72ocrNXYHqR-VCqU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/70/daf1ae-d5eb-4ca4-8aaf-78741ac93b30/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 15 Apr 2024 10:43:39 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 31.43.160.0 -- 31.43.162.255
                          IP: 193.107.82.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e1:5a:fa:38:60:a6:02:ce:d3:d1:c3:40:d6:59:e1:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr 15 10:43:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e282a15c1a5d154bbda872b357607a91f950aa5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:1c:14:c2:36:ee:83:f6:b0:65:ad:ec:6c:03:
                    ed:2e:31:fd:60:32:89:67:0d:6b:df:60:5d:fd:94:
                    f0:9f:3b:18:78:29:f4:3c:ae:d4:f0:a3:2c:6f:61:
                    8b:29:0e:c9:5a:65:73:db:d5:99:ea:b4:58:09:9a:
                    c1:c7:d2:20:cc:a0:3a:22:27:2b:c9:90:0f:a2:3b:
                    78:3d:5e:cd:98:21:75:4d:1b:55:e0:8f:42:c9:52:
                    20:86:23:e3:5d:09:b3:b1:68:fc:37:34:7b:ec:08:
                    bb:63:49:75:3b:c1:01:5c:ba:bd:ce:93:fd:af:ed:
                    d0:23:bc:99:8c:cc:5d:61:73:2e:1f:89:15:53:5d:
                    cc:6e:76:82:54:40:9b:cc:8b:0f:c4:05:21:54:f8:
                    2d:a0:7d:1d:8c:a8:06:8f:ca:3b:4c:5b:20:cb:6f:
                    9c:f4:ac:8e:81:f1:d3:e0:96:c7:63:f4:a5:d9:e4:
                    fa:a9:99:a8:f5:99:e4:da:79:a6:d6:ab:eb:c8:8e:
                    45:7d:3a:d8:15:70:82:ef:5d:20:d7:1b:7d:09:7d:
                    a1:ea:76:d4:a4:61:1e:7c:71:34:f8:82:08:02:79:
                    09:17:8b:18:cd:07:88:22:19:0e:d6:62:64:b3:ff:
                    b4:60:7d:a8:ae:6b:82:e0:fa:10:6a:37:0c:c5:5c:
                    3d:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:28:2A:15:C1:A5:D1:54:BB:DA:87:2B:35:76:07:A9:1F:95:0A:A5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/daf1ae-d5eb-4ca4-8aaf-78741ac93b30/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/daf1ae-d5eb-4ca4-8aaf-78741ac93b30/1/DigqFcGl0VS72ocrNXYHqR-VCqU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.43.160.0-31.43.162.255
                  193.107.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:87:96:8d:13:9c:a5:51:de:54:1f:c0:4a:8b:ad:64:3f:7a:
         6b:2c:f6:9d:67:70:b5:70:14:29:f4:ec:16:8d:2d:6e:41:f4:
         fd:b7:25:65:3d:77:4a:ec:14:fa:53:76:f1:35:ed:3c:58:4c:
         88:92:b6:97:93:89:56:a3:fc:82:1b:e5:8a:84:84:13:52:2f:
         98:83:2a:db:c9:f6:1f:55:00:0a:08:20:9e:de:72:40:32:ef:
         c2:f4:ae:16:95:0a:f4:00:2a:85:8c:0b:b8:c8:8a:f2:ac:68:
         d1:40:99:3f:69:13:d8:d4:38:47:ac:c4:6f:5c:76:bf:66:47:
         9d:b2:fa:68:6b:4a:be:af:21:76:8f:5f:85:ab:56:19:b7:be:
         74:26:b9:ab:e7:46:21:7c:69:0a:d8:fc:72:36:b9:1d:cb:b6:
         1f:bf:b6:af:6c:2e:07:1a:16:3f:6e:40:12:30:d1:2d:18:fa:
         d7:5a:11:f4:1a:18:37:20:85:9d:a8:6f:53:d2:73:10:55:36:
         7b:5e:a8:a9:30:37:cb:37:df:01:7d:b8:e7:ae:3b:39:9f:aa:
         70:30:56:83:7d:46:81:8c:6e:e1:ca:4d:ba:a5:75:76:84:98:
         8a:e8:97:48:e3:d1:2a:0e:33:aa:ce:ec:94:28:4a:75:28:7e:
         19:bf:ee:38
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgISAY7hWvo4YKYCztPRw0DWWeE2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNDE1MTA0MzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTI4MmExNWMxYTVkMTU0YmJkYTg3MmIzNTc2MDdhOTFmOTUwYWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2xwUwjbug/awZa3sbAPtLjH9YDKJ
Zw1r32Bd/ZTwnzsYeCn0PK7U8KMsb2GLKQ7JWmVz29WZ6rRYCZrBx9IgzKA6Iicr
yZAPojt4PV7NmCF1TRtV4I9CyVIghiPjXQmzsWj8NzR77Ai7Y0l1O8EBXLq9zpP9
r+3QI7yZjMxdYXMuH4kVU13MbnaCVECbzIsPxAUhVPgtoH0djKgGj8o7TFsgy2+c
9KyOgfHT4JbHY/Sl2eT6qZmo9Znk2nmm1qvryI5FfTrYFXCC710g1xt9CX2h6nbU
pGEefHE0+IIIAnkJF4sYzQeIIhkO1mJks/+0YH2ormuC4PoQajcMxVw9fwIDAQAB
o4ICkjCCAo4wHQYDVR0OBBYEFA4oKhXBpdFUu9qHKzV2B6kflQqlMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzcwL2RhZjFh
ZS1kNWViLTRjYTQtOGFhZi03ODc0MWFjOTNiMzAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzAvZGFmMWFl
LWQ1ZWItNGNhNC04YWFmLTc4NzQxYWM5M2IzMC8xL0RpZ3FGY0dsMFZTNzJvY3JO
WFlIcVItVkNxVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC0GCCsGAQUF
BwEHAQH/BB4wHDAaBAIAATAUMAwDBAUfK6ADBAAfK6IDBAHBa1IwDQYJKoZIhvcN
AQELBQADggEBAGuHlo0TnKVR3lQfwEqLrWQ/emss9p1ncLVwFCn07BaNLW5B9P23
JWU9d0rsFPpTdvE17TxYTIiStpeTiVaj/IIb5YqEhBNSL5iDKtvJ9h9VAAoIIJ7e
ckAy78L0rhaVCvQAKoWMC7jIivKsaNFAmT9pE9jUOEesxG9cdr9mR52y+mhrSr6v
IXaPX4WrVhm3vnQmuavnRiF8aQrY/HI2uR3Lth+/tq9sLgcaFj9uQBIw0S0Y+tda
EfQaGDcghZ2ob1PScxBVNnteqKkwN8s33wF9uOeuOzmfqnAwVoN9RoGMbuHKTbql
dXaEmIrol0jj0SoOM6rO7JQoSnUofhm/7jg=
-----END CERTIFICATE-----