Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1-VsnwdVDrh7-g6FBvhJETpJBj_M.cer
File:                     1-VsnwdVDrh7-g6FBvhJETpJBj_M.cer (raw, json)
Hash identifier:          VkubWH3xMMZ+8hlIsbd7L48CApcFobkBTDhcLRpO0A8=
Subject key identifier:   F9:5B:27:C1:D5:43:AE:1E:FE:83:A1:41:BE:12:44:4E:92:41:8F:F3
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5DCC02DC8FC1D2AE3D721FEAC4BDEE3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/cb/ae8554-744a-42d9-b518-abad1ffb811c/1/1-VsnwdVDrh7-g6FBvhJETpJBj_M.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/cb/ae8554-744a-42d9-b518-abad1ffb811c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 16:30:27 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 194.121.26.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:c0:2d:c8:fc:1d:2a:e3:d7:21:fe:ac:4b:de:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 16:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f95b27c1d543ae1efe83a141be12444e92418ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:5c:5f:98:2f:28:0b:3d:90:7d:a4:6c:d9:8d:
                    0c:c8:1b:31:a1:23:7f:2a:c9:e7:0f:5d:3b:2d:c2:
                    62:a3:59:58:d6:5a:e8:34:77:ad:90:06:14:26:e4:
                    d6:23:e3:49:3d:7c:3a:1e:3b:5c:57:88:0d:bc:24:
                    73:cd:4c:c4:6d:13:28:be:a5:da:7e:ec:9b:18:7b:
                    71:3e:bd:e1:e2:f6:13:98:6d:70:1b:23:eb:d0:3c:
                    15:86:db:d0:51:a5:73:96:0b:19:12:c4:de:83:49:
                    91:81:d4:90:03:32:37:10:17:12:9b:58:f9:c8:a7:
                    31:31:6a:d0:7b:2d:46:93:e0:ff:d7:bb:35:0b:6e:
                    e4:bc:21:3c:1f:f7:a3:2e:fd:54:0b:ab:8f:9d:f2:
                    f5:0c:be:26:eb:ca:56:6b:54:cf:94:3b:5a:2c:0a:
                    de:68:22:38:a2:e2:fb:fd:2c:85:f2:1a:4c:27:bf:
                    ea:1f:97:01:a3:7f:fe:7a:3a:8f:37:67:e1:18:3b:
                    fd:3d:ce:12:c1:49:f8:f3:dc:0b:0b:cc:10:14:d0:
                    b0:be:07:ca:de:b1:9b:6d:a3:be:7e:e7:31:6a:d5:
                    c0:13:15:73:fe:bf:53:25:85:a8:d4:ed:3d:6a:e2:
                    60:3b:7f:2a:a1:20:97:06:fc:45:22:7f:b7:db:94:
                    04:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:5B:27:C1:D5:43:AE:1E:FE:83:A1:41:BE:12:44:4E:92:41:8F:F3
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/ae8554-744a-42d9-b518-abad1ffb811c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/ae8554-744a-42d9-b518-abad1ffb811c/1/1-VsnwdVDrh7-g6FBvhJETpJBj_M.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.121.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:d3:23:ec:cc:0f:21:64:f4:82:c7:d6:0f:a7:e7:78:cb:5c:
         78:a1:e5:64:a1:bb:1c:90:74:c0:d8:bc:f1:a2:6b:a7:50:e0:
         fd:a6:48:ac:00:75:1f:f7:19:06:d8:4a:48:68:eb:4c:04:b8:
         05:3a:62:ed:5d:74:09:3e:1c:60:81:40:9d:80:9d:a8:33:6e:
         c7:0d:4b:40:a8:e0:bd:0a:a2:e3:b2:ba:72:f3:0a:06:d3:2e:
         34:dc:a7:7a:19:41:4f:19:60:02:f8:c4:13:24:fd:32:46:19:
         2d:24:33:fa:49:f6:ca:ae:a1:08:91:4f:50:8d:c1:96:5f:dc:
         e6:9d:3b:ba:d6:84:ba:41:68:11:8c:c5:2b:5b:86:a0:79:1b:
         3f:fc:db:5c:46:82:e8:ba:35:93:2b:3d:1a:53:48:59:55:d8:
         4d:8c:dc:ef:55:fd:9a:c6:37:df:f3:25:06:26:f4:e9:43:19:
         b3:22:9b:27:fc:3c:0c:d2:ea:e9:e1:f9:69:cb:f9:7c:16:f8:
         3c:a8:8b:c2:23:1d:01:36:4e:7e:6a:17:a3:d6:23:d7:bd:c4:
         22:5e:ce:05:37:b5:21:8d:66:9e:d9:2d:27:e3:d2:fe:20:79:
         4b:47:49:af:e4:41:4a:42:b1:e9:8a:97:1f:bb:c3:55:97:7a:
         fd:70:21:bd
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAYzF3MAtyPwdKuPXIf6sS97jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTYzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTViMjdjMWQ1NDNhZTFlZmU4M2ExNDFiZTEyNDQ0ZTkyNDE4ZmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVxfmC8oCz2QfaRs2Y0MyBsxoSN/
KsnnD107LcJio1lY1lroNHetkAYUJuTWI+NJPXw6HjtcV4gNvCRzzUzEbRMovqXa
fuybGHtxPr3h4vYTmG1wGyPr0DwVhtvQUaVzlgsZEsTeg0mRgdSQAzI3EBcSm1j5
yKcxMWrQey1Gk+D/17s1C27kvCE8H/ejLv1UC6uPnfL1DL4m68pWa1TPlDtaLAre
aCI4ouL7/SyF8hpMJ7/qH5cBo3/+ejqPN2fhGDv9Pc4SwUn489wLC8wQFNCwvgfK
3rGbbaO+fucxatXAExVz/r9TJYWo1O09auJgO38qoSCXBvxFIn+325QEywIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFPlbJ8HVQ64e/oOhQb4SRE6SQY/zMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEkBggrBgEFBQcBCwSCARYwggESMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NiL2FlODU1
NC03NDRhLTQyZDktYjUxOC1hYmFkMWZmYjgxMWMvMS8wfQYIKwYBBQUHMAqGcXJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2IvYWU4NTU0
LTc0NGEtNDJkOS1iNTE4LWFiYWQxZmZiODExYy8xLzEtVnNud2RWRHJoNy1nNkZC
dmhKRVRwSkJqX00ubWZ0MDIGCCsGAQUFBzANhiZodHRwczovL3JyZHAucmlwZS5u
ZXQvbm90aWZpY2F0aW9uLnhtbDBZBgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jw
a2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhD
MlFIVlYzZDVtay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAMJ5GjANBgkqhkiG9w0BAQsFAAOCAQEAmtMj
7MwPIWT0gsfWD6fneMtceKHlZKG7HJB0wNi88aJrp1Dg/aZIrAB1H/cZBthKSGjr
TAS4BTpi7V10CT4cYIFAnYCdqDNuxw1LQKjgvQqi47K6cvMKBtMuNNynehlBTxlg
AvjEEyT9MkYZLSQz+kn2yq6hCJFPUI3Bll/c5p07utaEukFoEYzFK1uGoHkbP/zb
XEaC6Lo1kys9GlNIWVXYTYzc71X9msY33/MlBib06UMZsyKbJ/w8DNLq6eH5acv5
fBb4PKiLwiMdATZOfmoXo9Yj173EIl7OBTe1IY1mntktJ+PS/iB5S0dJr+RBSkKx
6YqXH7vDVZd6/XAhvQ==
-----END CERTIFICATE-----