Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1-hHJVg-pEF5r3EtJLvq2QatQgB0.cer
File:                     1-hHJVg-pEF5r3EtJLvq2QatQgB0.cer (raw, json)
Hash identifier:          6yIh0IVlhlxq3WrqOa338rlmLQcG21UHV5fiPTa7+aw=
Subject key identifier:   FA:11:C9:56:0F:A9:10:5E:6B:DC:4B:49:2E:FA:B6:41:AB:50:80:1D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01932B03F32EDB0C01618DD6C088B9967924
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b8/00ee6a-5e95-4e10-8ee6-7e222bfecc90/1/1-hHJVg-pEF5r3EtJLvq2QatQgB0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b8/00ee6a-5e95-4e10-8ee6-7e222bfecc90/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 14 Nov 2024 14:11:39 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 45.143.120.0/22
                          IP: 2a0e:e340::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2b:03:f3:2e:db:0c:01:61:8d:d6:c0:88:b9:96:79:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Nov 14 14:11:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa11c9560fa9105e6bdc4b492efab641ab50801d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:09:0d:48:26:34:23:83:f2:c8:0b:92:29:87:
                    9b:bb:3e:f6:e0:f9:4b:a3:52:03:3e:62:0c:2b:5e:
                    1c:1c:e7:69:55:04:b0:22:e2:ad:1b:fa:d6:da:03:
                    91:dd:04:0d:8b:2e:ce:d4:62:a9:c5:38:c3:cb:f4:
                    85:c1:d2:89:c8:30:2b:af:28:f2:b1:7c:bd:6c:84:
                    e7:35:9e:36:4c:80:77:de:67:6e:74:96:11:e0:c1:
                    2b:30:d4:da:b2:5c:26:38:58:67:5e:a5:24:30:56:
                    9d:50:ba:be:38:52:65:2c:fd:4d:41:94:ff:eb:94:
                    8e:bf:73:85:dc:91:22:8b:8c:48:71:90:ba:3b:05:
                    85:a0:4a:15:76:c7:5e:55:43:1f:b6:9f:a6:f9:82:
                    a5:b7:3f:bc:a7:ea:40:14:c6:94:f5:d4:ef:38:ab:
                    f0:6f:d1:11:66:cb:12:87:b4:0f:ba:ea:53:58:e7:
                    85:6f:c3:ca:ee:71:d0:77:27:db:42:17:0b:b1:7b:
                    44:ed:f6:30:de:d1:a3:3d:f2:a7:97:35:09:78:f0:
                    e4:3f:49:17:59:8b:e3:65:f8:06:28:57:eb:04:15:
                    d4:5f:2f:4a:ab:a6:d1:64:01:cd:f0:f4:1b:bd:94:
                    d8:e0:0f:5e:0c:1c:e0:af:45:14:d9:a8:51:03:3b:
                    42:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:11:C9:56:0F:A9:10:5E:6B:DC:4B:49:2E:FA:B6:41:AB:50:80:1D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/00ee6a-5e95-4e10-8ee6-7e222bfecc90/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/00ee6a-5e95-4e10-8ee6-7e222bfecc90/1/1-hHJVg-pEF5r3EtJLvq2QatQgB0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.120.0/22
                IPv6:
                  2a0e:e340::/29

    Signature Algorithm: sha256WithRSAEncryption
         24:6a:32:4b:b3:b8:02:63:21:f5:f9:48:7f:b4:33:87:94:6a:
         e8:ae:fb:d0:5b:ed:79:79:bb:81:25:06:d5:f2:dd:80:32:44:
         82:65:3a:2d:13:ff:8f:3d:b7:9d:27:44:38:45:cb:d7:6b:bf:
         1d:86:a2:53:cd:59:95:02:fa:f1:8e:d1:23:00:8e:17:6d:72:
         4e:57:6f:4f:d4:7f:65:83:95:47:d2:4d:7f:ba:f9:6b:3a:29:
         0a:60:bc:0a:2b:07:8b:4c:84:ef:14:68:a4:cb:1f:59:42:1b:
         f3:97:9d:f4:ff:d3:3d:d9:8b:ca:91:42:f3:3a:7a:9b:3d:76:
         36:ca:d6:4d:12:ed:82:bf:e0:46:9f:d5:c5:60:8f:4a:2d:09:
         26:8e:28:f3:55:18:a0:ca:65:2d:20:91:77:94:dd:c7:0e:a3:
         ec:c2:c9:1e:7a:61:21:b4:8b:3d:59:49:4d:29:6b:52:b0:5a:
         d1:b5:2b:1e:86:57:02:79:d9:8f:ef:4e:e8:82:47:11:02:d5:
         98:96:20:71:12:4b:6d:66:b4:43:34:1e:e6:48:9e:6d:8a:ed:
         ac:79:73:87:65:d5:f2:6e:65:5e:74:a8:41:77:3f:51:42:fe:
         3f:4f:45:1f:12:99:79:94:9b:90:8d:96:df:a4:71:e9:2c:d2:
         30:0d:69:04
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgISAZMrA/Mu2wwBYY3WwIi5lnkkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQxMTE0MTQxMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTExYzk1NjBmYTkxMDVlNmJkYzRiNDkyZWZhYjY0MWFiNTA4MDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1AkNSCY0I4PyyAuSKYebuz724PlL
o1IDPmIMK14cHOdpVQSwIuKtG/rW2gOR3QQNiy7O1GKpxTjDy/SFwdKJyDArryjy
sXy9bITnNZ42TIB33mdudJYR4MErMNTaslwmOFhnXqUkMFadULq+OFJlLP1NQZT/
65SOv3OF3JEii4xIcZC6OwWFoEoVdsdeVUMftp+m+YKltz+8p+pAFMaU9dTvOKvw
b9ERZssSh7QPuupTWOeFb8PK7nHQdyfbQhcLsXtE7fYw3tGjPfKnlzUJePDkP0kX
WYvjZfgGKFfrBBXUXy9Kq6bRZAHN8PQbvZTY4A9eDBzgr0UU2ahRAztCAQIDAQAB
o4IClDCCApAwHQYDVR0OBBYEFPoRyVYPqRBea9xLSS76tkGrUIAdMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEkBggrBgEFBQcBCwSCARYwggESMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2I4LzAwZWU2
YS01ZTk1LTRlMTAtOGVlNi03ZTIyMmJmZWNjOTAvMS8wfQYIKwYBBQUHMAqGcXJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjgvMDBlZTZh
LTVlOTUtNGUxMC04ZWU2LTdlMjIyYmZlY2M5MC8xLzEtaEhKVmctcEVGNXIzRXRK
THZxMlFhdFFnQjAubWZ0MDIGCCsGAQUFBzANhiZodHRwczovL3JyZHAucmlwZS5u
ZXQvbm90aWZpY2F0aW9uLnhtbDBZBgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jw
a2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhD
MlFIVlYzZDVtay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAuBggrBgEF
BQcBBwEB/wQfMB0wDAQCAAEwBgMEAi2PeDANBAIAAjAHAwUDKg7jQDANBgkqhkiG
9w0BAQsFAAOCAQEAJGoyS7O4AmMh9flIf7Qzh5Rq6K770FvteXm7gSUG1fLdgDJE
gmU6LRP/jz23nSdEOEXL12u/HYaiU81ZlQL68Y7RIwCOF21yTldvT9R/ZYOVR9JN
f7r5azopCmC8CisHi0yE7xRopMsfWUIb85ed9P/TPdmLypFC8zp6mz12NsrWTRLt
gr/gRp/VxWCPSi0JJo4o81UYoMplLSCRd5Tdxw6j7MLJHnphIbSLPVlJTSlrUrBa
0bUrHoZXAnnZj+9O6IJHEQLVmJYgcRJLbWa0QzQe5kiebYrtrHlzh2XV8m5lXnSo
QXc/UUL+P09FHxKZeZSbkI2W36Rx6SzSMA1pBA==
-----END CERTIFICATE-----