Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1-rZRJK62A6DdXFzuGgq2UhOX22A.cer
File:                     1-rZRJK62A6DdXFzuGgq2UhOX22A.cer (raw, json)
Hash identifier:          u/ezS8tJ84U+nnUWfbscrEDm/7IVAI2jzczI0O9ISkI=
Subject key identifier:   FA:B6:51:24:AE:B6:03:A0:DD:5C:5C:EE:1A:0A:B6:52:13:97:DB:60
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC6B8C7F1D6A566880FF12DA642DF1AEB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9e/ef1699-8c13-4235-a589-63fe6be62dc9/1/1-rZRJK62A6DdXFzuGgq2UhOX22A.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9e/ef1699-8c13-4235-a589-63fe6be62dc9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 20:30:47 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.51.184.0/22
                          IP: 2a01:b460::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:c7:f1:d6:a5:66:88:0f:f1:2d:a6:42:df:1a:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fab65124aeb603a0dd5c5cee1a0ab6521397db60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:3c:91:b7:88:1b:99:a5:bf:a3:bc:df:34:5b:
                    1b:10:7c:8d:ef:6e:cd:29:41:5b:23:98:2c:2c:9a:
                    7f:03:73:ca:7b:d9:73:82:28:0c:d3:10:28:0f:a6:
                    df:23:51:3c:59:5e:ae:2e:b2:00:a9:d4:55:52:3a:
                    b4:71:31:a2:24:f8:a0:13:74:1f:04:c8:7a:88:82:
                    d0:31:28:fc:3a:a2:ff:74:bb:b8:5d:1d:2b:94:f3:
                    18:16:87:55:88:a7:ea:7b:68:91:a2:c1:26:ce:cc:
                    54:c4:fe:bc:50:94:fc:6b:8c:cf:f6:c5:64:1a:ae:
                    87:cd:82:02:1c:b1:d0:54:cc:5d:a8:8d:d0:ff:86:
                    fa:70:4a:41:b5:8f:d6:79:0e:07:61:7e:58:c8:e9:
                    00:d8:1a:32:e6:65:bf:80:5e:49:29:d6:de:03:30:
                    59:07:65:06:b5:5f:e7:e3:71:c2:96:54:39:3e:f5:
                    6d:64:27:7b:8f:e6:c7:81:b8:c3:1d:d2:ae:fc:27:
                    f2:1b:16:c9:29:08:db:ac:a3:c2:01:bc:bd:92:c0:
                    18:53:38:64:24:06:f9:79:58:54:e1:ed:eb:86:d0:
                    64:46:5b:6f:fb:da:57:c5:61:89:b1:62:17:f6:a5:
                    44:15:ce:ef:3a:b6:e0:9a:1e:7f:d2:66:da:d3:19:
                    b9:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:B6:51:24:AE:B6:03:A0:DD:5C:5C:EE:1A:0A:B6:52:13:97:DB:60
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/ef1699-8c13-4235-a589-63fe6be62dc9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/ef1699-8c13-4235-a589-63fe6be62dc9/1/1-rZRJK62A6DdXFzuGgq2UhOX22A.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.51.184.0/22
                IPv6:
                  2a01:b460::/32

    Signature Algorithm: sha256WithRSAEncryption
         02:68:f1:27:83:0d:89:f6:55:8e:a5:0a:48:67:c2:3a:5a:bc:
         3e:28:60:ca:5d:fc:5c:9d:c6:49:30:58:21:e9:db:d9:a8:d1:
         f7:35:a7:8c:a6:9a:ce:a7:3f:4f:cb:b9:28:1f:3f:2a:36:f6:
         b7:c2:5f:42:f8:c2:18:fa:af:72:b6:ec:fc:ea:f2:70:0c:5a:
         5e:ad:a1:77:27:80:fb:35:64:b9:50:05:bd:4c:b6:f4:f9:7a:
         a0:8c:a5:68:69:5e:c2:0e:c0:ce:ed:d0:02:b0:f4:3b:4c:df:
         86:49:20:96:9f:04:a3:45:4e:9c:8d:1b:07:b8:92:c5:18:7d:
         f2:6a:b4:bb:f8:3a:24:7e:dd:c5:c3:29:62:b0:ba:b0:4d:ab:
         2a:fb:43:0f:46:4e:1a:f3:d1:63:c8:52:b8:65:9c:61:e9:64:
         3d:5a:48:82:ba:f7:a4:a1:cb:5b:23:dc:b6:76:5d:2b:0e:36:
         86:99:a2:d1:02:26:90:f8:5d:4e:18:f9:45:4e:4b:70:8c:61:
         72:c3:e0:5e:5a:70:85:0b:a1:d7:66:d9:48:ec:76:9f:a3:b5:
         be:62:76:7f:31:00:dd:5b:a9:88:1c:f7:0b:29:c5:d2:19:37:
         c8:4e:9f:72:9e:fd:64:51:f8:25:b2:aa:e6:41:ca:1d:d4:25:
         1e:6e:05:4d
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgISAYzGuMfx1qVmiA/xLaZC3xrrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjAzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWI2NTEyNGFlYjYwM2EwZGQ1YzVjZWUxYTBhYjY1MjEzOTdkYjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzyRt4gbmaW/o7zfNFsbEHyN727N
KUFbI5gsLJp/A3PKe9lzgigM0xAoD6bfI1E8WV6uLrIAqdRVUjq0cTGiJPigE3Qf
BMh6iILQMSj8OqL/dLu4XR0rlPMYFodViKfqe2iRosEmzsxUxP68UJT8a4zP9sVk
Gq6HzYICHLHQVMxdqI3Q/4b6cEpBtY/WeQ4HYX5YyOkA2Boy5mW/gF5JKdbeAzBZ
B2UGtV/n43HCllQ5PvVtZCd7j+bHgbjDHdKu/CfyGxbJKQjbrKPCAby9ksAYUzhk
JAb5eVhU4e3rhtBkRltv+9pXxWGJsWIX9qVEFc7vOrbgmh5/0mba0xm5cQIDAQAB
o4IClDCCApAwHQYDVR0OBBYEFPq2USSutgOg3Vxc7hoKtlITl9tgMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEkBggrBgEFBQcBCwSCARYwggESMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzllL2VmMTY5
OS04YzEzLTQyMzUtYTU4OS02M2ZlNmJlNjJkYzkvMS8wfQYIKwYBBQUHMAqGcXJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWUvZWYxNjk5
LThjMTMtNDIzNS1hNTg5LTYzZmU2YmU2MmRjOS8xLzEtclpSSks2MkE2RGRYRnp1
R2dxMlVoT1gyMkEubWZ0MDIGCCsGAQUFBzANhiZodHRwczovL3JyZHAucmlwZS5u
ZXQvbm90aWZpY2F0aW9uLnhtbDBZBgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jw
a2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhD
MlFIVlYzZDVtay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAuBggrBgEF
BQcBBwEB/wQfMB0wDAQCAAEwBgMEArkzuDANBAIAAjAHAwUAKgG0YDANBgkqhkiG
9w0BAQsFAAOCAQEAAmjxJ4MNifZVjqUKSGfCOlq8Pihgyl38XJ3GSTBYIenb2ajR
9zWnjKaazqc/T8u5KB8/Kjb2t8JfQvjCGPqvcrbs/OrycAxaXq2hdyeA+zVkuVAF
vUy29Pl6oIylaGlewg7Azu3QArD0O0zfhkkglp8Eo0VOnI0bB7iSxRh98mq0u/g6
JH7dxcMpYrC6sE2rKvtDD0ZOGvPRY8hSuGWcYelkPVpIgrr3pKHLWyPctnZdKw42
hpmi0QImkPhdThj5RU5LcIxhcsPgXlpwhQuh12bZSOx2n6O1vmJ2fzEA3VupiBz3
CynF0hk3yE6fcp79ZFH4JbKq5kHKHdQlHm4FTQ==
-----END CERTIFICATE-----