Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1-zuztKtv_1iN20zyr-bVrEZVe7k.cer
File:                     1-zuztKtv_1iN20zyr-bVrEZVe7k.cer (raw, json)
Hash identifier:          P5jkUvbncFKvylt8FmgtyvYJOyeYB8wOjrRsz2ZK3Rw=
Subject key identifier:   FB:3B:B3:B4:AB:6F:FF:58:8D:DB:4C:F2:AF:E6:D5:AC:46:55:7B:B9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC94DBE861AB26C75CF7B2F8EB97AAD0F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/96/68fbaf-45f1-4946-a346-686a01888d29/1/1-zuztKtv_1iN20zyr-bVrEZVe7k.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/96/68fbaf-45f1-4946-a346-686a01888d29/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 08:32:44 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.232.36.0/22
                          IP: 2a0c:4cc0::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:be:86:1a:b2:6c:75:cf:7b:2f:8e:b9:7a:ad:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:32:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb3bb3b4ab6fff588ddb4cf2afe6d5ac46557bb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:5c:2c:70:0b:a7:a7:5d:bd:33:4c:c9:6b:f3:
                    1c:51:ab:52:e8:64:2c:4e:89:3f:9c:a1:a0:8a:01:
                    0f:12:f2:3a:a2:e1:a3:6d:69:2b:5c:91:6b:e0:9a:
                    02:6d:dd:34:69:c6:11:de:4e:fe:f3:48:c1:51:bd:
                    f2:af:ab:ee:48:b5:5e:ea:62:36:c8:10:78:fd:7a:
                    3b:93:89:1a:f9:af:0f:98:51:1e:cb:e7:6b:bd:67:
                    f4:cc:4e:64:f9:03:04:68:17:fb:56:72:45:fa:2b:
                    ee:4b:e5:a7:ce:a3:e1:5e:09:35:02:b6:ca:fe:fc:
                    10:8e:bc:ed:f4:7c:59:3a:36:60:95:ee:47:40:70:
                    5c:0a:1c:4e:22:d7:af:20:03:41:32:aa:6a:79:9b:
                    3b:75:8f:41:72:c5:30:e8:cc:0d:d1:84:43:54:e1:
                    2c:4b:14:53:f9:1a:80:46:ef:7a:18:c2:fe:d8:ff:
                    b7:45:19:88:c8:52:45:2b:a1:53:d3:f1:f2:df:3f:
                    e4:3f:eb:65:47:d8:95:61:d4:85:00:29:89:34:fe:
                    86:40:36:fa:f1:bb:d4:51:1b:01:13:8a:f1:48:c8:
                    d1:69:ba:79:0b:f6:c5:2d:4e:a5:37:66:02:38:6f:
                    69:3b:4a:cd:28:a0:6d:4a:7a:54:9f:2d:12:0d:21:
                    28:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:3B:B3:B4:AB:6F:FF:58:8D:DB:4C:F2:AF:E6:D5:AC:46:55:7B:B9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/68fbaf-45f1-4946-a346-686a01888d29/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/68fbaf-45f1-4946-a346-686a01888d29/1/1-zuztKtv_1iN20zyr-bVrEZVe7k.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.36.0/22
                IPv6:
                  2a0c:4cc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         02:c7:0f:70:c8:8b:3d:06:ff:54:fc:3f:20:7c:17:11:11:a4:
         47:3b:45:ee:41:54:9e:7b:5b:31:28:78:10:1c:f7:fe:bb:81:
         ee:65:38:18:90:4b:54:31:ab:be:1e:2d:5f:ee:7a:b9:31:39:
         7e:ad:ac:e7:e3:1f:ff:ee:ac:c3:ed:11:d2:a5:61:26:20:6b:
         26:fd:d4:a9:71:62:a5:37:4f:a0:dd:86:0e:de:fd:c8:80:ef:
         73:07:64:ac:d4:1b:c0:43:2f:4a:f6:29:ef:86:c7:6d:45:42:
         88:1e:59:f3:39:43:06:9a:51:89:5a:b4:36:b1:93:84:1b:87:
         1d:2f:23:7c:75:c6:2e:18:61:73:28:ea:af:47:df:8b:10:aa:
         d4:31:1a:d5:48:28:c4:2a:6a:6b:f7:9d:63:2c:65:89:76:3e:
         0c:09:d7:cd:4f:66:25:7a:0d:93:7e:ba:f5:43:be:2b:18:5d:
         66:4e:d7:74:91:11:fd:cb:d7:e0:54:a2:0a:21:f4:64:c2:66:
         f9:02:7b:d2:4f:61:6f:08:b2:af:23:08:43:9c:65:ad:85:a8:
         26:e1:ae:9a:9f:0d:f1:0c:86:55:a7:95:88:f4:ad:3a:04:c5:
         3e:2a:3e:a2:56:de:e2:54:1b:00:c2:1d:06:ee:a8:ef:89:57:
         4a:a6:01:f5
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgISAYzJTb6GGrJsdc97L465eq0PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDgzMjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjNiYjNiNGFiNmZmZjU4OGRkYjRjZjJhZmU2ZDVhYzQ2NTU3YmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlwscAunp129M0zJa/McUatS6GQs
Tok/nKGgigEPEvI6ouGjbWkrXJFr4JoCbd00acYR3k7+80jBUb3yr6vuSLVe6mI2
yBB4/Xo7k4ka+a8PmFEey+drvWf0zE5k+QMEaBf7VnJF+ivuS+WnzqPhXgk1ArbK
/vwQjrzt9HxZOjZgle5HQHBcChxOItevIANBMqpqeZs7dY9BcsUw6MwN0YRDVOEs
SxRT+RqARu96GML+2P+3RRmIyFJFK6FT0/Hy3z/kP+tlR9iVYdSFACmJNP6GQDb6
8bvUURsBE4rxSMjRabp5C/bFLU6lN2YCOG9pO0rNKKBtSnpUny0SDSEo2wIDAQAB
o4IClDCCApAwHQYDVR0OBBYEFPs7s7Srb/9YjdtM8q/m1axGVXu5MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEkBggrBgEFBQcBCwSCARYwggESMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk2LzY4ZmJh
Zi00NWYxLTQ5NDYtYTM0Ni02ODZhMDE4ODhkMjkvMS8wfQYIKwYBBQUHMAqGcXJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTYvNjhmYmFm
LTQ1ZjEtNDk0Ni1hMzQ2LTY4NmEwMTg4OGQyOS8xLzEtenV6dEt0dl8xaU4yMHp5
ci1iVnJFWlZlN2subWZ0MDIGCCsGAQUFBzANhiZodHRwczovL3JyZHAucmlwZS5u
ZXQvbm90aWZpY2F0aW9uLnhtbDBZBgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jw
a2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhD
MlFIVlYzZDVtay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAuBggrBgEF
BQcBBwEB/wQfMB0wDAQCAAEwBgMEArnoJDANBAIAAjAHAwUAKgxMwDANBgkqhkiG
9w0BAQsFAAOCAQEAAscPcMiLPQb/VPw/IHwXERGkRztF7kFUnntbMSh4EBz3/ruB
7mU4GJBLVDGrvh4tX+56uTE5fq2s5+Mf/+6sw+0R0qVhJiBrJv3UqXFipTdPoN2G
Dt79yIDvcwdkrNQbwEMvSvYp74bHbUVCiB5Z8zlDBppRiVq0NrGThBuHHS8jfHXG
Lhhhcyjqr0ffixCq1DEa1UgoxCpqa/edYyxliXY+DAnXzU9mJXoNk3669UO+Kxhd
Zk7XdJER/cvX4FSiCiH0ZMJm+QJ70k9hbwiyryMIQ5xlrYWoJuGump8N8QyGVaeV
iPStOgTFPio+olbe4lQbAMIdBu6o74lXSqYB9Q==
-----END CERTIFICATE-----