Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18thbM_g6Ga0J8CkXvQYGwmB5jE.cer
File:                     18thbM_g6Ga0J8CkXvQYGwmB5jE.cer (raw, json)
Hash identifier:          97Qmk4Uj+a1qV0rjNxGKWGZz+yAKkvTtAKB4hapFs5Y=
Subject key identifier:   D7:CB:61:6C:CF:E0:E8:66:B4:27:C0:A4:5E:F4:18:1B:09:81:E6:31
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC94BEB78821BA89D0FEACF59DE703E84
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/28/7ce3dc-68db-45bb-8e57-3e6198a512e0/1/18thbM_g6Ga0J8CkXvQYGwmB5jE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/28/7ce3dc-68db-45bb-8e57-3e6198a512e0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 08:30:45 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 2001:67c:2184::/48
                          IP: 2001:67c:295c::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:eb:78:82:1b:a8:9d:0f:ea:cf:59:de:70:3e:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7cb616ccfe0e866b427c0a45ef4181b0981e631
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:ba:de:62:4e:97:d4:01:91:58:88:47:6d:de:
                    69:4c:99:e8:11:93:90:50:18:f5:4d:b6:f0:32:6c:
                    9e:3f:94:56:ac:38:9f:74:df:d8:46:7b:8d:7b:f4:
                    c4:40:26:08:d4:e7:88:07:3d:17:84:74:63:03:85:
                    f9:a3:4f:9d:48:c2:66:f9:b7:69:cc:7d:3f:67:cf:
                    56:00:77:c3:0f:e1:67:f1:96:62:28:e7:4c:48:4d:
                    b0:71:a8:a4:87:fd:38:d0:2b:5f:7c:87:f0:67:cd:
                    66:c7:24:eb:ee:10:58:48:e7:2c:3b:7e:6d:10:d6:
                    b3:93:9c:f4:15:b4:bc:67:e9:68:6c:c9:99:4e:9e:
                    07:14:b5:a9:84:92:47:7a:9d:77:10:7c:17:c8:8c:
                    8f:7b:a5:c6:38:d5:34:d5:c7:a7:9e:b4:f0:7a:f6:
                    64:38:9c:74:03:da:2f:ed:9f:0b:d8:a8:c3:31:53:
                    32:54:47:02:e3:b5:a2:17:86:7c:48:d0:ba:52:08:
                    9e:9c:00:12:34:18:a3:f1:71:aa:88:6f:ef:ce:b9:
                    c3:3e:f2:9b:09:17:fc:c5:23:66:68:57:6b:d1:2c:
                    57:fa:b5:e5:09:96:1a:05:cc:b9:91:18:bc:61:8f:
                    60:02:8a:81:db:cc:0d:d3:dc:2f:07:4f:cb:02:7d:
                    b3:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:CB:61:6C:CF:E0:E8:66:B4:27:C0:A4:5E:F4:18:1B:09:81:E6:31
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/7ce3dc-68db-45bb-8e57-3e6198a512e0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/7ce3dc-68db-45bb-8e57-3e6198a512e0/1/18thbM_g6Ga0J8CkXvQYGwmB5jE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2184::/48
                  2001:67c:295c::/48

    Signature Algorithm: sha256WithRSAEncryption
         53:00:33:c6:35:a9:77:5c:15:02:45:3d:ed:de:78:1b:c9:f3:
         5c:11:40:62:e8:ea:99:98:e1:9c:4a:31:fe:42:a4:ca:b8:fc:
         87:57:88:7d:4d:9b:9b:73:2d:5f:54:02:58:e0:ff:66:33:c4:
         24:20:0d:90:44:d5:dc:79:74:50:47:5c:c6:a6:e6:4b:38:51:
         42:b9:a6:b7:45:5a:68:80:e9:c1:dd:9f:d9:b3:29:26:e0:8b:
         5e:18:17:ea:ce:cc:aa:78:88:09:b8:69:f4:1e:d1:29:1e:19:
         7e:75:4a:20:61:ea:3a:55:94:32:70:96:6e:bb:fc:2d:d0:d6:
         82:02:3b:99:3f:f5:93:46:63:0f:b3:29:ca:17:81:eb:4f:db:
         ac:55:b2:c8:88:82:3b:c2:e6:26:5c:fd:ed:0b:1e:5d:83:a2:
         82:64:b9:3a:a7:09:c7:bd:bf:de:17:96:30:e5:fe:ee:4a:b6:
         6d:83:92:92:ee:4d:f0:3b:01:52:bf:30:95:ef:63:c8:73:bf:
         d8:24:be:12:82:f1:0a:7d:1d:e1:49:6f:6e:58:5b:dc:2c:e8:
         b4:c4:74:2f:34:6d:a1:a2:99:d6:bd:57:19:81:3d:d7:bc:3c:
         2f:ab:ac:75:72:30:7f:0f:b9:d5:44:29:43:d8:bc:cd:25:12:
         19:31:c3:e6
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgISAYzJS+t4ghuonQ/qz1necD6EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDgzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2NiNjE2Y2NmZTBlODY2YjQyN2MwYTQ1ZWY0MTgxYjA5ODFlNjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7reYk6X1AGRWIhHbd5pTJnoEZOQ
UBj1TbbwMmyeP5RWrDifdN/YRnuNe/TEQCYI1OeIBz0XhHRjA4X5o0+dSMJm+bdp
zH0/Z89WAHfDD+Fn8ZZiKOdMSE2wcaikh/040CtffIfwZ81mxyTr7hBYSOcsO35t
ENazk5z0FbS8Z+lobMmZTp4HFLWphJJHep13EHwXyIyPe6XGONU01cennrTwevZk
OJx0A9ov7Z8L2KjDMVMyVEcC47WiF4Z8SNC6UgienAASNBij8XGqiG/vzrnDPvKb
CRf8xSNmaFdr0SxX+rXlCZYaBcy5kRi8YY9gAoqB28wN09wvB0/LAn2zawIDAQAB
o4ICkDCCAowwHQYDVR0OBBYEFNfLYWzP4OhmtCfApF70GBsJgeYxMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzI4LzdjZTNk
Yy02OGRiLTQ1YmItOGU1Ny0zZTYxOThhNTEyZTAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjgvN2NlM2Rj
LTY4ZGItNDViYi04ZTU3LTNlNjE5OGE1MTJlMC8xLzE4dGhiTV9nNkdhMEo4Q2tY
dlFZR3dtQjVqRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUF
BwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGfCGEAwcAIAEGfClcMA0GCSqGSIb3DQEB
CwUAA4IBAQBTADPGNal3XBUCRT3t3ngbyfNcEUBi6OqZmOGcSjH+QqTKuPyHV4h9
TZubcy1fVAJY4P9mM8QkIA2QRNXceXRQR1zGpuZLOFFCuaa3RVpogOnB3Z/Zsykm
4IteGBfqzsyqeIgJuGn0HtEpHhl+dUogYeo6VZQycJZuu/wt0NaCAjuZP/WTRmMP
synKF4HrT9usVbLIiII7wuYmXP3tCx5dg6KCZLk6pwnHvb/eF5Yw5f7uSrZtg5KS
7k3wOwFSvzCV72PIc7/YJL4SgvEKfR3hSW9uWFvcLOi0xHQvNG2hopnWvVcZgT3X
vDwvq6x1cjB/D7nVRClD2LzNJRIZMcPm
-----END CERTIFICATE-----