Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1UaPVMDUlYH2m1Q4PVVz_3dWIOw.cer
File:                     1UaPVMDUlYH2m1Q4PVVz_3dWIOw.cer (raw, json)
Hash identifier:          p/xXlo/rj/niSd/5TsQKKulRn/M8BJqY6qAGPOoVX9M=
Subject key identifier:   D5:46:8F:54:C0:D4:95:81:F6:9B:54:38:3D:55:73:FF:77:56:20:EC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC50003B6AD821A910C434FA74E9F679A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/cf/5e8421-1b41-4567-89a4-2c5a7ab49319/1/1UaPVMDUlYH2m1Q4PVVz_3dWIOw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/cf/5e8421-1b41-4567-89a4-2c5a7ab49319/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:29:21 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.159.4.0/22
                          IP: 2a13:11c0::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 25 Apr 2024 23:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:03:b6:ad:82:1a:91:0c:43:4f:a7:4e:9f:67:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5468f54c0d49581f69b54383d5573ff775620ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:10:e8:27:ad:df:d6:da:ec:61:6e:4a:87:40:
                    09:8a:75:48:43:2d:e2:02:49:c7:49:9a:4a:43:23:
                    df:a1:c1:1d:bf:b8:6c:41:a5:89:aa:cb:f6:6b:c8:
                    48:f0:2f:9b:24:9c:26:e9:45:5a:c9:ce:a7:6d:9d:
                    a8:60:10:e4:2e:c9:91:37:28:17:4f:f7:9c:5f:ed:
                    8c:08:a6:de:e4:74:a8:5b:64:d5:6d:4d:16:f6:24:
                    8d:30:61:2b:74:89:9f:47:38:fc:76:94:5f:36:21:
                    84:b0:03:37:09:e4:58:e4:33:7d:21:80:6a:75:69:
                    ce:47:59:cd:aa:86:ca:56:f3:88:12:f3:9c:50:66:
                    b0:18:28:f0:42:7e:11:b9:7a:22:94:34:6f:65:d7:
                    0b:e7:b5:a4:46:92:23:6a:b5:10:52:41:3f:29:a6:
                    7e:44:70:29:da:98:ea:8c:16:69:a7:cd:2c:49:89:
                    93:cc:98:03:4a:14:8f:65:db:cb:f1:79:13:72:63:
                    17:46:d0:c5:62:37:d5:89:7e:a1:e6:f5:4a:e4:27:
                    50:37:4d:8b:3e:a5:bb:b2:ba:30:46:70:b7:f7:42:
                    d1:72:63:68:57:2a:42:33:48:32:22:37:57:69:3e:
                    d1:93:f8:45:f1:de:bf:85:36:bd:ac:77:ac:93:84:
                    7c:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:46:8F:54:C0:D4:95:81:F6:9B:54:38:3D:55:73:FF:77:56:20:EC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/5e8421-1b41-4567-89a4-2c5a7ab49319/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/5e8421-1b41-4567-89a4-2c5a7ab49319/1/1UaPVMDUlYH2m1Q4PVVz_3dWIOw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.4.0/22
                IPv6:
                  2a13:11c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         97:fc:50:09:38:9a:36:9d:81:b1:1c:e6:8c:e1:8f:4d:7e:e5:
         51:8e:ae:3c:91:f7:3a:44:01:16:ea:64:cd:cb:be:f1:e8:bc:
         73:9a:38:4a:1d:72:f7:7a:4f:c3:29:ac:ab:9d:21:63:2f:83:
         49:12:d0:60:68:f8:b9:6e:5f:53:77:ea:07:b4:d5:63:ab:33:
         bb:e6:e5:49:05:d1:b2:4f:5e:ae:27:9b:79:be:b8:4d:dd:9f:
         32:fc:60:c9:13:00:65:93:2f:52:6a:cc:9f:ea:85:ac:d3:64:
         ac:54:c6:5a:b5:7a:e6:84:54:36:11:1f:85:c6:a0:a8:e7:fe:
         50:36:9a:36:6d:cc:dd:a1:10:20:95:f9:50:f0:a5:30:48:7b:
         39:62:cb:8e:00:1e:47:86:56:7f:9d:17:33:33:68:4f:63:a7:
         94:85:a0:a1:39:94:56:aa:e8:f1:a8:73:b4:3f:b4:da:f2:c2:
         b1:af:8d:b5:90:62:ed:98:0c:05:36:8e:10:39:70:4b:d6:5e:
         a6:cd:ed:91:5e:d3:e1:1f:e8:e2:63:93:59:48:98:fc:a5:52:
         dc:f1:68:e6:f9:06:38:2f:88:c1:82:63:fc:bc:0b:e7:d2:a1:
         30:b9:d2:73:b0:03:01:50:8e:9b:83:68:94:0c:f1:08:47:a0:
         65:7d:7d:d1
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzFAAO2rYIakQxDT6dOn2eaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTQ2OGY1NGMwZDQ5NTgxZjY5YjU0MzgzZDU1NzNmZjc3NTYyMGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxxDoJ63f1trsYW5Kh0AJinVIQy3i
AknHSZpKQyPfocEdv7hsQaWJqsv2a8hI8C+bJJwm6UVayc6nbZ2oYBDkLsmRNygX
T/ecX+2MCKbe5HSoW2TVbU0W9iSNMGErdImfRzj8dpRfNiGEsAM3CeRY5DN9IYBq
dWnOR1nNqobKVvOIEvOcUGawGCjwQn4RuXoilDRvZdcL57WkRpIjarUQUkE/KaZ+
RHAp2pjqjBZpp80sSYmTzJgDShSPZdvL8XkTcmMXRtDFYjfViX6h5vVK5CdQN02L
PqW7srowRnC390LRcmNoVypCM0gyIjdXaT7Rk/hF8d6/hTa9rHesk4R8PwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFNVGj1TA1JWB9ptUOD1Vc/93ViDsMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NmLzVlODQy
MS0xYjQxLTQ1NjctODlhNC0yYzVhN2FiNDkzMTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2YvNWU4NDIx
LTFiNDEtNDU2Ny04OWE0LTJjNWE3YWI0OTMxOS8xLzFVYVBWTURVbFlIMm0xUTRQ
VlZ6XzNkV0lPdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuZ8EMA0EAgACMAcDBQAqExHAMA0GCSqGSIb3
DQEBCwUAA4IBAQCX/FAJOJo2nYGxHOaM4Y9NfuVRjq48kfc6RAEW6mTNy77x6Lxz
mjhKHXL3ek/DKayrnSFjL4NJEtBgaPi5bl9Td+oHtNVjqzO75uVJBdGyT16uJ5t5
vrhN3Z8y/GDJEwBlky9Sasyf6oWs02SsVMZatXrmhFQ2ER+FxqCo5/5QNpo2bczd
oRAglflQ8KUwSHs5YsuOAB5HhlZ/nRczM2hPY6eUhaChOZRWqujxqHO0P7Ta8sKx
r421kGLtmAwFNo4QOXBL1l6mze2RXtPhH+jiY5NZSJj8pVLc8Wjm+QY4L4jBgmP8
vAvn0qEwudJzsAMBUI6bg2iUDPEIR6BlfX3R
-----END CERTIFICATE-----