Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1aGTZx3FnXb8MR2y1miaPIgpkJQ.cer
File:                     1aGTZx3FnXb8MR2y1miaPIgpkJQ.cer (raw, json)
Hash identifier:          7EfADsBBFiirSroYuPb3OFR2yqzRDu8LIVr1x66fSvs=
Subject key identifier:   D5:A1:93:67:1D:C5:9D:76:FC:31:1D:B2:D6:68:9A:3C:88:29:90:94
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DAB953157083A6F444F5928F3CD235
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c8/3d259d-9183-40a0-92a1-2b2a6e27f96f/1/1aGTZx3FnXb8MR2y1miaPIgpkJQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c8/3d259d-9183-40a0-92a1-2b2a6e27f96f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:23 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.186.35.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 24 Apr 2024 17:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b9:53:15:70:83:a6:f4:44:f5:92:8f:3c:d2:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5a193671dc59d76fc311db2d6689a3c88299094
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:16:45:0b:4f:ca:2c:f0:05:13:ad:2d:eb:78:
                    0d:a4:2f:a2:28:8f:cf:17:9d:da:cd:f6:3b:d6:c4:
                    6f:f0:e2:16:d2:bb:c1:4b:53:71:14:9b:a6:b8:c5:
                    09:a5:06:26:1e:73:c6:45:f9:4b:38:08:2b:63:51:
                    58:16:e3:3b:ed:63:98:44:7f:09:6b:20:ad:d1:b0:
                    fb:6b:b0:b2:08:c4:b1:b2:bb:7a:67:9d:75:3e:1a:
                    7d:44:35:c0:47:9e:f4:28:d1:34:60:a5:06:90:4c:
                    ae:84:f4:df:bd:11:89:cf:a0:2e:41:3b:6b:4a:13:
                    bc:4f:41:94:12:41:57:2f:ae:ee:b7:dd:3f:8f:1c:
                    77:d9:60:79:5c:27:15:ba:b2:ed:53:65:e9:18:cd:
                    05:9c:94:17:f2:a5:96:b0:34:b7:6b:85:ca:c3:39:
                    32:ba:68:b1:05:00:86:1e:02:94:f2:69:e9:6d:c6:
                    56:54:03:74:ed:d5:65:4b:09:d3:f5:65:76:90:e8:
                    89:05:f1:fd:3c:cb:fe:0f:ba:68:a4:28:c4:e5:5d:
                    de:38:b2:5f:62:78:28:0f:d9:c0:8e:b4:2f:a0:e0:
                    a9:0a:f2:93:1d:31:81:97:de:dd:dc:11:2c:6f:a1:
                    a0:29:2e:a4:23:28:54:15:36:ec:c1:27:26:50:9c:
                    ef:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:A1:93:67:1D:C5:9D:76:FC:31:1D:B2:D6:68:9A:3C:88:29:90:94
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/3d259d-9183-40a0-92a1-2b2a6e27f96f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/3d259d-9183-40a0-92a1-2b2a6e27f96f/1/1aGTZx3FnXb8MR2y1miaPIgpkJQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.186.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:e3:d7:6d:d0:76:0e:6e:94:86:0a:34:04:ed:9d:4b:02:11:
         63:bd:e4:c4:16:d5:5e:4b:fc:86:f5:7a:9a:4b:5e:e9:5f:ec:
         a5:1f:b1:fc:1f:7e:54:78:51:21:98:95:de:71:36:3d:81:21:
         37:05:0c:bd:88:ef:67:c9:25:15:20:94:5b:ca:24:f2:1c:4e:
         9d:63:4e:7d:cc:9a:c3:fb:10:6f:9d:72:50:a9:62:bf:74:92:
         b2:66:21:47:5d:85:12:48:69:54:07:b9:e7:1b:16:01:79:a8:
         94:e9:51:b6:29:9d:f9:fc:77:9d:48:ad:75:50:47:e2:f5:32:
         03:eb:a5:53:b4:fd:bd:c9:05:6f:80:d2:58:43:4c:33:04:a3:
         f8:10:22:d9:e4:3a:ae:46:1a:e8:a1:ed:f9:a6:aa:e1:35:a1:
         db:9f:01:9a:ec:9e:fd:5b:f7:eb:e5:13:dc:17:61:e1:90:a2:
         a1:44:30:88:6e:eb:d8:1c:36:8e:05:22:e8:65:fc:b3:c3:ab:
         75:e2:9a:99:2a:d3:ad:81:d0:26:80:29:b7:a8:17:ea:5d:a0:
         0d:3b:30:ec:11:b4:7d:0c:4a:74:a7:b7:e2:f7:4e:6d:06:b6:
         aa:9e:c8:4e:50:0d:af:15:75:b7:6b:b9:27:e3:22:7c:bc:74:
         df:e4:b5:43
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzC2rlTFXCDpvRE9ZKPPNI1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWExOTM2NzFkYzU5ZDc2ZmMzMTFkYjJkNjY4OWEzYzg4Mjk5MDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhZFC0/KLPAFE60t63gNpC+iKI/P
F53azfY71sRv8OIW0rvBS1NxFJumuMUJpQYmHnPGRflLOAgrY1FYFuM77WOYRH8J
ayCt0bD7a7CyCMSxsrt6Z511Php9RDXAR570KNE0YKUGkEyuhPTfvRGJz6AuQTtr
ShO8T0GUEkFXL67ut90/jxx32WB5XCcVurLtU2XpGM0FnJQX8qWWsDS3a4XKwzky
umixBQCGHgKU8mnpbcZWVAN07dVlSwnT9WV2kOiJBfH9PMv+D7popCjE5V3eOLJf
YngoD9nAjrQvoOCpCvKTHTGBl97d3BEsb6GgKS6kIyhUFTbswScmUJzvTQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFNWhk2cdxZ12/DEdstZomjyIKZCUMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M4LzNkMjU5
ZC05MTgzLTQwYTAtOTJhMS0yYjJhNmUyN2Y5NmYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzgvM2QyNTlk
LTkxODMtNDBhMC05MmExLTJiMmE2ZTI3Zjk2Zi8xLzFhR1RaeDNGblhiOE1SMnkx
bWlhUElncGtKUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwbojMA0GCSqGSIb3DQEBCwUAA4IBAQAA49dt
0HYObpSGCjQE7Z1LAhFjveTEFtVeS/yG9XqaS17pX+ylH7H8H35UeFEhmJXecTY9
gSE3BQy9iO9nySUVIJRbyiTyHE6dY059zJrD+xBvnXJQqWK/dJKyZiFHXYUSSGlU
B7nnGxYBeaiU6VG2KZ35/HedSK11UEfi9TID66VTtP29yQVvgNJYQ0wzBKP4ECLZ
5DquRhrooe35pqrhNaHbnwGa7J79W/fr5RPcF2HhkKKhRDCIbuvYHDaOBSLoZfyz
w6t14pqZKtOtgdAmgCm3qBfqXaANOzDsEbR9DEp0p7fi905tBraqnshOUA2vFXW3
a7kn4yJ8vHTf5LVD
-----END CERTIFICATE-----