Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1nYY00F5w-pSMwJkoZZBh7I83SQ.cer
File:                     1nYY00F5w-pSMwJkoZZBh7I83SQ.cer (raw, json)
Hash identifier:          xTqRfj+LeBQbD1NVLwFGyT/SOIuokh10tA1sOw7RHNI=
Subject key identifier:   D6:76:18:D3:41:79:C3:EA:52:33:02:64:A1:96:41:87:B2:3C:DD:24
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC64A4B8D6673DF7086994839A8AB0F58
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/93/47f513-76db-4a61-b1be-74dc8386dc6a/1/1nYY00F5w-pSMwJkoZZBh7I83SQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/93/47f513-76db-4a61-b1be-74dc8386dc6a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:30:06 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.168.0.0/22
                          IP: 2a0d:db40::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:4b:8d:66:73:df:70:86:99:48:39:a8:ab:0f:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d67618d34179c3ea52330264a1964187b23cdd24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:19:a0:0d:f3:29:21:62:32:3f:e6:e2:3d:bb:
                    23:76:66:86:e5:b1:4f:66:17:ec:b7:c6:10:30:5a:
                    64:de:d2:0f:7e:4b:40:58:35:76:bf:03:77:c9:04:
                    b2:e9:03:59:37:95:b0:8c:51:ef:66:bc:e5:ef:b9:
                    11:5b:7e:88:6e:8c:dc:b5:9c:9e:ff:a8:5a:aa:8c:
                    89:c3:0d:54:af:46:b4:2c:cb:cc:64:bd:2b:60:8b:
                    53:1c:d7:f1:d7:88:c3:63:6c:09:f8:6e:79:96:8b:
                    75:3f:a8:c5:d4:c8:58:4f:72:3a:ec:cc:b8:0f:05:
                    92:c0:f0:5c:23:af:d8:7b:b3:be:47:ef:6e:90:f4:
                    81:4b:20:99:21:73:97:ed:b6:2e:e2:cd:87:90:a2:
                    63:24:a4:25:f2:57:31:c6:70:ba:ce:4c:c9:24:ea:
                    f5:10:7f:9a:31:ae:05:3f:39:c6:59:d8:1b:d7:c5:
                    1f:2d:19:09:4b:8e:8c:79:44:d5:56:53:ea:70:a3:
                    9d:a6:9b:26:8d:3a:3e:07:db:6b:32:df:a2:c7:57:
                    66:00:de:1e:44:57:68:c2:11:34:bf:aa:da:06:07:
                    84:59:56:cd:9f:0a:86:9d:cf:2d:44:da:58:8e:d4:
                    3e:f1:d7:be:67:d1:64:1b:16:b7:b4:2a:4c:c3:36:
                    8c:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:76:18:D3:41:79:C3:EA:52:33:02:64:A1:96:41:87:B2:3C:DD:24
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/47f513-76db-4a61-b1be-74dc8386dc6a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/47f513-76db-4a61-b1be-74dc8386dc6a/1/1nYY00F5w-pSMwJkoZZBh7I83SQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.0.0/22
                IPv6:
                  2a0d:db40::/29

    Signature Algorithm: sha256WithRSAEncryption
         00:47:2b:07:80:f8:ad:f3:f5:8a:41:d9:84:3b:94:4f:0f:15:
         cc:f2:fb:cb:0b:4f:90:e6:54:98:bd:d2:c8:77:d7:af:6d:3b:
         6a:f9:2b:63:46:55:f1:f5:37:d7:27:9c:93:d8:6a:55:65:eb:
         26:c4:a9:d1:2c:76:f0:db:55:50:3c:84:5a:9c:7d:7d:9c:8d:
         4a:e4:56:84:64:c8:84:bd:ef:7d:a4:c0:8a:09:19:bc:f1:b5:
         38:38:28:38:79:09:87:b6:3d:05:19:c7:6e:d4:55:58:bc:88:
         0a:a2:8f:95:17:94:6b:24:3f:3b:e0:60:49:92:b6:06:f0:ba:
         60:a2:06:05:55:a2:f6:57:9d:50:b5:f0:31:3f:f4:45:c7:7b:
         c0:35:dc:3c:9f:01:d0:13:71:c6:8f:50:02:90:60:01:0c:cb:
         96:53:27:05:cb:df:78:1b:af:4e:61:60:50:d8:55:e4:6b:01:
         c0:a8:9e:ad:99:46:13:c1:36:36:f8:f4:e7:a8:3e:9b:9f:c3:
         aa:67:9a:31:7d:d9:84:bb:1f:9f:a6:5e:fc:13:ab:0d:d2:de:
         67:c6:35:cc:b4:a9:50:d6:60:f0:e8:1e:1d:46:37:e3:8b:df:
         0a:13:47:eb:f1:5c:93:d9:0f:ff:cc:9b:fa:cb:22:de:3d:94:
         b5:5a:48:6b
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzGSkuNZnPfcIaZSDmoqw9YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjc2MThkMzQxNzljM2VhNTIzMzAyNjRhMTk2NDE4N2IyM2NkZDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4BmgDfMpIWIyP+biPbsjdmaG5bFP
Zhfst8YQMFpk3tIPfktAWDV2vwN3yQSy6QNZN5WwjFHvZrzl77kRW36IbozctZye
/6haqoyJww1Ur0a0LMvMZL0rYItTHNfx14jDY2wJ+G55lot1P6jF1MhYT3I67My4
DwWSwPBcI6/Ye7O+R+9ukPSBSyCZIXOX7bYu4s2HkKJjJKQl8lcxxnC6zkzJJOr1
EH+aMa4FPznGWdgb18UfLRkJS46MeUTVVlPqcKOdppsmjTo+B9trMt+ix1dmAN4e
RFdowhE0v6raBgeEWVbNnwqGnc8tRNpYjtQ+8de+Z9FkGxa3tCpMwzaMJQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFNZ2GNNBecPqUjMCZKGWQYeyPN0kMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkzLzQ3ZjUx
My03NmRiLTRhNjEtYjFiZS03NGRjODM4NmRjNmEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTMvNDdmNTEz
LTc2ZGItNGE2MS1iMWJlLTc0ZGM4Mzg2ZGM2YS8xLzFuWVkwMEY1dy1wU013Smtv
WlpCaDdJODNTUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuagAMA0EAgACMAcDBQMqDdtAMA0GCSqGSIb3
DQEBCwUAA4IBAQAARysHgPit8/WKQdmEO5RPDxXM8vvLC0+Q5lSYvdLId9evbTtq
+StjRlXx9TfXJ5yT2GpVZesmxKnRLHbw21VQPIRanH19nI1K5FaEZMiEve99pMCK
CRm88bU4OCg4eQmHtj0FGcdu1FVYvIgKoo+VF5RrJD874GBJkrYG8LpgogYFVaL2
V51QtfAxP/RFx3vANdw8nwHQE3HGj1ACkGABDMuWUycFy994G69OYWBQ2FXkawHA
qJ6tmUYTwTY2+PTnqD6bn8OqZ5oxfdmEux+fpl78E6sN0t5nxjXMtKlQ1mDw6B4d
Rjfji98KE0fr8VyT2Q//zJv6yyLePZS1Wkhr
-----END CERTIFICATE-----