Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1zZ_wk0AT3HdKu8D-ctPLj-Qhqo.cer
File:                     1zZ_wk0AT3HdKu8D-ctPLj-Qhqo.cer (raw, json)
Hash identifier:          xg1aB7lME1+NVcQLJ6Ehclki4B8V5eDr/lCK95AmTWQ=
Subject key identifier:   D7:36:7F:C2:4D:00:4F:71:DD:2A:EF:03:F9:CB:4F:2E:3F:90:86:AA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC9BCCEB8A47189BF84A0D1E7B692EDD4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a1/d8c6b8-d14a-47d9-a054-b9c794e03cba/1/1zZ_wk0AT3HdKu8D-ctPLj-Qhqo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a1/d8c6b8-d14a-47d9-a054-b9c794e03cba/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 10:34:03 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.236.193.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Apr 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:ce:b8:a4:71:89:bf:84:a0:d1:e7:b6:92:ed:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 10:34:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7367fc24d004f71dd2aef03f9cb4f2e3f9086aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a1:f4:91:a5:9b:2e:98:fa:f4:e6:59:bb:4d:
                    0a:a2:9a:39:f9:eb:fe:06:e2:f3:0c:49:eb:83:f7:
                    7f:ac:6b:00:be:df:99:72:66:6b:f0:07:4e:b2:2f:
                    fd:17:18:68:78:38:57:6b:c0:d5:bb:92:25:f2:b7:
                    19:ed:0d:db:ee:ea:bd:29:e5:27:d2:5a:ab:66:1b:
                    c5:3c:b2:ab:05:e0:be:96:8d:0c:ed:d9:dc:33:cd:
                    51:3d:1e:d9:76:c4:72:af:8d:f7:8e:d5:4c:43:cd:
                    15:51:28:6b:de:1f:4f:19:2b:d9:3c:0b:3f:d1:83:
                    95:c0:70:36:c4:17:32:a5:f2:2c:06:33:0f:d0:74:
                    5a:dd:5b:fb:30:37:ee:95:d5:d2:05:fe:41:e0:b4:
                    c2:80:4f:8f:8b:5a:4a:9e:ff:64:bd:85:03:e0:43:
                    e3:68:10:05:10:70:1b:f1:60:23:cf:ec:c7:dc:1e:
                    e2:1c:6a:a1:ac:be:d7:ea:6c:56:bf:95:76:c9:7f:
                    5f:c8:7f:26:de:87:8a:ee:93:e3:92:21:7a:4a:2a:
                    3b:7d:34:35:09:d7:f2:b3:11:52:c7:a9:76:58:b5:
                    d7:2b:c6:0d:1c:d1:ec:92:d8:2e:52:b1:05:f3:d7:
                    98:67:d0:b6:0e:33:d2:f8:3e:2c:c4:1f:e3:35:6b:
                    9d:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:36:7F:C2:4D:00:4F:71:DD:2A:EF:03:F9:CB:4F:2E:3F:90:86:AA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/d8c6b8-d14a-47d9-a054-b9c794e03cba/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/d8c6b8-d14a-47d9-a054-b9c794e03cba/1/1zZ_wk0AT3HdKu8D-ctPLj-Qhqo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:29:ae:3f:bd:2f:e1:67:47:bd:f1:9f:11:8e:b5:6c:3b:a5:
         dc:a9:f9:b8:30:05:28:f1:c7:d6:33:aa:73:21:0d:ee:26:f5:
         91:51:4e:7b:0f:07:d5:1c:c6:54:22:98:54:9f:0f:21:68:02:
         8e:7c:43:19:65:02:8e:03:09:ee:8a:0c:aa:5d:ff:c6:82:df:
         03:5c:11:09:e7:67:fe:be:db:42:e5:d6:38:93:68:57:ad:dc:
         e1:09:55:63:07:e3:7c:d2:c1:1b:1a:ce:c5:62:e2:3c:f7:c9:
         a4:bb:19:94:e8:52:4d:41:b9:c5:98:b3:6a:3f:ac:2f:f1:b5:
         8e:1c:7e:ce:01:64:ad:f0:e5:35:82:f2:3d:10:4e:d9:34:3d:
         d1:48:e4:7c:26:96:fc:c1:94:bc:c1:4c:54:84:d7:27:0f:92:
         f8:3e:21:68:df:22:91:62:14:6f:9f:69:b8:5e:c4:da:74:66:
         3d:c5:8f:97:36:64:b4:5d:aa:b9:c4:ec:6d:1e:2b:c4:b5:67:
         87:86:e1:27:c0:36:46:38:02:6e:a3:b0:21:1b:2d:b6:45:cb:
         44:54:eb:36:09:1a:82:71:99:d8:4f:7a:20:27:e4:06:bb:c4:
         04:bc:2e:a3:7b:d1:3d:06:ea:1a:b4:2b:5f:40:b8:cc:9b:83:
         5c:40:0f:5c
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzJvM64pHGJv4Sg0ee2ku3UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTAzNDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzM2N2ZjMjRkMDA0ZjcxZGQyYWVmMDNmOWNiNGYyZTNmOTA4NmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKH0kaWbLpj69OZZu00Kopo5+ev+
BuLzDEnrg/d/rGsAvt+ZcmZr8AdOsi/9FxhoeDhXa8DVu5Il8rcZ7Q3b7uq9KeUn
0lqrZhvFPLKrBeC+lo0M7dncM81RPR7ZdsRyr433jtVMQ80VUShr3h9PGSvZPAs/
0YOVwHA2xBcypfIsBjMP0HRa3Vv7MDfuldXSBf5B4LTCgE+Pi1pKnv9kvYUD4EPj
aBAFEHAb8WAjz+zH3B7iHGqhrL7X6mxWv5V2yX9fyH8m3oeK7pPjkiF6Sio7fTQ1
CdfysxFSx6l2WLXXK8YNHNHsktguUrEF89eYZ9C2DjPS+D4sxB/jNWudewIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFNc2f8JNAE9x3SrvA/nLTy4/kIaqMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ExL2Q4YzZi
OC1kMTRhLTQ3ZDktYTA1NC1iOWM3OTRlMDNjYmEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTEvZDhjNmI4
LWQxNGEtNDdkOS1hMDU0LWI5Yzc5NGUwM2NiYS8xLzF6Wl93azBBVDNIZEt1OEQt
Y3RQTGotUWhxby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW+zBMA0GCSqGSIb3DQEBCwUAA4IBAQBkKa4/
vS/hZ0e98Z8RjrVsO6Xcqfm4MAUo8cfWM6pzIQ3uJvWRUU57DwfVHMZUIphUnw8h
aAKOfEMZZQKOAwnuigyqXf/Ggt8DXBEJ52f+vttC5dY4k2hXrdzhCVVjB+N80sEb
Gs7FYuI898mkuxmU6FJNQbnFmLNqP6wv8bWOHH7OAWSt8OU1gvI9EE7ZND3RSOR8
Jpb8wZS8wUxUhNcnD5L4PiFo3yKRYhRvn2m4XsTadGY9xY+XNmS0Xaq5xOxtHivE
tWeHhuEnwDZGOAJuo7AhGy22RctEVOs2CRqCcZnYT3ogJ+QGu8QEvC6je9E9Buoa
tCtfQLjMm4NcQA9c
-----END CERTIFICATE-----