Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2VJzaCBuPppZJAgd9jiAJG5cVBo.cer
File:                     2VJzaCBuPppZJAgd9jiAJG5cVBo.cer (raw, json)
Hash identifier:          K1haFQOEYJb4C+cqBcUqT67u0+HtjcUYWEu1vYeVgvs=
Subject key identifier:   D9:52:73:68:20:6E:3E:9A:59:24:08:1D:F6:38:80:24:6E:5C:54:1A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC34950CA483D6AE90171E1D699F890E6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d8/82129a-5263-43d2-bc63-19620615579b/1/2VJzaCBuPppZJAgd9jiAJG5cVBo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d8/82129a-5263-43d2-bc63-19620615579b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:30:11 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 140.105.0.0/16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:50:ca:48:3d:6a:e9:01:71:e1:d6:99:f8:90:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9527368206e3e9a5924081df63880246e5c541a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:67:a9:40:58:67:6f:c4:d9:09:b2:cb:bc:9a:
                    fb:78:83:68:9d:84:12:89:7d:0a:c5:a8:56:34:83:
                    e7:75:f8:ed:6f:5e:b7:10:28:0f:5d:13:67:17:83:
                    e7:72:6c:27:28:3d:6b:37:49:fc:aa:24:4c:12:e2:
                    da:5e:97:0b:ef:aa:ca:f9:7b:86:8f:36:cd:2c:86:
                    9d:be:65:ff:57:86:ab:e2:b0:19:ac:9f:ff:55:c5:
                    db:5e:b2:94:69:d1:6e:39:1f:c6:df:ee:cd:70:cc:
                    fd:34:40:6c:63:38:6a:a0:f2:b4:54:64:b9:28:9d:
                    dd:6e:e9:fa:58:89:fa:47:bc:97:19:a8:c5:ad:1c:
                    eb:23:16:7e:4b:2c:10:f4:1f:a0:71:65:77:05:99:
                    00:1a:38:23:3d:34:a0:9b:1d:49:4c:96:d9:f5:93:
                    c7:8f:61:90:33:5f:6c:45:82:36:64:12:47:b0:0f:
                    ff:2c:9d:89:d3:07:43:e0:d5:b6:8b:2a:4f:13:0c:
                    26:5e:0a:13:8a:96:b0:28:9f:10:54:b8:e3:ff:d6:
                    e1:24:b1:5f:27:91:73:14:9c:36:32:28:5b:08:76:
                    70:ec:ad:2c:c7:c0:4c:d6:53:5d:c8:75:ad:0c:b2:
                    d9:d4:bd:c6:a2:d9:eb:2b:22:dd:d7:8d:d4:29:2a:
                    5d:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:52:73:68:20:6E:3E:9A:59:24:08:1D:F6:38:80:24:6E:5C:54:1A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/82129a-5263-43d2-bc63-19620615579b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/82129a-5263-43d2-bc63-19620615579b/1/2VJzaCBuPppZJAgd9jiAJG5cVBo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.105.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         79:42:86:e7:7a:8f:91:6e:4c:32:00:80:11:47:64:d3:99:61:
         63:61:5a:2c:3d:24:55:00:1b:6e:6d:49:05:c9:de:23:51:c5:
         1e:ff:85:39:b9:f9:4c:0b:41:6d:6c:bf:c2:78:65:99:8a:91:
         2b:3b:e1:91:8d:1b:58:05:01:35:8e:33:6f:5c:c7:5a:03:3c:
         79:fc:ad:b7:81:94:40:ba:77:bb:61:07:3f:22:8e:07:90:9c:
         bd:1a:25:e8:54:d5:ef:47:cf:62:33:bd:ca:60:9c:5e:8c:0c:
         52:7d:9f:58:f8:3a:c2:82:96:a2:bc:e0:20:a3:c9:18:0f:e2:
         22:d4:c3:5b:d2:1d:05:35:b3:8c:bc:7d:bd:0c:7e:58:9f:d9:
         0c:e7:7b:18:d2:2e:40:23:cd:f3:bb:95:75:78:7f:93:0f:31:
         1b:f6:17:f0:db:6e:5c:d9:2e:0b:ba:f2:57:63:1a:94:d4:5b:
         03:c5:1b:ca:fa:60:7e:99:f6:f1:fe:60:28:94:79:c9:e7:19:
         31:67:c5:eb:e2:da:f9:8b:2c:40:4d:87:55:52:55:59:e0:25:
         43:b2:ee:1a:ef:33:35:0a:3a:6a:6d:75:70:9d:36:70:62:d9:
         09:97:31:37:22:ba:79:c3:86:62:15:29:41:89:5f:af:39:36:
         63:22:cf:1c
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAYzDSVDKSD1q6QFx4daZ+JDmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTUyNzM2ODIwNmUzZTlhNTkyNDA4MWRmNjM4ODAyNDZlNWM1NDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+GepQFhnb8TZCbLLvJr7eINonYQS
iX0KxahWNIPndfjtb163ECgPXRNnF4PncmwnKD1rN0n8qiRMEuLaXpcL76rK+XuG
jzbNLIadvmX/V4ar4rAZrJ//VcXbXrKUadFuOR/G3+7NcMz9NEBsYzhqoPK0VGS5
KJ3dbun6WIn6R7yXGajFrRzrIxZ+SywQ9B+gcWV3BZkAGjgjPTSgmx1JTJbZ9ZPH
j2GQM19sRYI2ZBJHsA//LJ2J0wdD4NW2iypPEwwmXgoTipawKJ8QVLjj/9bhJLFf
J5FzFJw2MihbCHZw7K0sx8BM1lNdyHWtDLLZ1L3GotnrKyLd143UKSpdFwIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFNlSc2ggbj6aWSQIHfY4gCRuXFQaMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q4LzgyMTI5
YS01MjYzLTQzZDItYmM2My0xOTYyMDYxNTU3OWIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDgvODIxMjlh
LTUyNjMtNDNkMi1iYzYzLTE5NjIwNjE1NTc5Yi8xLzJWSnphQ0J1UHBwWkpBZ2Q5
amlBSkc1Y1ZCby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUF
BwEHAQH/BA8wDTALBAIAATAFAwMAjGkwDQYJKoZIhvcNAQELBQADggEBAHlChud6
j5FuTDIAgBFHZNOZYWNhWiw9JFUAG25tSQXJ3iNRxR7/hTm5+UwLQW1sv8J4ZZmK
kSs74ZGNG1gFATWOM29cx1oDPHn8rbeBlEC6d7thBz8ijgeQnL0aJehU1e9Hz2Iz
vcpgnF6MDFJ9n1j4OsKClqK84CCjyRgP4iLUw1vSHQU1s4y8fb0Mflif2QznexjS
LkAjzfO7lXV4f5MPMRv2F/DbblzZLgu68ldjGpTUWwPFG8r6YH6Z9vH+YCiUecnn
GTFnxevi2vmLLEBNh1VSVVngJUOy7hrvMzUKOmptdXCdNnBi2QmXMTciunnDhmIV
KUGJX685NmMizxw=
-----END CERTIFICATE-----