Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a0Nc4x68DWaBjA2VBZEDQGYW6I.cer
File:                     2a0Nc4x68DWaBjA2VBZEDQGYW6I.cer (raw, json)
Hash identifier:          sMttx3b0OqubA3fW1WpoefY0v4sQKcLt8Shmne/9FRU=
Subject key identifier:   D9:AD:0D:73:8C:7A:F0:35:9A:06:30:36:54:16:44:0D:01:98:5B:A2
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC6B83333C67C63B2354B56955F0DCBB0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e1/0dd80b-c5b4-4e6c-ba2e-b137cfb37463/1/2a0Nc4x68DWaBjA2VBZEDQGYW6I.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e1/0dd80b-c5b4-4e6c-ba2e-b137cfb37463/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 20:30:09 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.251.14.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Apr 2024 20:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:33:33:c6:7c:63:b2:35:4b:56:95:5f:0d:cb:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9ad0d738c7af0359a0630365416440d01985ba2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:49:8e:37:dd:f1:f3:1b:d9:83:67:92:ca:d5:
                    6c:6a:64:34:d1:3c:b1:5b:88:cb:a7:14:22:1d:cd:
                    42:e7:a9:ce:f0:5a:6a:0f:80:c1:3e:61:a4:b7:32:
                    c2:6d:2e:7e:29:d5:c2:8e:48:eb:d9:7e:98:74:3f:
                    06:2b:91:42:eb:fc:be:fa:07:d2:e0:68:27:13:53:
                    70:64:b0:ae:58:ee:a8:4b:dd:14:77:0b:3d:47:4d:
                    3f:34:70:49:16:15:1e:34:3f:8b:fd:fe:e9:49:13:
                    cf:c4:34:d3:81:49:33:f0:99:82:09:10:87:85:bc:
                    19:ae:d6:70:83:87:b5:52:e6:72:50:ce:69:27:8a:
                    5f:04:c0:3e:1c:c1:c0:4c:59:2b:97:e7:fd:58:ff:
                    66:31:32:76:96:b9:90:15:61:32:86:11:57:1f:e0:
                    44:72:c3:b6:68:ac:97:22:9c:03:9f:88:41:c6:b2:
                    6c:81:76:da:a7:d0:3e:77:79:1c:ed:74:6e:1b:f1:
                    ed:08:f1:80:51:98:59:1e:04:9f:fa:d5:a3:0c:7b:
                    66:65:d9:b5:9f:93:3b:06:63:5a:cd:c3:25:f0:a2:
                    c1:f8:6a:99:93:82:cd:2b:8b:17:2f:1d:92:8d:01:
                    25:3a:cf:4b:05:4c:85:83:8a:f2:d1:3a:d4:fb:f7:
                    29:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:AD:0D:73:8C:7A:F0:35:9A:06:30:36:54:16:44:0D:01:98:5B:A2
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/0dd80b-c5b4-4e6c-ba2e-b137cfb37463/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/0dd80b-c5b4-4e6c-ba2e-b137cfb37463/1/2a0Nc4x68DWaBjA2VBZEDQGYW6I.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.251.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:3f:73:29:b1:d6:83:35:f6:a8:0e:34:94:0b:a6:ae:74:be:
         27:51:26:38:55:e8:36:46:1e:84:63:77:32:cd:53:2c:1a:44:
         f6:6b:03:80:34:73:42:1d:fe:8d:1c:2f:9b:cc:e3:ef:6b:3b:
         2f:03:55:2e:b6:83:f4:c4:e0:f9:b1:2f:c3:c6:8b:13:b2:fe:
         57:33:f3:0d:f0:3b:2d:15:5d:57:3a:a7:e4:b5:44:6c:13:f2:
         51:27:23:a0:11:47:43:01:56:d5:7e:15:5a:cb:a5:98:54:f8:
         51:24:44:01:93:99:a2:7c:1e:da:34:00:ab:5c:c2:e3:91:50:
         47:81:3a:c7:0f:53:d4:eb:48:bf:96:ec:06:99:13:10:32:30:
         7a:53:36:ed:85:c1:20:2c:5c:17:bd:23:74:2e:6b:3a:b8:88:
         a0:bc:22:38:29:e1:9c:34:c4:c6:72:aa:b5:2d:ca:ff:8b:ee:
         87:11:64:53:3a:a8:fd:7f:9b:22:ab:d8:44:36:c9:d5:70:d2:
         af:12:9b:b4:ce:74:fb:38:0d:62:98:a5:7f:cd:af:d8:39:4c:
         c6:a1:f9:e3:05:37:3f:af:43:c0:4f:0f:0c:62:b1:35:e6:62:
         d9:ce:fc:c9:e8:7a:c5:c7:e3:8c:1c:e8:da:c5:69:9e:c3:9f:
         5d:d8:dd:bc
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzGuDMzxnxjsjVLVpVfDcuwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjAzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWFkMGQ3MzhjN2FmMDM1OWEwNjMwMzY1NDE2NDQwZDAxOTg1YmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEmON93x8xvZg2eSytVsamQ00Tyx
W4jLpxQiHc1C56nO8FpqD4DBPmGktzLCbS5+KdXCjkjr2X6YdD8GK5FC6/y++gfS
4GgnE1NwZLCuWO6oS90Udws9R00/NHBJFhUeND+L/f7pSRPPxDTTgUkz8JmCCRCH
hbwZrtZwg4e1UuZyUM5pJ4pfBMA+HMHATFkrl+f9WP9mMTJ2lrmQFWEyhhFXH+BE
csO2aKyXIpwDn4hBxrJsgXbap9A+d3kc7XRuG/HtCPGAUZhZHgSf+tWjDHtmZdm1
n5M7BmNazcMl8KLB+GqZk4LNK4sXLx2SjQElOs9LBUyFg4ry0TrU+/cp8wIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFNmtDXOMevA1mgYwNlQWRA0BmFuiMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2UxLzBkZDgw
Yi1jNWI0LTRlNmMtYmEyZS1iMTM3Y2ZiMzc0NjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTEvMGRkODBi
LWM1YjQtNGU2Yy1iYTJlLWIxMzdjZmIzNzQ2My8xLzJhME5jNHg2OERXYUJqQTJW
QlpFRFFHWVc2SS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAufsOMA0GCSqGSIb3DQEBCwUAA4IBAQCAP3Mp
sdaDNfaoDjSUC6audL4nUSY4Veg2Rh6EY3cyzVMsGkT2awOANHNCHf6NHC+bzOPv
azsvA1UutoP0xOD5sS/DxosTsv5XM/MN8DstFV1XOqfktURsE/JRJyOgEUdDAVbV
fhVay6WYVPhRJEQBk5mifB7aNACrXMLjkVBHgTrHD1PU60i/luwGmRMQMjB6Uzbt
hcEgLFwXvSN0Lms6uIigvCI4KeGcNMTGcqq1Lcr/i+6HEWRTOqj9f5siq9hENsnV
cNKvEpu0znT7OA1imKV/za/YOUzGofnjBTc/r0PATw8MYrE15mLZzvzJ6HrFx+OM
HOjaxWmew59d2N28
-----END CERTIFICATE-----