Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2gqhNedmvFsn3S9QFPtjrrWR-Po.cer
File:                     2gqhNedmvFsn3S9QFPtjrrWR-Po.cer (raw, json)
Hash identifier:          296JJcuKuF4uraIFCtxqGwGesZPG9KJyFcpV4q8vmg4=
Subject key identifier:   DA:0A:A1:35:E7:66:BC:5B:27:DD:2F:50:14:FB:63:AE:B5:91:F8:FA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018E75D623B0F6C137EE527EBA9DBAD7DA6C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/0c/947302-2a8b-4dce-9f21-af3af082f943/1/2gqhNedmvFsn3S9QFPtjrrWR-Po.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/0c/947302-2a8b-4dce-9f21-af3af082f943/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 25 Mar 2024 13:39:11 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.90.211.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:75:d6:23:b0:f6:c1:37:ee:52:7e:ba:9d:ba:d7:da:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar 25 13:39:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da0aa135e766bc5b27dd2f5014fb63aeb591f8fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:93:33:9a:b7:03:91:a8:f7:3e:ac:57:84:48:
                    b1:b5:a7:d0:e5:4c:ba:60:29:a5:31:7f:f7:39:45:
                    fa:91:b9:61:b6:fd:3f:74:bb:66:7f:df:71:c3:6a:
                    62:c5:bc:9e:54:08:0b:5f:08:2a:80:97:ad:f5:0a:
                    fb:39:d0:7d:9a:0d:d2:68:ff:40:e5:c7:39:8c:77:
                    ea:81:9c:32:30:14:b1:13:d7:e3:b3:0d:b5:cd:bd:
                    59:b6:1c:49:8e:3e:d6:ac:14:99:98:77:68:1e:b5:
                    92:6e:e6:86:bc:71:de:0c:3b:54:f5:02:b8:6b:61:
                    30:4f:63:f7:90:c2:9d:9a:2c:a3:d0:64:a9:24:66:
                    95:df:39:19:ef:92:8b:d2:8e:46:c4:9d:d6:9c:19:
                    f3:49:aa:89:4a:e7:72:0e:e1:67:65:71:0d:61:36:
                    9e:7f:f0:57:cb:ea:75:33:6a:0b:80:45:9b:59:b7:
                    f8:81:74:9f:93:ac:0c:0b:b9:46:54:19:a1:b9:65:
                    6a:cb:86:3d:2d:ec:56:22:ca:db:59:4a:c2:54:3d:
                    2c:c5:f8:b5:a0:d0:29:a3:5b:9d:af:bd:b2:f4:87:
                    ce:f4:95:59:fa:1c:34:b3:18:c2:f4:2d:37:bb:b1:
                    19:19:ec:9f:8e:ed:0c:91:e8:33:2c:81:cf:f0:27:
                    09:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:0A:A1:35:E7:66:BC:5B:27:DD:2F:50:14:FB:63:AE:B5:91:F8:FA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/947302-2a8b-4dce-9f21-af3af082f943/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/947302-2a8b-4dce-9f21-af3af082f943/1/2gqhNedmvFsn3S9QFPtjrrWR-Po.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.90.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:1b:57:fb:a4:49:74:c4:3d:26:c1:f6:07:cf:4e:10:dc:34:
         13:33:a6:d7:34:d0:ca:2e:86:a9:b7:aa:28:8d:8a:44:9b:73:
         8f:33:fc:48:94:60:0e:7d:cf:4a:af:b4:0e:d3:99:a6:ea:69:
         39:51:de:b6:9f:35:d1:18:02:04:2f:6d:ac:6c:7c:32:84:ca:
         08:9a:33:62:3b:6f:63:8a:61:ac:70:00:ff:dc:d5:98:35:89:
         46:11:73:a5:49:2a:83:48:34:a8:32:b3:2b:24:2a:1a:19:c2:
         7c:d5:b8:26:1f:80:f9:14:2a:bb:43:86:96:48:dc:ad:9f:f9:
         f8:a1:53:e2:a7:2b:89:64:14:55:a1:3b:a1:6c:bb:2b:96:25:
         3b:0a:59:68:92:36:9f:ee:6a:88:cf:68:5b:86:28:53:1c:63:
         7f:87:08:09:3a:70:e0:aa:75:c6:58:78:d5:b5:b1:ee:8a:33:
         90:5f:37:44:24:ca:8f:46:77:35:25:36:a7:b0:ee:b3:d7:3d:
         f8:1d:f4:ee:35:ec:69:ca:99:63:3f:b2:e0:be:a2:4c:97:2c:
         29:c3:8f:52:9d:0d:39:1a:be:1f:af:93:71:84:07:1c:85:bb:
         84:fa:3d:0b:74:a5:e5:b1:b6:f0:e9:67:c9:43:c6:da:db:cd:
         32:fe:6c:57
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAY511iOw9sE37lJ+up2619psMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMzI1MTMzOTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTBhYTEzNWU3NjZiYzViMjdkZDJmNTAxNGZiNjNhZWI1OTFmOGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZMzmrcDkaj3PqxXhEixtafQ5Uy6
YCmlMX/3OUX6kblhtv0/dLtmf99xw2pixbyeVAgLXwgqgJet9Qr7OdB9mg3SaP9A
5cc5jHfqgZwyMBSxE9fjsw21zb1ZthxJjj7WrBSZmHdoHrWSbuaGvHHeDDtU9QK4
a2EwT2P3kMKdmiyj0GSpJGaV3zkZ75KL0o5GxJ3WnBnzSaqJSudyDuFnZXENYTae
f/BXy+p1M2oLgEWbWbf4gXSfk6wMC7lGVBmhuWVqy4Y9LexWIsrbWUrCVD0sxfi1
oNApo1udr72y9IfO9JVZ+hw0sxjC9C03u7EZGeyfju0MkegzLIHP8CcJPQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFNoKoTXnZrxbJ90vUBT7Y661kfj6MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBjLzk0NzMw
Mi0yYThiLTRkY2UtOWYyMS1hZjNhZjA4MmY5NDMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGMvOTQ3MzAy
LTJhOGItNGRjZS05ZjIxLWFmM2FmMDgyZjk0My8xLzJncWhOZWRtdkZzbjNTOVFG
UHRqcnJXUi1Qby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW1rTMA0GCSqGSIb3DQEBCwUAA4IBAQBfG1f7
pEl0xD0mwfYHz04Q3DQTM6bXNNDKLoapt6oojYpEm3OPM/xIlGAOfc9Kr7QO05mm
6mk5Ud62nzXRGAIEL22sbHwyhMoImjNiO29jimGscAD/3NWYNYlGEXOlSSqDSDSo
MrMrJCoaGcJ81bgmH4D5FCq7Q4aWSNytn/n4oVPipyuJZBRVoTuhbLsrliU7Cllo
kjaf7mqIz2hbhihTHGN/hwgJOnDgqnXGWHjVtbHuijOQXzdEJMqPRnc1JTansO6z
1z34HfTuNexpypljP7LgvqJMlywpw49SnQ05Gr4fr5NxhAcchbuE+j0LdKXlsbbw
6WfJQ8ba280y/mxX
-----END CERTIFICATE-----