Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3V9y8PrPUnBXJ8A5vcH7t8yX1Cg.cer
File:                     3V9y8PrPUnBXJ8A5vcH7t8yX1Cg.cer (raw, json)
Hash identifier:          qgCVM3dpUbE7Qs7pbObPCfRuavefHoaM4/5MCOWLkYc=
Subject key identifier:   DD:5F:72:F0:FA:CF:52:70:57:27:C0:39:BD:C1:FB:B7:CC:97:D4:28
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC64B352E6A8FBB3A93D83B8BA844FF45
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/72/2f33ee-5590-4a22-b8e2-2880612705ee/1/3V9y8PrPUnBXJ8A5vcH7t8yX1Cg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/72/2f33ee-5590-4a22-b8e2-2880612705ee/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:31:06 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.141.183.0/24
                          IP: 193.141.188.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 08:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:35:2e:6a:8f:bb:3a:93:d8:3b:8b:a8:44:ff:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd5f72f0facf52705727c039bdc1fbb7cc97d428
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:9a:57:3c:12:ee:ce:c1:11:35:d9:ac:71:1d:
                    2e:0e:e8:1d:a5:49:0d:e5:3d:d4:20:7e:76:7d:2b:
                    2e:88:37:4a:d6:d6:bb:77:e6:94:f4:ab:2f:7b:ec:
                    b8:85:2a:76:11:bf:7e:fc:9a:50:9a:a2:89:81:8d:
                    d3:e7:9f:b6:c5:1b:4d:e2:55:45:35:3b:38:56:ef:
                    84:d4:3e:cc:a7:b8:44:08:71:ad:8d:f5:4f:5a:88:
                    43:93:45:ef:b6:1d:8b:97:53:49:6b:1d:d0:54:1e:
                    78:fe:39:7a:cf:a9:81:e8:d4:02:58:32:7d:22:83:
                    77:3f:3e:fd:56:86:be:3a:43:1b:9e:8a:82:c6:95:
                    c6:f6:fb:67:4e:79:a8:f6:fa:4e:0b:97:43:6c:84:
                    2e:2a:26:a3:2b:fc:d9:ca:d9:93:a3:07:90:28:a4:
                    b7:45:2d:62:86:dc:a6:93:6c:bf:36:85:71:f9:4a:
                    65:b9:51:1d:e4:16:a8:9d:bb:e4:46:ea:ac:8c:69:
                    25:e8:bf:f0:8a:d9:ac:64:e5:30:6f:1f:79:47:e1:
                    d8:bc:12:eb:79:3e:5e:ba:0c:a4:6c:72:a5:de:55:
                    09:58:69:4e:43:46:92:9e:23:fa:1f:d2:40:e4:79:
                    cf:84:03:c3:ec:f4:bc:ba:32:87:0b:9d:4c:5b:44:
                    d5:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:5F:72:F0:FA:CF:52:70:57:27:C0:39:BD:C1:FB:B7:CC:97:D4:28
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2f33ee-5590-4a22-b8e2-2880612705ee/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2f33ee-5590-4a22-b8e2-2880612705ee/1/3V9y8PrPUnBXJ8A5vcH7t8yX1Cg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.141.183.0/24
                  193.141.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:ea:8a:43:ec:13:f6:62:02:e1:6e:1c:26:11:31:38:2a:a4:
         06:a0:14:12:c3:f5:e8:89:45:b3:c5:b8:99:bc:6e:a0:a1:89:
         2f:ec:87:7b:7e:5f:7b:bb:e0:5b:b8:82:52:1b:8c:82:56:02:
         62:0e:3a:07:d8:90:7a:d0:b3:d8:8d:bd:96:a5:ee:d8:ee:2f:
         cc:0a:96:44:e4:78:6b:7a:0c:09:58:0e:93:d5:cd:d5:09:fb:
         d3:2c:c4:31:a6:68:c2:aa:48:29:27:a7:3b:6a:f2:a7:b6:cd:
         cd:b6:57:11:16:16:3c:09:eb:91:24:96:ba:45:39:47:f2:ae:
         7d:c3:c7:f9:b6:97:57:11:f4:e6:39:fd:0d:ed:56:bb:1e:ed:
         03:00:64:2c:e6:57:87:27:24:81:8a:c3:cf:33:f1:d0:af:0a:
         16:17:53:d0:7c:e5:7d:ae:27:ed:73:50:61:cd:d0:ec:d8:15:
         53:56:72:e1:c6:0d:85:35:31:44:65:a1:bd:01:a1:4d:f5:c1:
         76:67:d3:2d:40:50:0a:d8:ff:69:26:ab:04:7d:e7:3c:29:83:
         94:2d:fa:41:fa:b4:ae:51:3c:ea:d3:6c:8a:fe:9b:8e:21:6a:
         eb:a8:b2:e5:cc:fb:fc:3e:05:b1:48:68:4a:96:49:21:98:9b:
         ff:fe:f8:c8
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAYzGSzUuao+7OpPYO4uoRP9FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDVmNzJmMGZhY2Y1MjcwNTcyN2MwMzliZGMxZmJiN2NjOTdkNDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9ZpXPBLuzsERNdmscR0uDugdpUkN
5T3UIH52fSsuiDdK1ta7d+aU9Ksve+y4hSp2Eb9+/JpQmqKJgY3T55+2xRtN4lVF
NTs4Vu+E1D7Mp7hECHGtjfVPWohDk0Xvth2Ll1NJax3QVB54/jl6z6mB6NQCWDJ9
IoN3Pz79Voa+OkMbnoqCxpXG9vtnTnmo9vpOC5dDbIQuKiajK/zZytmToweQKKS3
RS1ihtymk2y/NoVx+UpluVEd5BaonbvkRuqsjGkl6L/witmsZOUwbx95R+HYvBLr
eT5eugykbHKl3lUJWGlOQ0aSniP6H9JA5HnPhAPD7PS8ujKHC51MW0TVfwIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFN1fcvD6z1JwVyfAOb3B+7fMl9QoMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzcyLzJmMzNl
ZS01NTkwLTRhMjItYjhlMi0yODgwNjEyNzA1ZWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzIvMmYzM2Vl
LTU1OTAtNGEyMi1iOGUyLTI4ODA2MTI3MDVlZS8xLzNWOXk4UHJQVW5CWEo4QTV2
Y0g3dDh5WDFDZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQAwY23AwQAwY28MA0GCSqGSIb3DQEBCwUAA4IB
AQCb6opD7BP2YgLhbhwmETE4KqQGoBQSw/XoiUWzxbiZvG6goYkv7Id7fl97u+Bb
uIJSG4yCVgJiDjoH2JB60LPYjb2Wpe7Y7i/MCpZE5HhregwJWA6T1c3VCfvTLMQx
pmjCqkgpJ6c7avKnts3NtlcRFhY8CeuRJJa6RTlH8q59w8f5tpdXEfTmOf0N7Va7
Hu0DAGQs5leHJySBisPPM/HQrwoWF1PQfOV9riftc1BhzdDs2BVTVnLhxg2FNTFE
ZaG9AaFN9cF2Z9MtQFAK2P9pJqsEfec8KYOULfpB+rSuUTzq02yK/puOIWrrqLLl
zPv8PgWxSGhKlkkhmJv//vjI
-----END CERTIFICATE-----