Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3kaC5rKGYL2IqbTSjLHXXvfMbX8.cer
File:                     3kaC5rKGYL2IqbTSjLHXXvfMbX8.cer (raw, json)
Hash identifier:          02/uaXBTCdXL3urUckvXqqIReDwg8o3he0bw5l9g9Dg=
Subject key identifier:   DE:46:82:E6:B2:86:60:BD:88:A9:B4:D2:8C:B1:D7:5E:F7:CC:6D:7F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC348E4DFCA8033811A758C0B53A1F8C3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/74/3511af-0b4e-40b3-bf8f-479c114656fc/1/3kaC5rKGYL2IqbTSjLHXXvfMbX8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/74/3511af-0b4e-40b3-bf8f-479c114656fc/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:29:43 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 45.88.112.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e4:df:ca:80:33:81:1a:75:8c:0b:53:a1:f8:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de4682e6b28660bd88a9b4d28cb1d75ef7cc6d7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:6d:ac:e0:2c:fb:07:0d:7e:f9:6a:b2:8d:16:
                    b2:f9:4e:c8:bf:ec:56:dd:1b:b8:68:6d:4b:3b:93:
                    69:37:b6:71:70:ea:12:7e:f9:3b:85:dc:f8:bb:58:
                    8b:2b:00:66:3e:e1:fd:66:fc:d5:ee:b7:fa:10:fb:
                    73:c5:64:24:f8:16:33:f5:62:09:f7:fc:e1:bb:25:
                    83:f6:2a:b1:be:09:08:c5:16:b8:eb:1f:16:12:44:
                    03:30:0b:d5:eb:bb:49:be:ab:35:42:db:6e:45:47:
                    3a:29:17:7d:db:c3:95:3a:be:0a:c2:da:e7:cf:99:
                    96:cc:9b:17:ca:5d:34:bf:6d:4d:0c:d1:dd:7b:dd:
                    48:37:34:c7:74:3c:40:22:d2:aa:b7:8b:18:53:9a:
                    47:b4:a6:85:2c:da:b8:b2:13:c5:41:1a:e9:e3:ab:
                    05:a0:ab:26:bb:d1:0b:10:a8:b0:c9:a9:1f:54:1e:
                    3c:66:56:a0:25:a5:ab:06:bf:f3:9c:1f:9f:7a:88:
                    31:49:7f:1c:bf:18:9c:2b:96:c4:fd:84:f6:60:d4:
                    63:8e:00:b0:f0:06:5b:01:f4:ab:e7:5a:53:ec:c9:
                    38:00:4b:39:ab:b6:43:55:b8:44:07:66:35:97:0a:
                    75:3f:7f:7d:05:e4:e4:39:ba:3e:0c:b5:a5:98:7b:
                    45:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:46:82:E6:B2:86:60:BD:88:A9:B4:D2:8C:B1:D7:5E:F7:CC:6D:7F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/3511af-0b4e-40b3-bf8f-479c114656fc/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/3511af-0b4e-40b3-bf8f-479c114656fc/1/3kaC5rKGYL2IqbTSjLHXXvfMbX8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:d5:66:82:2c:50:a4:4d:29:d2:af:78:ff:87:05:f5:f5:aa:
         36:8d:d4:fe:06:2f:51:34:af:f7:6c:89:5e:c9:3b:57:1d:00:
         8b:17:3e:68:a8:70:c6:f3:11:da:dd:d2:46:33:25:e8:58:5f:
         fc:86:cd:13:75:b4:2b:1f:96:e2:90:d2:b3:5e:a7:ce:0c:b3:
         e3:0a:75:51:32:a9:d1:ac:ad:5c:ab:f0:9f:9d:8a:09:9b:c0:
         b7:e3:07:fa:3f:a6:5a:73:11:2a:0e:8a:54:b8:92:20:87:48:
         9c:37:04:ea:33:fb:6f:cb:96:df:8e:fa:e4:d8:02:10:c5:ac:
         1e:85:ab:06:01:1c:c1:a8:03:28:01:7f:80:77:8d:60:d0:8e:
         9b:f8:7e:93:ff:3d:d4:e0:3d:a8:8e:bd:1b:34:9b:c4:2e:50:
         f5:fc:49:aa:9e:8f:6a:19:63:44:92:84:af:69:84:9f:96:ca:
         79:74:a2:27:3e:ea:49:09:1f:68:db:c4:14:d2:ee:f3:09:05:
         e1:64:c6:77:a9:16:29:e1:55:d7:48:bc:36:dc:7f:43:87:d6:
         40:f3:87:d9:d3:15:ea:a8:b2:f1:2c:8e:02:b3:d5:61:3c:1c:
         12:77:65:78:43:4f:47:a9:dd:b7:33:0d:18:c4:bb:42:75:c5:
         18:ea:0c:5a
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzDSOTfyoAzgRp1jAtTofjDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTQ2ODJlNmIyODY2MGJkODhhOWI0ZDI4Y2IxZDc1ZWY3Y2M2ZDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkW2s4Cz7Bw1++WqyjRay+U7Iv+xW
3Ru4aG1LO5NpN7ZxcOoSfvk7hdz4u1iLKwBmPuH9ZvzV7rf6EPtzxWQk+BYz9WIJ
9/zhuyWD9iqxvgkIxRa46x8WEkQDMAvV67tJvqs1QttuRUc6KRd928OVOr4Kwtrn
z5mWzJsXyl00v21NDNHde91INzTHdDxAItKqt4sYU5pHtKaFLNq4shPFQRrp46sF
oKsmu9ELEKiwyakfVB48ZlagJaWrBr/znB+feogxSX8cvxicK5bE/YT2YNRjjgCw
8AZbAfSr51pT7Mk4AEs5q7ZDVbhEB2Y1lwp1P399BeTkObo+DLWlmHtF3wIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFN5GguayhmC9iKm00oyx1173zG1/MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc0LzM1MTFh
Zi0wYjRlLTQwYjMtYmY4Zi00NzljMTE0NjU2ZmMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzQvMzUxMWFm
LTBiNGUtNDBiMy1iZjhmLTQ3OWMxMTQ2NTZmYy8xLzNrYUM1cktHWUwySXFiVFNq
TEhYWHZmTWJYOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCLVhwMA0GCSqGSIb3DQEBCwUAA4IBAQAp1WaC
LFCkTSnSr3j/hwX19ao2jdT+Bi9RNK/3bIleyTtXHQCLFz5oqHDG8xHa3dJGMyXo
WF/8hs0TdbQrH5bikNKzXqfODLPjCnVRMqnRrK1cq/CfnYoJm8C34wf6P6ZacxEq
DopUuJIgh0icNwTqM/tvy5bfjvrk2AIQxawehasGARzBqAMoAX+Ad41g0I6b+H6T
/z3U4D2ojr0bNJvELlD1/Emqno9qGWNEkoSvaYSflsp5dKInPupJCR9o28QU0u7z
CQXhZMZ3qRYp4VXXSLw23H9Dh9ZA84fZ0xXqqLLxLI4Cs9VhPBwSd2V4Q09Hqd23
Mw0YxLtCdcUY6gxa
-----END CERTIFICATE-----