Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3qhfIWaKmNfoGnQYPwzOUTCGYBs.cer
File:                     3qhfIWaKmNfoGnQYPwzOUTCGYBs.cer (raw, json)
Hash identifier:          sLhrQaSDG7ZgXlp1fwVbcLXiwRRU2B9c1BWmsPAm5BI=
Subject key identifier:   DE:A8:5F:21:66:8A:98:D7:E8:1A:74:18:3F:0C:CE:51:30:86:60:1B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018D882AB762C08000041A4662C4C958D078
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/03/949daa-1ed1-4088-9c4b-52f8ff18d069/1/3qhfIWaKmNfoGnQYPwzOUTCGYBs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/03/949daa-1ed1-4088-9c4b-52f8ff18d069/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 08 Feb 2024 10:01:57 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.36.48.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:88:2a:b7:62:c0:80:00:04:1a:46:62:c4:c9:58:d0:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Feb  8 10:01:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dea85f21668a98d7e81a74183f0cce513086601b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:9c:e9:5f:81:9c:8c:96:1f:72:84:76:e7:1d:
                    c4:9b:d0:71:d6:7f:b8:5d:7b:b9:70:e1:f3:a3:75:
                    1b:28:d1:8c:b3:f2:f6:a3:de:24:49:de:4e:c9:cc:
                    99:d4:64:bc:1e:b0:2c:fe:f7:13:a6:14:2a:38:90:
                    ff:b8:73:5b:57:f8:2c:3a:d8:c2:b8:46:03:c7:9c:
                    f7:9e:52:83:3b:fd:f1:e5:d0:3f:c4:04:c3:db:13:
                    0e:2c:c0:64:b4:e4:30:93:24:96:03:55:df:1b:00:
                    d8:4d:75:42:22:a1:cd:ff:bb:69:0e:be:16:47:c7:
                    40:89:56:62:e1:22:f3:0b:7f:ab:18:4e:57:09:cf:
                    7a:f1:7e:04:a8:f4:cc:30:62:84:dc:bb:d4:9c:b9:
                    9b:bc:69:c5:04:3c:f5:e3:b4:c4:37:ab:f5:8f:56:
                    41:eb:e3:e2:33:1b:45:1f:f2:03:93:d6:cd:9e:3c:
                    fa:d3:4d:6c:ce:6b:01:91:95:5c:55:90:7c:2e:e2:
                    43:5e:15:78:ad:55:ee:b8:d0:b6:e1:a2:c7:b9:56:
                    f0:15:7a:1c:16:eb:ae:d1:7a:ab:2f:63:88:3c:5d:
                    ad:4a:ee:e2:06:03:b4:b6:1e:f3:af:24:c4:aa:18:
                    77:0d:70:09:5f:3f:00:c2:f0:86:3d:a2:01:5e:2f:
                    5a:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:A8:5F:21:66:8A:98:D7:E8:1A:74:18:3F:0C:CE:51:30:86:60:1B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/949daa-1ed1-4088-9c4b-52f8ff18d069/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/949daa-1ed1-4088-9c4b-52f8ff18d069/1/3qhfIWaKmNfoGnQYPwzOUTCGYBs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:3f:03:9f:f4:bb:e7:43:63:b7:b9:1d:16:41:b3:0f:15:80:
         1d:85:b4:b7:e3:da:14:91:0f:b4:c9:0e:20:61:00:ac:e4:c8:
         70:b8:fb:9d:6a:6d:d6:2b:52:e6:b5:03:c7:0d:4a:8e:75:54:
         7b:b2:5b:f2:21:6c:68:b4:c4:56:7b:6d:cc:93:94:59:6d:1d:
         68:3c:fc:0d:3a:b1:be:02:27:68:91:33:76:52:be:f3:54:87:
         8d:94:90:9b:2c:c8:41:11:c3:05:b1:6b:f6:25:a0:07:ef:f3:
         f3:cb:42:f9:1a:30:0d:4b:24:89:10:17:04:79:8f:55:df:6a:
         62:04:3d:5f:24:25:70:c0:02:b2:12:74:a9:e8:16:95:9f:15:
         d1:37:5a:ed:3a:5e:35:0d:97:63:32:d9:3c:7e:97:4d:8d:0a:
         19:bb:46:f0:09:9a:63:8e:cd:b6:1f:87:53:7b:da:c7:c4:db:
         3c:27:31:b7:70:a3:88:83:0c:64:14:9e:4e:f3:9a:0c:05:9e:
         90:22:53:97:e3:05:14:ac:c2:8c:b4:9a:78:b8:d6:c9:70:fa:
         f5:71:44:6f:7d:f5:51:8f:12:2a:ac:4f:95:d8:d9:23:fb:25:
         0d:83:6a:ed:ef:c6:74:06:d3:0b:27:5d:ba:94:c3:da:67:4f:
         e7:2d:01:fb
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAY2IKrdiwIAABBpGYsTJWNB4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMjA4MTAwMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWE4NWYyMTY2OGE5OGQ3ZTgxYTc0MTgzZjBjY2U1MTMwODY2MDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZzpX4GcjJYfcoR25x3Em9Bx1n+4
XXu5cOHzo3UbKNGMs/L2o94kSd5OycyZ1GS8HrAs/vcTphQqOJD/uHNbV/gsOtjC
uEYDx5z3nlKDO/3x5dA/xATD2xMOLMBktOQwkySWA1XfGwDYTXVCIqHN/7tpDr4W
R8dAiVZi4SLzC3+rGE5XCc968X4EqPTMMGKE3LvUnLmbvGnFBDz147TEN6v1j1ZB
6+PiMxtFH/IDk9bNnjz6001szmsBkZVcVZB8LuJDXhV4rVXuuNC24aLHuVbwFXoc
Fuuu0XqrL2OIPF2tSu7iBgO0th7zryTEqhh3DXAJXz8AwvCGPaIBXi9aQQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFN6oXyFmipjX6Bp0GD8MzlEwhmAbMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzAzLzk0OWRh
YS0xZWQxLTQwODgtOWM0Yi01MmY4ZmYxOGQwNjkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMvOTQ5ZGFh
LTFlZDEtNDA4OC05YzRiLTUyZjhmZjE4ZDA2OS8xLzNxaGZJV2FLbU5mb0duUVlQ
d3pPVVRDR1lCcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwSQwMA0GCSqGSIb3DQEBCwUAA4IBAQAJPwOf
9LvnQ2O3uR0WQbMPFYAdhbS349oUkQ+0yQ4gYQCs5MhwuPudam3WK1LmtQPHDUqO
dVR7slvyIWxotMRWe23Mk5RZbR1oPPwNOrG+AidokTN2Ur7zVIeNlJCbLMhBEcMF
sWv2JaAH7/Pzy0L5GjANSySJEBcEeY9V32piBD1fJCVwwAKyEnSp6BaVnxXRN1rt
Ol41DZdjMtk8fpdNjQoZu0bwCZpjjs22H4dTe9rHxNs8JzG3cKOIgwxkFJ5O85oM
BZ6QIlOX4wUUrMKMtJp4uNbJcPr1cURvffVRjxIqrE+V2Nkj+yUNg2rt78Z0BtML
J126lMPaZ0/nLQH7
-----END CERTIFICATE-----