Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4XoaYiSN-HkTPAc61WKtA6K5L9w.cer
File:                     4XoaYiSN-HkTPAc61WKtA6K5L9w.cer (raw, json)
Hash identifier:          8HuyJ150qd4vHqiGXjTgtyRfVmFphaGgovSMSrXY4AE=
Subject key identifier:   E1:7A:1A:62:24:8D:F8:79:13:3C:07:3A:D5:62:AD:03:A2:B9:2F:DC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5012782261C12E87A1895DEA337F659
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ab/130fff-97e3-4ac0-bdcd-5fdc87e6d2a0/1/4XoaYiSN-HkTPAc61WKtA6K5L9w.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ab/130fff-97e3-4ac0-bdcd-5fdc87e6d2a0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:30:36 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 2001:67c:1770::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 25 Apr 2024 23:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:27:82:26:1c:12:e8:7a:18:95:de:a3:37:f6:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e17a1a62248df879133c073ad562ad03a2b92fdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b0:03:7b:06:c0:a7:4f:5b:3e:e8:37:10:81:
                    9d:1a:ff:6c:0c:be:1a:aa:f5:39:b3:12:50:f0:15:
                    e6:29:15:87:b7:14:34:56:6b:9d:1e:7e:fc:38:43:
                    c7:f3:49:94:fe:d0:86:a7:15:66:96:d1:4c:74:2e:
                    04:14:3d:09:a3:0b:c2:3b:4b:dc:41:37:27:ea:1b:
                    e0:f0:61:cd:b1:9f:ef:68:3f:05:c5:a2:5a:4d:8f:
                    90:ee:55:4b:3f:5e:39:fb:88:13:dd:b6:10:04:50:
                    5d:e9:51:d4:3f:a3:5f:ce:c8:b5:86:0f:6c:88:73:
                    6e:1d:f6:b8:ad:ad:34:98:44:ae:3e:a7:f1:6c:5d:
                    2f:3f:f0:13:20:2d:ee:af:54:13:30:e5:5d:b7:01:
                    9d:c0:0d:45:a4:76:45:29:0f:ea:d6:a1:58:b8:5b:
                    3f:5a:b1:a5:1b:1d:2c:5c:d2:2b:8a:0d:05:fc:2e:
                    f0:6e:e9:63:48:d5:88:fb:ed:dc:fe:bf:03:ac:ad:
                    c0:ed:ff:67:96:16:5e:f9:53:28:dc:47:71:8a:a1:
                    f6:71:e0:a7:d8:73:60:24:7c:14:52:fc:88:ff:6e:
                    34:c8:e1:c1:b7:5b:22:ff:85:43:54:20:80:f1:7c:
                    32:54:97:8d:f2:fd:85:b3:06:39:16:79:fe:c3:7d:
                    b5:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:7A:1A:62:24:8D:F8:79:13:3C:07:3A:D5:62:AD:03:A2:B9:2F:DC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/130fff-97e3-4ac0-bdcd-5fdc87e6d2a0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/130fff-97e3-4ac0-bdcd-5fdc87e6d2a0/1/4XoaYiSN-HkTPAc61WKtA6K5L9w.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1770::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:4b:c5:86:e9:d9:7c:2b:a3:fd:73:e1:1a:da:e5:97:fa:8a:
         7c:70:2f:c9:b0:3d:8e:e4:d4:b3:cd:39:2e:5b:65:b9:4d:fc:
         3f:c7:a3:7e:cc:3e:8a:04:2f:6e:25:6a:a5:33:b1:a9:ae:e0:
         ae:d0:a5:3b:61:c6:c6:28:2b:f6:fd:c5:8d:66:cc:c3:9b:9b:
         f5:42:c7:51:b4:ea:d0:55:05:a4:f5:eb:82:73:f8:9e:48:12:
         41:1c:02:4a:05:a2:8b:b4:b7:88:54:99:85:4b:06:58:6a:22:
         18:85:db:0d:49:6f:3d:96:cf:cd:4a:95:97:09:fe:d7:1e:98:
         57:49:68:ea:59:a4:a4:99:1d:23:6c:ac:d0:9f:ce:64:58:44:
         51:cb:5b:29:7e:1c:4f:b1:9c:60:53:6b:18:fd:cf:f7:f5:d2:
         7d:b0:d9:a3:49:6c:37:c1:c1:5b:fe:cf:d7:07:bf:4a:1e:2c:
         09:41:9a:07:cc:e2:40:65:68:03:4f:08:db:cf:b8:e5:28:a6:
         e2:26:c3:52:9b:60:98:6b:f9:42:ce:7d:a9:d9:2e:25:01:26:
         e9:d1:96:ff:20:f3:bb:66:b4:a8:2e:4f:29:0a:72:d0:f6:61:
         1d:92:8e:72:da:e1:53:79:b0:72:28:98:e7:4e:c3:10:1d:70:
         61:69:19:bd
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgISAYzFASeCJhwS6HoYld6jN/ZZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTdhMWE2MjI0OGRmODc5MTMzYzA3M2FkNTYyYWQwM2EyYjkyZmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLADewbAp09bPug3EIGdGv9sDL4a
qvU5sxJQ8BXmKRWHtxQ0VmudHn78OEPH80mU/tCGpxVmltFMdC4EFD0JowvCO0vc
QTcn6hvg8GHNsZ/vaD8FxaJaTY+Q7lVLP145+4gT3bYQBFBd6VHUP6Nfzsi1hg9s
iHNuHfa4ra00mESuPqfxbF0vP/ATIC3ur1QTMOVdtwGdwA1FpHZFKQ/q1qFYuFs/
WrGlGx0sXNIrig0F/C7wbuljSNWI++3c/r8DrK3A7f9nlhZe+VMo3EdxiqH2ceCn
2HNgJHwUUvyI/240yOHBt1si/4VDVCCA8XwyVJeN8v2FswY5Fnn+w321ZQIDAQAB
o4IChzCCAoMwHQYDVR0OBBYEFOF6GmIkjfh5EzwHOtVirQOiuS/cMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2FiLzEzMGZm
Zi05N2UzLTRhYzAtYmRjZC01ZmRjODdlNmQyYTAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWIvMTMwZmZm
LTk3ZTMtNGFjMC1iZGNkLTVmZGM4N2U2ZDJhMC8xLzRYb2FZaVNOLUhrVFBBYzYx
V0t0QTZLNUw5dy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBdwMA0GCSqGSIb3DQEBCwUAA4IBAQAD
S8WG6dl8K6P9c+Ea2uWX+op8cC/JsD2O5NSzzTkuW2W5Tfw/x6N+zD6KBC9uJWql
M7GpruCu0KU7YcbGKCv2/cWNZszDm5v1QsdRtOrQVQWk9euCc/ieSBJBHAJKBaKL
tLeIVJmFSwZYaiIYhdsNSW89ls/NSpWXCf7XHphXSWjqWaSkmR0jbKzQn85kWERR
y1spfhxPsZxgU2sY/c/39dJ9sNmjSWw3wcFb/s/XB79KHiwJQZoHzOJAZWgDTwjb
z7jlKKbiJsNSm2CYa/lCzn2p2S4lASbp0Zb/IPO7ZrSoLk8pCnLQ9mEdko5y2uFT
ebByKJjnTsMQHXBhaRm9
-----END CERTIFICATE-----