Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53OfCEQuIkRmIbiaV2ObNUK6NNw.cer
File:                     53OfCEQuIkRmIbiaV2ObNUK6NNw.cer (raw, json)
Hash identifier:          mM+sdiWwUh7wTSclAM3XW7Sua6JvKV8lOhATMhhE7xo=
Subject key identifier:   E7:73:9F:08:44:2E:22:44:66:21:B8:9A:57:63:9B:35:42:BA:34:DC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01905B7364F241486CB7EEAA13270B98CBC1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/02/e20d59-4454-4ec8-9677-5f2bf22e189d/1/53OfCEQuIkRmIbiaV2ObNUK6NNw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/02/e20d59-4454-4ec8-9677-5f2bf22e189d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 27 Jun 2024 20:46:47 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 194.5.62.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5b:73:64:f2:41:48:6c:b7:ee:aa:13:27:0b:98:cb:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jun 27 20:46:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7739f08442e22446621b89a57639b3542ba34dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:7e:87:59:73:62:92:55:56:fe:ac:17:8e:61:
                    91:a8:14:e5:cc:71:59:91:cc:b8:1b:c9:7b:26:52:
                    32:dc:14:7d:5d:53:49:de:77:26:8e:11:3e:f4:a8:
                    7b:e3:96:5e:69:87:70:74:be:3e:59:7d:f5:a2:4f:
                    74:11:ce:d5:ec:65:a5:5d:df:e9:9e:e9:9e:f5:a0:
                    d4:94:a7:b0:d3:0c:db:5b:02:14:14:38:6a:0d:30:
                    34:ea:44:e8:15:19:95:ef:28:71:b2:3e:e7:03:24:
                    67:73:a3:19:3d:0c:50:26:dd:62:a3:7a:ec:21:b6:
                    d0:ba:e7:b4:a7:71:06:21:33:7d:76:a2:5e:3c:a3:
                    22:f9:09:06:ba:41:8d:b3:00:a5:dc:0b:8e:ad:e7:
                    ad:36:3a:8b:6e:cd:3e:cf:82:23:f6:75:d6:00:2e:
                    c2:e1:09:de:d6:a9:d7:19:60:f4:c0:42:99:8e:ac:
                    78:24:64:29:99:a9:f8:05:81:fc:3c:c1:e6:4a:d3:
                    7f:2b:81:f2:ff:5a:9c:d5:09:38:bd:25:d2:66:7b:
                    57:79:24:d2:3c:0d:6a:b1:8b:16:5d:be:4a:a2:95:
                    68:b1:53:04:a6:50:e2:49:ba:05:ec:2e:9d:54:86:
                    7d:3d:2b:41:13:b9:17:ac:4a:f4:1b:54:50:4b:f9:
                    9c:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:73:9F:08:44:2E:22:44:66:21:B8:9A:57:63:9B:35:42:BA:34:DC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/e20d59-4454-4ec8-9677-5f2bf22e189d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/e20d59-4454-4ec8-9677-5f2bf22e189d/1/53OfCEQuIkRmIbiaV2ObNUK6NNw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:bb:7d:76:41:c7:6e:81:21:92:23:c4:f6:72:b3:a5:20:25:
         c4:ca:a5:00:c3:82:a3:e9:77:3a:b4:2f:dd:a4:30:74:e4:2b:
         4f:6f:4c:6a:4e:c3:d2:3b:99:9c:30:41:56:50:6c:f5:5c:97:
         55:0c:fc:77:ca:51:c0:27:5b:e4:69:9c:50:89:ef:d4:21:7b:
         b6:b9:21:9f:74:c7:12:3c:dc:59:ec:b2:23:f0:96:37:2d:03:
         b7:b3:04:d3:67:5a:d4:58:77:dc:1a:70:82:59:d5:71:c1:cc:
         20:2a:8f:96:70:9d:a5:0c:5c:23:6f:6b:87:17:a8:3e:eb:db:
         db:c2:37:0a:be:0b:22:7b:7e:e0:65:a0:75:00:9a:d3:68:73:
         3f:47:47:fa:2b:5e:9c:a0:b1:cd:f3:13:81:aa:c1:14:4b:b0:
         8b:a6:23:33:7c:ff:a3:8f:3f:a5:34:8b:d2:f2:d4:09:3e:d2:
         49:eb:7c:92:30:cd:c9:0e:d1:72:e0:da:9e:5b:67:f8:a9:4b:
         6d:6b:35:77:62:e2:7d:3a:ba:99:13:0e:7f:ea:aa:f3:a4:0c:
         02:d7:a0:ea:df:7a:6c:7b:77:ab:8d:26:5c:87:91:4d:0a:00:
         25:9a:b6:51:5b:2f:7a:07:f7:93:dd:be:08:55:28:c8:5f:fd:
         fa:c4:9b:8c
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZBbc2TyQUhst+6qEycLmMvBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNjI3MjA0NjQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzczOWYwODQ0MmUyMjQ0NjYyMWI4OWE1NzYzOWIzNTQyYmEzNGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApn6HWXNiklVW/qwXjmGRqBTlzHFZ
kcy4G8l7JlIy3BR9XVNJ3ncmjhE+9Kh745ZeaYdwdL4+WX31ok90Ec7V7GWlXd/p
nume9aDUlKew0wzbWwIUFDhqDTA06kToFRmV7yhxsj7nAyRnc6MZPQxQJt1io3rs
IbbQuue0p3EGITN9dqJePKMi+QkGukGNswCl3AuOreetNjqLbs0+z4Ij9nXWAC7C
4Qne1qnXGWD0wEKZjqx4JGQpman4BYH8PMHmStN/K4Hy/1qc1Qk4vSXSZntXeSTS
PA1qsYsWXb5KopVosVMEplDiSboF7C6dVIZ9PStBE7kXrEr0G1RQS/mc3QIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFOdznwhELiJEZiG4mldjmzVCujTcMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzAyL2UyMGQ1
OS00NDU0LTRlYzgtOTY3Ny01ZjJiZjIyZTE4OWQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDIvZTIwZDU5
LTQ0NTQtNGVjOC05Njc3LTVmMmJmMjJlMTg5ZC8xLzUzT2ZDRVF1SWtSbUliaWFW
Mk9iTlVLNk5Ody5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwgU+MA0GCSqGSIb3DQEBCwUAA4IBAQAIu312
QcdugSGSI8T2crOlICXEyqUAw4Kj6Xc6tC/dpDB05CtPb0xqTsPSO5mcMEFWUGz1
XJdVDPx3ylHAJ1vkaZxQie/UIXu2uSGfdMcSPNxZ7LIj8JY3LQO3swTTZ1rUWHfc
GnCCWdVxwcwgKo+WcJ2lDFwjb2uHF6g+69vbwjcKvgsie37gZaB1AJrTaHM/R0f6
K16coLHN8xOBqsEUS7CLpiMzfP+jjz+lNIvS8tQJPtJJ63ySMM3JDtFy4NqeW2f4
qUttazV3YuJ9OrqZEw5/6qrzpAwC16Dq33pse3erjSZch5FNCgAlmrZRWy96B/eT
3b4IVSjIX/36xJuM
-----END CERTIFICATE-----