Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58OrlrdMKsTwSuYqt-gs3xmI7UA.cer
File:                     58OrlrdMKsTwSuYqt-gs3xmI7UA.cer (raw, json)
Hash identifier:          QEQux53KjGcCxhrE3Bbmu/AQKDQ2S5SUmA1w/HwiaOs=
Subject key identifier:   E7:C3:AB:96:B7:4C:2A:C4:F0:4A:E6:2A:B7:E8:2C:DF:19:88:ED:40
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC6B91B0AF86B0DC5BFADCAAF661FCB5C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/5d/e7d974-e258-41fe-880a-4ec2d94e2ede/1/58OrlrdMKsTwSuYqt-gs3xmI7UA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/5d/e7d974-e258-41fe-880a-4ec2d94e2ede/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 20:31:09 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.228.186.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:1b:0a:f8:6b:0d:c5:bf:ad:ca:af:66:1f:cb:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7c3ab96b74c2ac4f04ae62ab7e82cdf1988ed40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:54:7e:ab:0d:12:d2:ac:2b:cb:b4:fd:53:a2:
                    68:71:98:07:c6:f3:42:d1:5d:b5:cd:6c:b8:88:73:
                    61:db:5c:cd:12:24:0c:ee:2f:ef:5c:fc:1f:51:34:
                    3b:97:f1:b3:ce:b3:a6:2d:fa:05:90:20:38:e1:0e:
                    b0:48:43:e8:51:c0:4d:68:e4:ea:e3:8a:cb:d1:81:
                    c2:99:f1:2b:8c:81:fa:00:e9:9f:89:a1:0f:7b:d9:
                    41:7b:4c:0c:88:69:b0:d7:fa:af:08:d2:76:e3:59:
                    86:bb:1f:af:d3:5a:dd:48:6b:93:8c:06:01:7b:7f:
                    14:0e:7f:21:f3:82:b5:f7:ec:e0:6c:ee:6e:1b:31:
                    7e:db:fa:fc:4d:aa:f0:0b:83:2d:08:89:47:1f:73:
                    21:05:de:6c:49:b4:bd:a9:35:dc:ee:65:0f:55:c6:
                    c8:6e:4b:1f:1b:64:3d:09:23:96:52:f9:78:70:ad:
                    54:db:a4:83:ac:ef:b1:ad:50:47:68:1f:c4:07:d1:
                    cb:da:76:17:13:04:1c:67:1a:f4:43:81:b5:07:aa:
                    83:ea:fc:bf:1a:15:92:32:d4:01:7a:8e:61:7d:5f:
                    8a:9e:4e:4c:ad:a3:07:23:a8:1a:0e:03:03:5f:79:
                    4c:81:d2:53:ee:8c:ec:0c:7a:3b:23:41:e7:49:42:
                    f8:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:C3:AB:96:B7:4C:2A:C4:F0:4A:E6:2A:B7:E8:2C:DF:19:88:ED:40
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/e7d974-e258-41fe-880a-4ec2d94e2ede/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/e7d974-e258-41fe-880a-4ec2d94e2ede/1/58OrlrdMKsTwSuYqt-gs3xmI7UA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:fb:f5:98:c8:96:cf:4a:17:30:6a:af:2e:86:56:2e:19:04:
         f3:1a:4d:43:cf:84:b5:b8:04:1a:4c:96:ee:aa:94:80:46:21:
         a5:e8:b7:d7:c5:96:03:b1:9c:63:4f:75:ad:f6:6b:f8:02:f9:
         da:4c:d8:d7:54:22:5d:2e:64:f1:cd:23:e6:20:2f:8e:b0:15:
         d1:21:46:72:ed:30:e6:35:52:ab:9c:f5:9f:03:9b:c4:c2:bc:
         36:bd:b4:9a:c9:a2:1b:29:2e:27:af:27:d1:6e:90:a5:9d:11:
         72:c8:3b:3c:59:a1:8e:59:d8:75:3d:ec:65:72:44:f2:8e:fc:
         d7:38:b7:47:c2:9a:15:02:0e:96:03:b7:8b:fb:1e:0e:5c:f1:
         3f:43:d8:bd:d3:2b:a0:97:57:56:fd:6a:08:1c:f5:7e:46:db:
         0e:0a:bb:19:54:ce:90:d9:71:9f:50:f0:80:f8:f1:6e:6f:52:
         4d:d5:94:85:22:c9:96:47:be:46:44:b1:56:90:ee:e6:c4:f4:
         5a:41:83:31:fc:38:79:2b:26:45:07:9a:84:85:65:2b:a8:39:
         ef:aa:70:de:cb:75:b2:a8:ff:3d:c5:ba:6a:e6:7d:3b:2f:d1:
         0b:9a:11:e5:08:88:9a:d0:47:70:a4:a2:74:2a:d2:1b:ad:a0:
         5e:d1:b0:84
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzGuRsK+GsNxb+tyq9mH8tcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjAzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2MzYWI5NmI3NGMyYWM0ZjA0YWU2MmFiN2U4MmNkZjE5ODhlZDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlFR+qw0S0qwry7T9U6JocZgHxvNC
0V21zWy4iHNh21zNEiQM7i/vXPwfUTQ7l/GzzrOmLfoFkCA44Q6wSEPoUcBNaOTq
44rL0YHCmfErjIH6AOmfiaEPe9lBe0wMiGmw1/qvCNJ241mGux+v01rdSGuTjAYB
e38UDn8h84K19+zgbO5uGzF+2/r8TarwC4MtCIlHH3MhBd5sSbS9qTXc7mUPVcbI
bksfG2Q9CSOWUvl4cK1U26SDrO+xrVBHaB/EB9HL2nYXEwQcZxr0Q4G1B6qD6vy/
GhWSMtQBeo5hfV+Knk5MraMHI6gaDgMDX3lMgdJT7ozsDHo7I0HnSUL4fwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFOfDq5a3TCrE8ErmKrfoLN8ZiO1AMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVkL2U3ZDk3
NC1lMjU4LTQxZmUtODgwYS00ZWMyZDk0ZTJlZGUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWQvZTdkOTc0
LWUyNTgtNDFmZS04ODBhLTRlYzJkOTRlMmVkZS8xLzU4T3JscmRNS3NUd1N1WXF0
LWdzM3htSTdVQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW+S6MA0GCSqGSIb3DQEBCwUAA4IBAQBk+/WY
yJbPShcwaq8uhlYuGQTzGk1Dz4S1uAQaTJbuqpSARiGl6LfXxZYDsZxjT3Wt9mv4
AvnaTNjXVCJdLmTxzSPmIC+OsBXRIUZy7TDmNVKrnPWfA5vEwrw2vbSayaIbKS4n
ryfRbpClnRFyyDs8WaGOWdh1PexlckTyjvzXOLdHwpoVAg6WA7eL+x4OXPE/Q9i9
0yugl1dW/WoIHPV+RtsOCrsZVM6Q2XGfUPCA+PFub1JN1ZSFIsmWR75GRLFWkO7m
xPRaQYMx/Dh5KyZFB5qEhWUrqDnvqnDey3WyqP89xbpq5n07L9ELmhHlCIia0Edw
pKJ0KtIbraBe0bCE
-----END CERTIFICATE-----