Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c949fM57nd9p0khCpbs7Za38uc.cer
File:                     5c949fM57nd9p0khCpbs7Za38uc.cer (raw, json)
Hash identifier:          9osS2XEMjkavrys2S78JTZQfhpfxqlKOrWOs3luOtGo=
Subject key identifier:   E5:CF:78:F5:F3:39:EE:77:7D:A7:49:21:0A:96:EC:ED:96:B7:F2:E7
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B6F37616A11C3AE2FA6D9A99CE86DE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b4/c4bd95-c670-490d-8cc0-b7dc83706a2a/1/5c949fM57nd9p0khCpbs7Za38uc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b4/c4bd95-c670-490d-8cc0-b7dc83706a2a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:29:56 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.80.188.0/22
                          IP: 2a05:7f00::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 24 Apr 2024 17:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:f3:76:16:a1:1c:3a:e2:fa:6d:9a:99:ce:86:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5cf78f5f339ee777da749210a96eced96b7f2e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:53:cd:07:f1:ce:31:fc:42:e3:34:6e:85:6a:
                    83:fd:bf:30:12:42:09:f1:0d:d5:36:6b:ed:7f:44:
                    8e:a3:be:3e:83:3b:3f:b4:d3:50:d5:9c:17:6f:e6:
                    b8:38:a1:05:6b:a5:03:7d:a1:65:8e:ee:01:9e:ba:
                    6e:95:ea:f4:66:63:53:ed:99:4a:f1:0c:26:30:2b:
                    8b:b4:37:2c:3e:f0:5a:12:f5:b3:e7:62:ab:b6:7e:
                    6a:07:1a:e6:9f:11:d9:ad:77:73:98:bf:7c:21:f8:
                    47:52:2d:0b:a7:d8:f9:a5:89:03:ec:08:60:5f:34:
                    cf:51:d4:17:9d:07:46:8f:20:b3:1f:15:cc:fc:cb:
                    fb:68:87:11:f7:70:0e:76:b6:81:4c:fc:18:67:5b:
                    27:93:57:c0:6b:00:a0:1c:fb:5b:69:2c:82:fd:34:
                    e4:61:c6:a7:d2:4c:e0:d9:d1:fe:5b:83:7f:12:18:
                    d1:8e:31:3a:37:e2:bb:5a:48:bd:5e:b6:1c:18:39:
                    89:9c:ab:5c:c6:d8:63:f0:2f:b6:b3:e9:f3:d8:1a:
                    05:74:b8:bf:5a:5e:42:41:88:13:3f:1a:58:23:a8:
                    60:e8:5e:e3:fc:6b:2a:c6:94:d0:d7:71:df:1c:23:
                    f8:c5:df:1d:d2:ba:0f:10:0e:d7:85:38:3c:e6:14:
                    3d:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:CF:78:F5:F3:39:EE:77:7D:A7:49:21:0A:96:EC:ED:96:B7:F2:E7
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/c4bd95-c670-490d-8cc0-b7dc83706a2a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/c4bd95-c670-490d-8cc0-b7dc83706a2a/1/5c949fM57nd9p0khCpbs7Za38uc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.80.188.0/22
                IPv6:
                  2a05:7f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         49:bb:55:4c:80:92:89:54:ab:27:b8:f1:94:bc:86:db:4f:bb:
         e5:f2:52:fe:36:86:a2:16:e0:a9:af:80:88:5c:1c:c2:b7:fb:
         fc:d1:77:56:68:0f:3d:c7:75:ce:77:5f:7f:2a:d7:df:33:a0:
         1f:30:cb:93:92:cf:fb:b4:70:8d:b6:7f:c4:ad:fe:d9:31:a1:
         ce:f8:c4:8b:1a:62:9b:56:7e:9d:6d:39:fe:2c:8c:13:83:9d:
         10:83:52:ca:5d:30:a9:18:d8:42:6c:81:3e:19:02:72:9a:6b:
         48:89:2b:8a:f7:f0:a7:ff:24:a7:cf:fe:37:c3:73:e9:bc:73:
         19:17:06:53:06:3e:ab:b3:0a:f2:35:5b:95:28:8c:56:9c:7e:
         5e:2b:06:49:cb:e0:95:46:4f:a4:f1:81:62:f8:0f:4b:22:fd:
         ff:4a:39:48:07:53:9e:cf:10:8a:a7:0a:00:0f:a1:ae:1c:e2:
         db:1b:6a:59:9e:f0:ee:10:5e:01:f1:07:f8:29:36:a5:01:ec:
         cf:06:7b:25:ea:7d:3d:7b:4e:be:22:c6:f6:2f:67:e1:cf:cc:
         47:36:9b:c8:9d:34:53:03:fc:f4:47:4e:a5:e4:51:5f:68:59:
         d6:23:ac:44:4f:ba:ce:9d:1f:64:60:8d:cf:e3:78:0e:f6:4a:
         70:66:f0:66
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzDtvN2FqEcOuL6bZqZzobeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWNmNzhmNWYzMzllZTc3N2RhNzQ5MjEwYTk2ZWNlZDk2YjdmMmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFPNB/HOMfxC4zRuhWqD/b8wEkIJ
8Q3VNmvtf0SOo74+gzs/tNNQ1ZwXb+a4OKEFa6UDfaFlju4Bnrpuler0ZmNT7ZlK
8QwmMCuLtDcsPvBaEvWz52Krtn5qBxrmnxHZrXdzmL98IfhHUi0Lp9j5pYkD7Ahg
XzTPUdQXnQdGjyCzHxXM/Mv7aIcR93AOdraBTPwYZ1snk1fAawCgHPtbaSyC/TTk
Ycan0kzg2dH+W4N/EhjRjjE6N+K7Wki9XrYcGDmJnKtcxthj8C+2s+nz2BoFdLi/
Wl5CQYgTPxpYI6hg6F7j/GsqxpTQ13HfHCP4xd8d0roPEA7XhTg85hQ9RQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFOXPePXzOe53fadJIQqW7O2Wt/LnMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2I0L2M0YmQ5
NS1jNjcwLTQ5MGQtOGNjMC1iN2RjODM3MDZhMmEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjQvYzRiZDk1
LWM2NzAtNDkwZC04Y2MwLWI3ZGM4MzcwNmEyYS8xLzVjOTQ5Zk01N25kOXAwa2hD
cGJzN1phMzh1Yy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuVC8MA0EAgACMAcDBQMqBX8AMA0GCSqGSIb3
DQEBCwUAA4IBAQBJu1VMgJKJVKsnuPGUvIbbT7vl8lL+NoaiFuCpr4CIXBzCt/v8
0XdWaA89x3XOd19/KtffM6AfMMuTks/7tHCNtn/Erf7ZMaHO+MSLGmKbVn6dbTn+
LIwTg50Qg1LKXTCpGNhCbIE+GQJymmtIiSuK9/Cn/ySnz/43w3PpvHMZFwZTBj6r
swryNVuVKIxWnH5eKwZJy+CVRk+k8YFi+A9LIv3/SjlIB1OezxCKpwoAD6GuHOLb
G2pZnvDuEF4B8Qf4KTalAezPBnsl6n09e06+Isb2L2fhz8xHNpvInTRTA/z0R06l
5FFfaFnWI6xET7rOnR9kYI3P43gO9kpwZvBm
-----END CERTIFICATE-----