Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5hV1KKnM6SUY82vwqBt5AaZQrpQ.cer
File:                     5hV1KKnM6SUY82vwqBt5AaZQrpQ.cer (raw, json)
Hash identifier:          rN1ocRwWJ7Ynj+sQmmm4O8Y61Y3KDbQU5zibhOpRj38=
Subject key identifier:   E6:15:75:28:A9:CC:E9:25:18:F3:6B:F0:A8:1B:79:01:A6:50:AE:94
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2B275C2C520F2DF26F222817DF3967
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6d/eb8484-893f-400d-9081-7d1b2d9a2405/1/5hV1KKnM6SUY82vwqBt5AaZQrpQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6d/eb8484-893f-400d-9081-7d1b2d9a2405/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:34:34 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 194.0.197.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Apr 2024 17:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:27:5c:2c:52:0f:2d:f2:6f:22:28:17:df:39:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:34:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6157528a9cce92518f36bf0a81b7901a650ae94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:a2:9a:02:70:3b:e5:65:4b:e7:43:96:55:c5:
                    53:65:e8:57:95:76:60:46:3f:5e:e9:b1:46:94:fe:
                    9d:98:7e:f2:2b:d9:f3:37:b8:4a:19:f0:9c:04:c1:
                    08:c7:6c:67:19:08:9e:08:41:04:30:5d:4e:f4:d3:
                    83:b0:05:1a:c2:28:9e:8e:bc:0e:56:2f:e6:7a:90:
                    c9:69:20:37:ca:0c:eb:85:b5:cc:df:1c:12:1f:2a:
                    14:57:dc:f4:07:31:b5:05:b7:b7:83:7e:22:7e:04:
                    53:a8:36:d1:37:f0:ea:34:25:be:ff:c4:f8:78:1c:
                    01:a8:ec:f5:b6:80:48:c1:b1:a4:9e:36:67:71:78:
                    b9:02:af:df:8c:f4:e8:ae:e0:fa:28:7a:97:2a:38:
                    61:16:23:f0:e8:46:f8:1b:53:f7:80:0b:7a:91:07:
                    df:3d:b4:ab:74:35:fc:19:a7:28:4a:4b:20:53:fd:
                    c8:f3:20:e8:42:47:37:f7:64:f0:93:f1:ff:ed:42:
                    55:76:ed:45:61:1e:0a:a9:55:60:ff:e8:a8:1a:a8:
                    b4:72:65:c0:11:5a:d0:e0:8e:62:03:fd:3c:e5:3e:
                    e7:af:89:a7:7b:de:2f:5c:ce:7b:0c:8e:e5:5d:05:
                    94:b4:75:13:72:7c:e6:ce:07:07:71:65:bd:68:e9:
                    8e:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:15:75:28:A9:CC:E9:25:18:F3:6B:F0:A8:1B:79:01:A6:50:AE:94
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/eb8484-893f-400d-9081-7d1b2d9a2405/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/eb8484-893f-400d-9081-7d1b2d9a2405/1/5hV1KKnM6SUY82vwqBt5AaZQrpQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:fa:70:8c:fd:d2:30:50:5e:a5:38:f2:d9:08:28:84:fa:fa:
         ad:c2:13:ea:62:d6:6b:d7:72:30:c4:72:93:6e:5e:10:f1:34:
         c4:e2:b3:84:df:4f:93:cb:cc:d2:d0:37:29:0c:92:3b:de:bd:
         0b:6f:7a:2a:6e:a3:10:1a:23:56:3d:54:a5:1e:90:e3:bb:02:
         b3:6a:93:65:e4:f2:8b:22:f4:68:7a:f1:0d:2c:cc:db:bc:9c:
         28:91:98:40:37:85:fb:9f:3d:66:fe:ed:9a:7e:05:2b:f1:51:
         65:9e:fa:3d:9f:0f:39:eb:72:f2:63:e1:8b:3f:cf:7a:ee:e5:
         5f:fc:d0:b9:e6:6d:d9:5d:eb:e0:68:37:ef:4e:9b:7d:cb:bc:
         73:f2:ae:28:e6:88:5a:2e:30:36:22:8b:bd:d9:6f:9e:ee:41:
         36:a8:4c:a6:5f:69:46:30:0a:00:d8:6d:9d:fc:fb:ff:eb:c3:
         14:9a:c9:ed:b9:5c:4d:7d:ea:76:20:28:d3:4c:4d:5b:70:c8:
         3b:c1:26:ab:97:51:6e:45:b0:80:56:d4:66:ec:f7:ab:56:55:
         23:e0:27:25:5a:4e:e9:89:f4:c4:08:22:b1:ef:50:e9:3a:e6:
         f6:10:91:99:4f:de:b7:d3:93:12:a1:c6:3a:4a:e1:3c:32:bb:
         bd:1e:2f:cd
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzKKydcLFIPLfJvIigX3zlnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjE1NzUyOGE5Y2NlOTI1MThmMzZiZjBhODFiNzkwMWE2NTBhZTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoaKaAnA75WVL50OWVcVTZehXlXZg
Rj9e6bFGlP6dmH7yK9nzN7hKGfCcBMEIx2xnGQieCEEEMF1O9NODsAUawiiejrwO
Vi/mepDJaSA3ygzrhbXM3xwSHyoUV9z0BzG1Bbe3g34ifgRTqDbRN/DqNCW+/8T4
eBwBqOz1toBIwbGknjZncXi5Aq/fjPToruD6KHqXKjhhFiPw6Eb4G1P3gAt6kQff
PbSrdDX8GacoSksgU/3I8yDoQkc392Twk/H/7UJVdu1FYR4KqVVg/+ioGqi0cmXA
EVrQ4I5iA/085T7nr4mne94vXM57DI7lXQWUtHUTcnzmzgcHcWW9aOmOcwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFOYVdSipzOklGPNr8KgbeQGmUK6UMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZkL2ViODQ4
NC04OTNmLTQwMGQtOTA4MS03ZDFiMmQ5YTI0MDUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmQvZWI4NDg0
LTg5M2YtNDAwZC05MDgxLTdkMWIyZDlhMjQwNS8xLzVoVjFLS25NNlNVWTgydndx
QnQ1QWFaUXJwUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwgDFMA0GCSqGSIb3DQEBCwUAA4IBAQA6+nCM
/dIwUF6lOPLZCCiE+vqtwhPqYtZr13IwxHKTbl4Q8TTE4rOE30+Ty8zS0DcpDJI7
3r0Lb3oqbqMQGiNWPVSlHpDjuwKzapNl5PKLIvRoevENLMzbvJwokZhAN4X7nz1m
/u2afgUr8VFlnvo9nw8563LyY+GLP8967uVf/NC55m3ZXevgaDfvTpt9y7xz8q4o
5ohaLjA2Iou92W+e7kE2qEymX2lGMAoA2G2d/Pv/68MUmsntuVxNfep2ICjTTE1b
cMg7wSarl1FuRbCAVtRm7PerVlUj4CclWk7pifTECCKx71DpOub2EJGZT96305MS
ocY6SuE8Mru9Hi/N
-----END CERTIFICATE-----