Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5iMpnuR7T2EtuQoU-V5AdnrgZlc.cer
File:                     5iMpnuR7T2EtuQoU-V5AdnrgZlc.cer (raw, json)
Hash identifier:          iZNpRETCLGWtvxjB2nEWg9X73RGFHA5zpdqwkuUFSbQ=
Subject key identifier:   E6:23:29:9E:E4:7B:4F:61:2D:B9:0A:14:F9:5E:40:76:7A:E0:66:57
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC94D5B85E7CC0A96A45278B9ECA19920
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c1/f37203-f172-459f-8315-82f25ac6887f/1/5iMpnuR7T2EtuQoU-V5AdnrgZlc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c1/f37203-f172-459f-8315-82f25ac6887f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 08:32:19 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 2001:67c:484::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:5b:85:e7:cc:0a:96:a4:52:78:b9:ec:a1:99:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:32:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e623299ee47b4f612db90a14f95e40767ae06657
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:ce:d9:26:6c:d5:44:5a:8e:c4:97:ff:ea:87:
                    80:ca:64:ac:25:0a:8e:41:db:45:38:9b:fd:f0:eb:
                    ac:87:a3:a5:06:5d:b2:7f:0b:a8:c3:66:25:6f:37:
                    0c:db:0d:af:fa:67:65:89:f0:e1:f3:09:23:f9:fb:
                    18:2b:26:6d:de:a0:e2:c3:c3:a4:c4:8f:35:29:fd:
                    de:31:ab:71:4a:da:31:fa:3a:81:25:2b:6b:a1:a7:
                    4e:2d:8d:2f:b9:ae:ea:5d:a1:94:6c:18:c6:81:e5:
                    b5:8f:1e:2d:5b:93:42:7e:d8:6b:73:ea:6c:82:21:
                    8e:01:45:5c:95:f5:30:14:aa:f3:7f:93:08:f8:76:
                    cc:78:73:c6:d7:d7:fd:69:f1:fe:8a:2a:bb:48:8c:
                    45:8f:c6:ae:95:0e:cf:27:54:aa:4f:e4:d3:df:67:
                    a3:f4:cc:c6:9a:96:0c:f9:3d:30:3e:3c:2c:7c:13:
                    58:35:26:b4:55:9c:34:1e:ea:3a:87:75:c1:16:3b:
                    dc:5a:6c:ec:e9:b7:a7:ef:6a:9d:e8:81:79:f9:a7:
                    f0:91:4e:5e:6a:fc:ed:66:4b:cd:14:86:a6:78:19:
                    26:a1:11:04:a1:f0:8c:57:34:74:50:53:91:be:e9:
                    17:a9:f4:a3:ca:17:a9:5f:ca:22:66:f4:64:94:16:
                    c5:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:23:29:9E:E4:7B:4F:61:2D:B9:0A:14:F9:5E:40:76:7A:E0:66:57
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/f37203-f172-459f-8315-82f25ac6887f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/f37203-f172-459f-8315-82f25ac6887f/1/5iMpnuR7T2EtuQoU-V5AdnrgZlc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:484::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:91:07:8c:6e:e2:b7:8f:da:69:22:2a:76:36:31:f5:22:ec:
         96:76:10:48:85:be:8d:64:de:7d:13:77:fd:1b:96:9e:26:15:
         bc:7a:c1:56:7f:4c:fb:84:f8:ca:1c:e1:0a:76:c2:cd:79:31:
         4e:ad:75:d4:1d:7a:ca:7d:36:13:37:4a:ee:3f:7b:1d:12:17:
         ba:f1:e6:1b:bb:40:14:03:be:51:cf:04:3a:c4:28:de:21:fe:
         63:73:f2:e3:ca:c8:a1:e2:ea:84:7b:09:97:7a:cd:de:ff:9d:
         1d:81:05:96:ce:0e:c2:1f:d0:ae:27:76:f6:3b:93:1b:9a:1f:
         e6:9b:d0:42:aa:02:62:80:e2:ff:16:68:70:3a:e2:f9:8f:94:
         4e:4f:12:29:0c:06:97:10:62:51:eb:49:52:08:91:17:d9:1a:
         36:70:36:b3:42:56:ca:f9:a0:bd:8c:62:40:33:2e:84:bd:9f:
         48:3b:4b:16:09:3e:95:e8:23:98:ac:75:3a:d7:10:07:29:47:
         a5:ad:2e:82:d5:fb:f4:74:34:a1:8b:65:12:39:46:17:01:13:
         85:47:72:35:70:d2:62:ec:25:38:19:4e:31:77:fe:f1:53:4c:
         97:e9:33:34:a7:03:32:c2:89:fd:b4:31:ae:10:93:30:c6:86:
         7b:49:2e:90
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgISAYzJTVuF58wKlqRSeLnsoZkgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDgzMjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjIzMjk5ZWU0N2I0ZjYxMmRiOTBhMTRmOTVlNDA3NjdhZTA2NjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1M7ZJmzVRFqOxJf/6oeAymSsJQqO
QdtFOJv98Oush6OlBl2yfwuow2YlbzcM2w2v+mdlifDh8wkj+fsYKyZt3qDiw8Ok
xI81Kf3eMatxStox+jqBJStroadOLY0vua7qXaGUbBjGgeW1jx4tW5NCfthrc+ps
giGOAUVclfUwFKrzf5MI+HbMeHPG19f9afH+iiq7SIxFj8aulQ7PJ1SqT+TT32ej
9MzGmpYM+T0wPjwsfBNYNSa0VZw0Huo6h3XBFjvcWmzs6ben72qd6IF5+afwkU5e
avztZkvNFIameBkmoREEofCMVzR0UFORvukXqfSjyhepX8oiZvRklBbFZQIDAQAB
o4IChzCCAoMwHQYDVR0OBBYEFOYjKZ7ke09hLbkKFPleQHZ64GZXMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MxL2YzNzIw
My1mMTcyLTQ1OWYtODMxNS04MmYyNWFjNjg4N2YvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzEvZjM3MjAz
LWYxNzItNDU5Zi04MzE1LTgyZjI1YWM2ODg3Zi8xLzVpTXBudVI3VDJFdHVRb1Ut
VjVBZG5yZ1psYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfASEMA0GCSqGSIb3DQEBCwUAA4IBAQAu
kQeMbuK3j9ppIip2NjH1IuyWdhBIhb6NZN59E3f9G5aeJhW8esFWf0z7hPjKHOEK
dsLNeTFOrXXUHXrKfTYTN0ruP3sdEhe68eYbu0AUA75RzwQ6xCjeIf5jc/Ljysih
4uqEewmXes3e/50dgQWWzg7CH9CuJ3b2O5Mbmh/mm9BCqgJigOL/FmhwOuL5j5RO
TxIpDAaXEGJR60lSCJEX2Ro2cDazQlbK+aC9jGJAMy6EvZ9IO0sWCT6V6COYrHU6
1xAHKUelrS6C1fv0dDShi2USOUYXAROFR3I1cNJi7CU4GU4xd/7xU0yX6TM0pwMy
won9tDGuEJMwxoZ7SS6Q
-----END CERTIFICATE-----