Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5xhnDMKBDk0YFTtuTnhBPBz0748.cer
File:                     5xhnDMKBDk0YFTtuTnhBPBz0748.cer (raw, json)
Hash identifier:          n1g4HekB6skCHb/l4JWdpkA89lRVJklyUu1/LIDxhII=
Subject key identifier:   E7:18:67:0C:C2:81:0E:4D:18:15:3B:6E:4E:78:41:3C:1C:F4:EF:8F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8013EFA4620D94282B5A1AEE7E393CD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6d/e5c7e6-a57b-4c57-b5a5-58ac05f4d954/1/5xhnDMKBDk0YFTtuTnhBPBz0748.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6d/e5c7e6-a57b-4c57-b5a5-58ac05f4d954/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:29:34 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 195.68.234.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Dec 2024 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:3e:fa:46:20:d9:42:82:b5:a1:ae:e7:e3:93:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e718670cc2810e4d18153b6e4e78413c1cf4ef8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:ad:a2:ce:36:47:7c:02:fc:56:62:48:17:33:
                    54:49:a8:2e:43:17:c9:06:62:2b:0e:84:43:17:bb:
                    1f:c1:da:93:43:05:37:c3:e6:ef:c6:f7:b1:f3:21:
                    e0:c1:ae:ed:ea:41:b1:0c:97:de:a3:24:ed:fd:72:
                    ca:bd:e9:bb:bb:54:bf:bc:08:97:82:c4:7d:9b:0e:
                    58:28:1c:7e:b3:cc:c7:20:d0:fc:4a:88:41:bc:b6:
                    79:52:8e:e8:b1:57:62:ef:84:c9:ce:ac:ab:be:d6:
                    44:ad:75:74:bb:bd:de:ec:1e:c3:d4:90:a4:42:aa:
                    82:f6:7f:00:01:04:2b:f1:a8:b0:a5:80:56:e6:b5:
                    d6:a2:5e:e1:47:fe:be:fd:18:e5:a2:87:46:3f:e0:
                    80:a6:87:37:77:9c:91:55:bd:66:3a:7f:56:ef:b4:
                    c9:1a:45:ae:4c:be:6b:34:8f:6e:ca:0d:05:d9:f5:
                    a3:7a:3b:ec:f2:1d:68:01:e1:48:8c:61:a9:c1:f3:
                    cf:02:bc:bb:ff:76:31:5d:a5:7c:13:f9:16:71:a2:
                    18:2d:97:74:d2:16:c5:b2:07:16:c7:a2:5c:a8:d3:
                    af:fa:70:32:23:18:ac:ce:6e:13:8b:b8:c2:86:45:
                    41:61:67:bc:2c:69:e9:cf:75:43:d5:b7:46:35:6e:
                    1d:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:18:67:0C:C2:81:0E:4D:18:15:3B:6E:4E:78:41:3C:1C:F4:EF:8F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/e5c7e6-a57b-4c57-b5a5-58ac05f4d954/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/e5c7e6-a57b-4c57-b5a5-58ac05f4d954/1/5xhnDMKBDk0YFTtuTnhBPBz0748.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.68.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9e:53:65:c3:71:e1:77:53:30:00:78:2b:b3:a0:1e:3a:f2:50:
         53:52:d4:6d:01:92:e0:d2:9b:d5:2c:c7:29:43:8b:83:be:43:
         93:49:f5:32:bf:27:f5:19:05:7a:21:5d:01:2a:81:61:56:17:
         86:a0:ef:67:91:78:83:ea:4d:7f:3b:68:66:8f:cf:cd:e8:9d:
         79:ae:87:b6:12:78:a3:13:ae:cb:25:5e:fe:a3:4d:8e:ba:eb:
         8b:61:0b:22:41:2b:58:8d:ce:c1:0e:ba:75:4e:25:ce:23:2e:
         1c:8b:5f:dd:e0:ea:23:79:ae:ba:d7:52:9a:57:91:1d:ab:c6:
         9b:73:c9:e5:e0:7c:dd:34:a5:4c:93:46:5f:de:8f:30:7d:1c:
         0a:b1:f0:40:e7:aa:4d:6f:18:47:df:c5:0e:a9:52:b5:97:6e:
         4a:82:fa:59:73:8a:38:0e:88:d5:d9:7c:15:43:4d:bf:f7:28:
         ef:62:61:19:14:85:01:44:4a:29:b7:f0:90:40:ef:a3:aa:8a:
         19:30:aa:73:ac:e0:44:63:ff:15:88:9c:47:76:c4:ca:0a:04:
         be:3d:32:9f:59:bf:83:de:04:12:be:68:f2:5c:98:be:40:c5:
         c5:75:32:b1:5f:60:c6:67:4c:fb:c4:2c:cc:77:c0:84:46:e7:
         96:57:79:76
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzIAT76RiDZQoK1oa7n45PNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzE4NjcwY2MyODEwZTRkMTgxNTNiNmU0ZTc4NDEzYzFjZjRlZjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA662izjZHfAL8VmJIFzNUSaguQxfJ
BmIrDoRDF7sfwdqTQwU3w+bvxvex8yHgwa7t6kGxDJfeoyTt/XLKvem7u1S/vAiX
gsR9mw5YKBx+s8zHIND8SohBvLZ5Uo7osVdi74TJzqyrvtZErXV0u73e7B7D1JCk
QqqC9n8AAQQr8aiwpYBW5rXWol7hR/6+/RjloodGP+CApoc3d5yRVb1mOn9W77TJ
GkWuTL5rNI9uyg0F2fWjejvs8h1oAeFIjGGpwfPPAry7/3YxXaV8E/kWcaIYLZd0
0hbFsgcWx6JcqNOv+nAyIxiszm4Ti7jChkVBYWe8LGnpz3VD1bdGNW4dTQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFOcYZwzCgQ5NGBU7bk54QTwc9O+PMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZkL2U1Yzdl
Ni1hNTdiLTRjNTctYjVhNS01OGFjMDVmNGQ5NTQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmQvZTVjN2U2
LWE1N2ItNGM1Ny1iNWE1LTU4YWMwNWY0ZDk1NC8xLzV4aG5ETUtCRGswWUZUdHVU
bmhCUEJ6MDc0OC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBw0TqMA0GCSqGSIb3DQEBCwUAA4IBAQCeU2XD
ceF3UzAAeCuzoB468lBTUtRtAZLg0pvVLMcpQ4uDvkOTSfUyvyf1GQV6IV0BKoFh
VheGoO9nkXiD6k1/O2hmj8/N6J15roe2EnijE67LJV7+o02OuuuLYQsiQStYjc7B
Drp1TiXOIy4ci1/d4Oojea6611KaV5Edq8abc8nl4HzdNKVMk0Zf3o8wfRwKsfBA
56pNbxhH38UOqVK1l25KgvpZc4o4DojV2XwVQ02/9yjvYmEZFIUBREopt/CQQO+j
qooZMKpzrOBEY/8ViJxHdsTKCgS+PTKfWb+D3gQSvmjyXJi+QMXFdTKxX2DGZ0z7
xCzMd8CERueWV3l2
-----END CERTIFICATE-----