Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68Uk1idrD_v4evfH37gmiX_seXY.cer
File:                     68Uk1idrD_v4evfH37gmiX_seXY.cer (raw, json)
Hash identifier:          A0SWkOwOCa45crtgGyLbOZcRR/NSJnnl6lL7BebU7co=
Subject key identifier:   EB:C5:24:D6:27:6B:0F:FB:F8:7A:F7:C7:DF:B8:26:89:7F:EC:79:76
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC64A273382EB7A8AA07A9E435A211FEE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c0/2add71-6fa8-47af-ab0e-58fe7edebd8e/1/68Uk1idrD_v4evfH37gmiX_seXY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c0/2add71-6fa8-47af-ab0e-58fe7edebd8e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:29:57 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.159.189.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:27:33:82:eb:7a:8a:a0:7a:9e:43:5a:21:1f:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ebc524d6276b0ffbf87af7c7dfb826897fec7976
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:05:10:81:1b:16:cc:1c:4a:0f:e2:67:cd:93:
                    6f:a6:14:c5:bb:cf:31:8b:bf:1a:8c:8d:f4:5f:02:
                    1b:57:5f:eb:c5:92:b7:0d:9e:8d:98:80:21:67:28:
                    03:06:b9:76:73:e4:d2:36:61:c8:84:90:af:06:b3:
                    0c:d6:a9:db:e7:28:d7:98:8b:35:02:00:e7:3d:c2:
                    fb:55:5d:1d:37:ec:88:51:4a:ef:78:71:4f:e7:b2:
                    e1:af:5f:79:20:12:e7:9f:61:f2:b0:1a:90:ba:e2:
                    22:86:ad:da:13:58:58:98:f4:7b:50:d6:9c:05:c9:
                    e4:1a:f2:f4:c5:90:27:11:b3:f0:70:df:46:61:ff:
                    1b:90:c2:52:e5:25:4b:88:91:6a:a0:10:54:f7:9d:
                    a3:13:98:68:30:b8:55:9b:6a:8c:c0:4a:51:f4:0b:
                    ce:41:66:be:f6:7c:ea:c6:e2:ed:f7:24:80:e8:6a:
                    f1:11:12:e2:77:7a:20:3b:48:b3:c5:2e:49:a0:b7:
                    74:93:f9:06:e3:e8:f3:80:37:65:41:a4:7d:b9:c5:
                    14:29:db:51:e6:78:33:71:4a:15:05:cf:ee:a2:38:
                    40:4e:db:e2:a0:10:de:d0:95:2b:2d:37:5c:82:f5:
                    2a:34:58:7d:a3:bf:2a:84:9f:86:a4:32:56:02:e0:
                    dc:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:C5:24:D6:27:6B:0F:FB:F8:7A:F7:C7:DF:B8:26:89:7F:EC:79:76
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/2add71-6fa8-47af-ab0e-58fe7edebd8e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/2add71-6fa8-47af-ab0e-58fe7edebd8e/1/68Uk1idrD_v4evfH37gmiX_seXY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:8d:81:a5:26:96:a4:30:9a:35:11:bb:e8:4f:d1:dd:05:d1:
         8d:30:97:c3:96:b2:97:83:ca:17:48:d4:fc:5a:87:9e:f7:80:
         06:60:c5:80:84:ce:87:4c:ac:c7:c4:d8:6e:de:c4:4b:63:9d:
         09:4c:69:f2:96:80:4c:b1:9a:6e:be:f1:ff:3d:f0:e2:7c:23:
         96:17:9f:8a:27:50:7a:b5:1a:31:a0:ce:f5:94:a2:2a:0a:cb:
         df:a8:f4:5e:aa:e1:7f:02:3f:e3:01:87:76:5f:f7:e5:65:42:
         da:11:20:f4:1c:07:98:b1:ab:e7:dc:91:10:6e:91:68:79:d2:
         19:6c:3c:28:7f:60:a4:3b:e7:1d:05:96:b4:c0:dc:57:5e:3e:
         c0:50:d7:48:ae:21:fd:2d:45:00:09:da:ac:e2:26:7d:4c:03:
         87:3f:87:66:e5:96:e0:a3:c7:0b:f7:d8:54:59:66:a8:9b:7b:
         a4:a5:9a:1e:41:df:db:ce:4a:cc:82:0b:0a:2f:89:8a:c7:6a:
         94:fa:26:44:b1:29:a4:cb:f2:24:26:b6:bc:dd:3b:5e:17:a3:
         66:ef:bd:99:ce:ed:20:bb:c8:cb:ba:30:15:4e:13:94:1b:fc:
         ee:fe:54:4d:77:18:39:c3:10:38:7d:86:25:03:57:d3:40:03:
         a6:9a:ec:c6
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzGSiczgut6iqB6nkNaIR/uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmM1MjRkNjI3NmIwZmZiZjg3YWY3YzdkZmI4MjY4OTdmZWM3OTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswUQgRsWzBxKD+JnzZNvphTFu88x
i78ajI30XwIbV1/rxZK3DZ6NmIAhZygDBrl2c+TSNmHIhJCvBrMM1qnb5yjXmIs1
AgDnPcL7VV0dN+yIUUrveHFP57Lhr195IBLnn2HysBqQuuIihq3aE1hYmPR7UNac
BcnkGvL0xZAnEbPwcN9GYf8bkMJS5SVLiJFqoBBU952jE5hoMLhVm2qMwEpR9AvO
QWa+9nzqxuLt9ySA6GrxERLid3ogO0izxS5JoLd0k/kG4+jzgDdlQaR9ucUUKdtR
5ngzcUoVBc/uojhATtvioBDe0JUrLTdcgvUqNFh9o78qhJ+GpDJWAuDc7QIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFOvFJNYnaw/7+Hr3x9+4Jol/7Hl2MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MwLzJhZGQ3
MS02ZmE4LTQ3YWYtYWIwZS01OGZlN2VkZWJkOGUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzAvMmFkZDcx
LTZmYTgtNDdhZi1hYjBlLTU4ZmU3ZWRlYmQ4ZS8xLzY4VWsxaWRyRF92NGV2Zkgz
N2dtaVhfc2VYWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAuZ+9MA0GCSqGSIb3DQEBCwUAA4IBAQAcjYGl
JpakMJo1EbvoT9HdBdGNMJfDlrKXg8oXSNT8Woee94AGYMWAhM6HTKzHxNhu3sRL
Y50JTGnyloBMsZpuvvH/PfDifCOWF5+KJ1B6tRoxoM71lKIqCsvfqPRequF/Aj/j
AYd2X/flZULaESD0HAeYsavn3JEQbpFoedIZbDwof2CkO+cdBZa0wNxXXj7AUNdI
riH9LUUACdqs4iZ9TAOHP4dm5Zbgo8cL99hUWWaom3ukpZoeQd/bzkrMggsKL4mK
x2qU+iZEsSmky/IkJra83TteF6Nm772Zzu0gu8jLujAVThOUG/zu/lRNdxg5wxA4
fYYlA1fTQAOmmuzG
-----END CERTIFICATE-----