Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6xU9o8JM4SNuIMRoYWNdyO-1apI.cer
File:                     6xU9o8JM4SNuIMRoYWNdyO-1apI.cer (raw, json)
Hash identifier:          TIOjs7qMR/FSFx/f6tJ2RVR31ivmByoIht5sJtAzqbw=
Subject key identifier:   EB:15:3D:A3:C2:4C:E1:23:6E:20:C4:68:61:63:5D:C8:EF:B5:6A:92
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC801B4742536695AE94C54D6F42C7114
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a7/4bb067-c365-452e-a93e-39da1ae8b731/1/6xU9o8JM4SNuIMRoYWNdyO-1apI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a7/4bb067-c365-452e-a93e-39da1ae8b731/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:30:04 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.201.20.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Apr 2024 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:b4:74:25:36:69:5a:e9:4c:54:d6:f4:2c:71:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb153da3c24ce1236e20c46861635dc8efb56a92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:5a:27:b5:de:ca:e4:04:e6:4c:9b:bb:75:45:
                    b2:85:ae:3a:cb:f8:56:a4:a8:68:f2:4e:ed:09:60:
                    35:3b:a5:c7:5a:f3:d7:d1:ee:ed:79:43:56:9d:79:
                    4b:8e:e9:38:7e:41:76:37:b9:15:7b:20:f1:e2:22:
                    fe:9b:a8:4d:6f:54:b8:13:a2:26:80:db:3f:1a:83:
                    ed:4f:f7:67:fd:f0:15:d5:70:63:6d:b9:2e:c1:81:
                    99:9e:c0:f2:3e:15:4f:ad:23:0c:76:6e:ee:39:2f:
                    72:be:1e:dd:e6:46:ee:02:b4:2d:32:52:0d:e4:71:
                    91:cf:2d:90:d8:e8:98:a0:51:c1:5f:c8:06:09:e8:
                    a3:01:3f:31:e7:ce:a0:6c:97:d3:20:20:e3:43:b2:
                    76:2d:2a:25:46:c6:9f:35:0e:8c:16:06:0c:8b:c5:
                    6c:f4:f8:48:cf:f4:d3:6d:a0:8a:f5:89:06:89:df:
                    34:b7:83:69:2e:31:66:f9:93:ea:08:5f:17:6f:69:
                    a3:03:a1:92:22:ad:8b:e3:f5:6c:34:57:1a:e8:f0:
                    7c:48:d6:a6:95:d2:86:e9:34:89:1f:87:f2:84:55:
                    b5:cf:f1:46:61:49:62:76:5d:27:61:11:b5:fa:e2:
                    a6:a6:46:01:88:5a:0d:01:30:5a:52:d5:de:e8:69:
                    83:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:15:3D:A3:C2:4C:E1:23:6E:20:C4:68:61:63:5D:C8:EF:B5:6A:92
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/4bb067-c365-452e-a93e-39da1ae8b731/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/4bb067-c365-452e-a93e-39da1ae8b731/1/6xU9o8JM4SNuIMRoYWNdyO-1apI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3b:3b:bc:cc:52:d3:ec:ce:8e:92:e3:9c:c9:6f:26:0d:19:b8:
         cc:bb:e7:d7:d4:b8:e9:59:26:5a:34:10:b6:82:c9:b3:d8:69:
         2d:61:4e:0f:2b:25:5a:ef:97:d8:a8:95:13:f2:1d:c8:79:74:
         7f:ae:02:52:9c:e0:fc:d5:ed:77:6c:d0:2d:de:01:0a:b5:23:
         ae:93:a7:07:ef:4e:1d:7a:49:55:67:d0:1c:a5:fe:8e:7f:03:
         75:62:0a:4a:9a:7e:22:ca:ec:15:a5:c6:0b:e8:95:ec:73:c6:
         ef:cd:a6:6c:4b:08:45:c0:96:d2:e3:50:c7:35:31:1d:96:d3:
         78:c5:c7:cb:01:27:53:ea:4e:2d:70:33:a2:ea:cc:eb:00:0a:
         ee:53:a9:10:2e:69:4e:10:cd:18:20:14:60:69:bb:ed:75:7e:
         0d:e6:65:f0:ee:91:c6:4c:4b:9a:0f:9f:bc:f0:0e:1c:cf:e5:
         ec:e8:e3:02:be:3c:e1:e1:65:04:d5:89:9c:be:b3:65:42:c8:
         87:b6:46:60:06:fb:49:5d:ac:9e:93:16:58:b5:bc:f2:97:20:
         19:71:7c:28:ad:0e:81:6f:6d:0d:90:fe:18:c6:71:11:8d:c6:
         16:92:a6:d1:7b:8a:a2:05:42:db:44:af:b9:11:33:23:d8:ac:
         1a:d8:3f:53
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzIAbR0JTZpWulMVNb0LHEUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjE1M2RhM2MyNGNlMTIzNmUyMGM0Njg2MTYzNWRjOGVmYjU2YTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFontd7K5ATmTJu7dUWyha46y/hW
pKho8k7tCWA1O6XHWvPX0e7teUNWnXlLjuk4fkF2N7kVeyDx4iL+m6hNb1S4E6Im
gNs/GoPtT/dn/fAV1XBjbbkuwYGZnsDyPhVPrSMMdm7uOS9yvh7d5kbuArQtMlIN
5HGRzy2Q2OiYoFHBX8gGCeijAT8x586gbJfTICDjQ7J2LSolRsafNQ6MFgYMi8Vs
9PhIz/TTbaCK9YkGid80t4NpLjFm+ZPqCF8Xb2mjA6GSIq2L4/VsNFca6PB8SNam
ldKG6TSJH4fyhFW1z/FGYUlidl0nYRG1+uKmpkYBiFoNATBaUtXe6GmD8wIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFOsVPaPCTOEjbiDEaGFjXcjvtWqSMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2E3LzRiYjA2
Ny1jMzY1LTQ1MmUtYTkzZS0zOWRhMWFlOGI3MzEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTcvNGJiMDY3
LWMzNjUtNDUyZS1hOTNlLTM5ZGExYWU4YjczMS8xLzZ4VTlvOEpNNFNOdUlNUm9Z
V05keU8tMWFwSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBwckUMA0GCSqGSIb3DQEBCwUAA4IBAQA7O7zM
UtPszo6S45zJbyYNGbjMu+fX1LjpWSZaNBC2gsmz2GktYU4PKyVa75fYqJUT8h3I
eXR/rgJSnOD81e13bNAt3gEKtSOuk6cH704deklVZ9Acpf6OfwN1YgpKmn4iyuwV
pcYL6JXsc8bvzaZsSwhFwJbS41DHNTEdltN4xcfLASdT6k4tcDOi6szrAAruU6kQ
LmlOEM0YIBRgabvtdX4N5mXw7pHGTEuaD5+88A4cz+Xs6OMCvjzh4WUE1YmcvrNl
QsiHtkZgBvtJXayekxZYtbzylyAZcXworQ6Bb20NkP4YxnERjcYWkqbRe4qiBULb
RK+5ETMj2Kwa2D9T
-----END CERTIFICATE-----