Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8-oWKkkqwrR-eW6aPB1RhYOD-xI.cer
File:                     8-oWKkkqwrR-eW6aPB1RhYOD-xI.cer (raw, json)
Hash identifier:          new1+8Z9KLmnhUNCgIiKyqiWLm3GJ18Pf6gl5X9y6EY=
Subject key identifier:   F3:EA:16:2A:49:2A:C2:B4:7E:79:6E:9A:3C:1D:51:85:83:83:FB:12
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC424DA154B95D428E74CB8E774CBAFDE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/18/d37bf0-adae-44c5-9438-f345ed3b6016/1/8-oWKkkqwrR-eW6aPB1RhYOD-xI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/18/d37bf0-adae-44c5-9438-f345ed3b6016/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 08:29:58 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 81.161.58.0/24
                          IP: 194.88.246.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:da:15:4b:95:d4:28:e7:4c:b8:e7:74:cb:af:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 08:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3ea162a492ac2b47e796e9a3c1d51858383fb12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:da:03:ee:39:f8:db:66:a5:e7:16:f2:af:b4:
                    18:87:78:63:ef:d9:45:68:95:7b:23:b4:c0:a8:17:
                    3c:10:6b:66:3f:16:c0:f2:53:66:29:8e:94:c6:f6:
                    a4:d2:fe:bc:53:f3:d8:ef:19:5f:fe:3c:07:b8:61:
                    41:17:b8:d2:ae:4a:f6:fa:45:1f:00:0f:0d:3a:64:
                    e5:0f:cf:15:fd:de:de:e3:05:7d:da:c1:25:08:46:
                    92:8d:b0:d5:9f:2a:86:98:bb:af:94:22:ec:46:26:
                    64:89:ea:28:f7:51:b4:0f:88:22:e0:b2:26:41:88:
                    d0:ba:ea:d7:e2:49:52:6d:70:80:5b:88:9d:66:60:
                    ea:9a:8e:37:cb:1e:1f:a1:ae:a7:f4:c9:93:7c:32:
                    f8:d9:a2:d4:d7:f2:dc:db:85:b9:ac:cc:f2:fc:0e:
                    56:45:4d:c4:e0:22:a4:9b:cd:cc:b1:25:fd:36:b7:
                    e7:ba:f9:6d:c0:31:c7:c9:0b:cb:e8:c9:fd:f0:2e:
                    63:13:af:49:0a:b2:92:8e:4c:c7:3d:3a:18:0e:2a:
                    e1:3c:2e:a3:db:0e:1f:d2:21:2a:e2:b9:ad:d8:92:
                    f5:1e:29:ef:7c:bc:b1:26:c5:0a:40:63:71:ab:80:
                    81:18:f7:93:ac:7c:a7:d6:26:96:a6:b7:89:b7:8d:
                    c9:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:EA:16:2A:49:2A:C2:B4:7E:79:6E:9A:3C:1D:51:85:83:83:FB:12
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/d37bf0-adae-44c5-9438-f345ed3b6016/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/d37bf0-adae-44c5-9438-f345ed3b6016/1/8-oWKkkqwrR-eW6aPB1RhYOD-xI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.161.58.0/24
                  194.88.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         50:55:4a:2b:7c:56:d6:97:9e:56:db:ec:1a:c6:7c:e5:99:57:
         61:b8:7a:ca:fb:93:63:b9:dc:3c:db:ec:63:a0:79:66:09:9f:
         be:7e:aa:a0:01:96:73:49:ea:3c:0c:90:6c:67:ed:ba:63:41:
         a7:31:e5:65:e7:16:c1:4d:d5:01:78:4c:6e:c2:82:7f:e6:0a:
         20:49:95:f6:a3:8f:8d:3d:ac:4f:ef:af:fa:7c:58:79:e9:93:
         59:4a:e6:9a:a5:ef:48:1f:a5:53:c2:93:00:ed:83:2b:68:a4:
         bc:1f:2c:1c:70:27:bd:1a:75:fb:ed:e7:66:68:2b:69:76:b5:
         cd:b2:d9:04:93:98:33:5d:af:e0:01:8a:5e:de:34:28:09:7b:
         c4:41:87:7c:3b:f7:2f:47:b2:c3:ec:07:32:ec:2d:7c:85:47:
         14:78:4f:d2:36:24:e6:e3:ef:6f:69:3e:80:8c:26:e8:8a:83:
         72:24:2a:47:aa:9d:8b:f2:21:17:b0:b2:ed:7c:6b:48:2a:ce:
         3f:ba:23:28:8d:5c:7b:7c:41:61:d0:98:8c:a0:50:78:d1:fe:
         82:61:ae:33:5d:6b:43:01:f1:60:6f:ce:9c:a0:60:f4:af:59:
         66:ce:c8:5b:72:52:07:79:58:24:02:95:a6:a4:ef:a5:fe:a7:
         0a:04:c4:ee
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAYzEJNoVS5XUKOdMuOd0y6/eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDgyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2VhMTYyYTQ5MmFjMmI0N2U3OTZlOWEzYzFkNTE4NTgzODNmYjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+toD7jn422al5xbyr7QYh3hj79lF
aJV7I7TAqBc8EGtmPxbA8lNmKY6Uxvak0v68U/PY7xlf/jwHuGFBF7jSrkr2+kUf
AA8NOmTlD88V/d7e4wV92sElCEaSjbDVnyqGmLuvlCLsRiZkieoo91G0D4gi4LIm
QYjQuurX4klSbXCAW4idZmDqmo43yx4foa6n9MmTfDL42aLU1/Lc24W5rMzy/A5W
RU3E4CKkm83MsSX9NrfnuvltwDHHyQvL6Mn98C5jE69JCrKSjkzHPToYDirhPC6j
2w4f0iEq4rmt2JL1HinvfLyxJsUKQGNxq4CBGPeTrHyn1iaWpreJt43J5wIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFPPqFipJKsK0fnlumjwdUYWDg/sSMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE4L2QzN2Jm
MC1hZGFlLTQ0YzUtOTQzOC1mMzQ1ZWQzYjYwMTYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTgvZDM3YmYw
LWFkYWUtNDRjNS05NDM4LWYzNDVlZDNiNjAxNi8xLzgtb1dLa2txd3JSLWVXNmFQ
QjFSaFlPRC14SS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQAUaE6AwQBwlj2MA0GCSqGSIb3DQEBCwUAA4IB
AQBQVUorfFbWl55W2+waxnzlmVdhuHrK+5Njudw82+xjoHlmCZ++fqqgAZZzSeo8
DJBsZ+26Y0GnMeVl5xbBTdUBeExuwoJ/5gogSZX2o4+NPaxP76/6fFh56ZNZSuaa
pe9IH6VTwpMA7YMraKS8HywccCe9GnX77edmaCtpdrXNstkEk5gzXa/gAYpe3jQo
CXvEQYd8O/cvR7LD7Acy7C18hUcUeE/SNiTm4+9vaT6AjCboioNyJCpHqp2L8iEX
sLLtfGtIKs4/uiMojVx7fEFh0JiMoFB40f6CYa4zXWtDAfFgb86coGD0r1lmzshb
clIHeVgkApWmpO+l/qcKBMTu
-----END CERTIFICATE-----