Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8IcQ5uJObWm9XESv6vDunGftOgY.cer
File:                     8IcQ5uJObWm9XESv6vDunGftOgY.cer (raw, json)
Hash identifier:          +KQN94uPVcokTQB4ptSyNP+vivanRpGKK9T+Okv1Awg=
Subject key identifier:   F0:87:10:E6:E2:4E:6D:69:BD:5C:44:AF:EA:F0:EE:9C:67:ED:3A:06
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC424D8BDC63ACE43D2535CE6714286A1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2b/7bbad4-e15a-4bfd-ab32-76e865e2c4bd/1/8IcQ5uJObWm9XESv6vDunGftOgY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2b/7bbad4-e15a-4bfd-ab32-76e865e2c4bd/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 08:29:58 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 21231
                          IP: 80.92.32.0/20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 00:45:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:d8:bd:c6:3a:ce:43:d2:53:5c:e6:71:42:86:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 08:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f08710e6e24e6d69bd5c44afeaf0ee9c67ed3a06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:01:aa:63:7f:3c:8a:54:22:f3:95:66:d2:83:
                    ac:bb:98:96:61:d1:47:42:f1:af:f6:cf:a7:63:08:
                    72:b3:18:56:b4:3e:6a:8a:f7:c1:53:d7:c3:eb:ce:
                    7f:e6:97:df:1b:04:05:6b:d6:2d:7b:b9:5d:e2:eb:
                    83:dc:24:65:48:d8:df:60:0f:62:ab:25:c0:f3:a8:
                    68:94:4d:12:d8:11:61:54:fe:08:79:a0:61:48:31:
                    fd:0f:3e:d8:31:20:75:be:18:3d:51:68:74:10:44:
                    09:7d:3f:eb:48:a8:d9:4b:e3:3c:8e:fc:9d:8a:22:
                    92:3b:90:2f:3e:8b:ef:da:3d:fc:66:0a:c3:e2:d3:
                    03:0c:df:f4:1d:a5:c7:70:96:d8:19:f3:0e:3b:ac:
                    c6:ff:63:cb:fc:36:bf:61:17:ee:bc:ad:20:03:af:
                    a8:09:b6:e9:87:f2:f5:df:c3:ff:c0:8c:a8:a2:2c:
                    d3:cd:f5:7a:11:79:e9:7e:05:67:a3:5b:06:0e:62:
                    21:9b:c9:63:c2:b1:ad:43:fa:1f:22:85:0d:36:92:
                    59:9f:fb:10:44:3e:e4:8b:44:9e:27:d3:22:c5:b3:
                    06:1a:d1:42:e7:63:44:75:e7:c9:4f:cc:0b:aa:15:
                    9d:53:7e:83:57:02:b1:0e:3f:76:08:ab:81:30:bf:
                    e3:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:87:10:E6:E2:4E:6D:69:BD:5C:44:AF:EA:F0:EE:9C:67:ED:3A:06
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/7bbad4-e15a-4bfd-ab32-76e865e2c4bd/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/7bbad4-e15a-4bfd-ab32-76e865e2c4bd/1/8IcQ5uJObWm9XESv6vDunGftOgY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.92.32.0/20

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  21231

    Signature Algorithm: sha256WithRSAEncryption
         26:8d:38:3c:00:85:e0:15:39:01:c3:c4:8d:d0:e3:d1:3e:7c:
         be:b2:ed:34:88:aa:71:ac:92:05:a7:59:70:f4:d3:0b:5b:25:
         a7:4c:65:6e:3d:d7:a6:ff:0c:ed:35:70:33:b5:e4:55:45:22:
         79:59:9d:2d:ee:d9:4f:43:53:ec:56:e1:46:fe:a0:8a:cb:59:
         bb:12:79:1d:73:51:38:24:9f:be:9f:93:99:81:0d:96:b8:56:
         51:12:ad:71:6d:46:45:9c:04:7f:51:93:c5:a8:ac:e5:16:92:
         71:2e:24:d0:47:08:56:87:9c:cc:3f:ad:04:9e:32:f3:a8:db:
         bb:cc:ac:64:07:3c:f6:fb:4c:df:0d:9c:66:62:ff:c6:b9:53:
         5b:1a:25:84:3e:62:47:b4:fe:73:d3:e3:55:cb:b2:f6:8c:92:
         28:74:68:92:e9:e3:70:8c:a3:69:f7:53:87:ef:49:9a:7d:53:
         90:dd:a9:63:a5:3c:ed:6f:9c:c7:5b:f6:d7:d5:d1:68:cc:a3:
         fc:5c:ba:1b:0b:41:a4:90:af:f2:31:1b:6b:7e:a1:7a:65:a3:
         ec:12:c1:cf:4b:c7:96:7a:01:1f:2e:35:51:77:a5:7b:3f:72:
         44:90:80:d3:3f:30:eb:ba:8a:fe:05:1d:4d:ac:2f:05:b0:9e:
         68:62:18:4f
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAYzEJNi9xjrOQ9JTXOZxQoahMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDgyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDg3MTBlNmUyNGU2ZDY5YmQ1YzQ0YWZlYWYwZWU5YzY3ZWQzYTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwGqY388ilQi85Vm0oOsu5iWYdFH
QvGv9s+nYwhysxhWtD5qivfBU9fD685/5pffGwQFa9Yte7ld4uuD3CRlSNjfYA9i
qyXA86holE0S2BFhVP4IeaBhSDH9Dz7YMSB1vhg9UWh0EEQJfT/rSKjZS+M8jvyd
iiKSO5AvPovv2j38ZgrD4tMDDN/0HaXHcJbYGfMOO6zG/2PL/Da/YRfuvK0gA6+o
Cbbph/L138P/wIyooizTzfV6EXnpfgVno1sGDmIhm8ljwrGtQ/ofIoUNNpJZn/sQ
RD7ki0SeJ9MixbMGGtFC52NEdefJT8wLqhWdU36DVwKxDj92CKuBML/jSQIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFPCHEObiTm1pvVxEr+rw7pxn7ToGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJiLzdiYmFk
NC1lMTVhLTRiZmQtYWIzMi03NmU4NjVlMmM0YmQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmIvN2JiYWQ0
LWUxNWEtNGJmZC1hYjMyLTc2ZTg2NWUyYzRiZC8xLzhJY1E1dUpPYldtOVhFU3Y2
dkR1bkdmdE9nWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQEUFwgMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AlLvMA0GCSqGSIb3DQEBCwUAA4IBAQAmjTg8AIXgFTkBw8SN0OPRPny+su00iKpx
rJIFp1lw9NMLWyWnTGVuPdem/wztNXAzteRVRSJ5WZ0t7tlPQ1PsVuFG/qCKy1m7
Enkdc1E4JJ++n5OZgQ2WuFZREq1xbUZFnAR/UZPFqKzlFpJxLiTQRwhWh5zMP60E
njLzqNu7zKxkBzz2+0zfDZxmYv/GuVNbGiWEPmJHtP5z0+NVy7L2jJIodGiS6eNw
jKNp91OH70mafVOQ3aljpTztb5zHW/bX1dFozKP8XLobC0GkkK/yMRtrfqF6ZaPs
EsHPS8eWegEfLjVRd6V7P3JEkIDTPzDruor+BR1NrC8FsJ5oYhhP
-----END CERTIFICATE-----