Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8tQRaXXT6HvYoo5kPGmjCB3gAZ8.cer
File:                     8tQRaXXT6HvYoo5kPGmjCB3gAZ8.cer (raw, json)
Hash identifier:          4ZLyGYF+5oFLCctMf/Lv22nefaHPjPoFYBgVIkOzPds=
Subject key identifier:   F2:D4:11:69:75:D3:E8:7B:D8:A2:8E:64:3C:69:A3:08:1D:E0:01:9F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56EE1180D18865B53FF3F07243F02BA
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7f/5996e1-2ff0-4bb7-a880-faab9cae1e81/1/8tQRaXXT6HvYoo5kPGmjCB3gAZ8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7f/5996e1-2ff0-4bb7-a880-faab9cae1e81/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:30:27 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 25297
                          IP: 195.234.167.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 08:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:e1:18:0d:18:86:5b:53:ff:3f:07:24:3f:02:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2d4116975d3e87bd8a28e643c69a3081de0019f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:08:5b:24:8b:ce:d3:7c:4f:8e:f6:7d:e5:85:
                    d6:49:6c:9e:2f:5a:f0:90:f8:53:b0:02:a1:20:17:
                    f7:98:13:0b:13:7a:0f:2f:1c:35:ec:ae:66:1c:e3:
                    51:fd:89:ef:0c:81:ff:53:86:40:4a:93:38:09:8d:
                    16:23:f5:dc:96:e9:3d:6b:f0:4e:4d:1d:da:63:46:
                    6f:aa:15:73:94:ef:86:78:ce:ff:fd:41:30:d6:e0:
                    a7:df:02:5d:99:f2:c6:b3:a1:a7:e0:02:c2:4f:f8:
                    ff:ea:10:70:bc:f1:b5:45:43:a4:69:9a:2f:e6:62:
                    50:e9:6a:50:32:c4:25:8d:05:bf:88:b4:d0:6d:61:
                    87:66:06:c0:7d:c7:72:54:d6:d3:1b:74:2f:db:69:
                    23:50:52:b6:6a:90:7a:20:d1:d8:b8:64:31:06:d7:
                    1f:ca:12:eb:d8:29:6a:b7:91:7c:15:4f:a8:cd:2f:
                    02:37:f9:66:3b:4a:e9:b6:e2:8d:ab:89:ac:06:ef:
                    e7:e2:10:31:f1:45:ba:c1:39:e9:78:84:62:ed:a5:
                    ea:75:d4:6c:0b:29:66:3d:a7:7a:e7:97:64:b0:ca:
                    54:76:23:6e:5a:06:0a:44:75:d5:25:db:83:99:5f:
                    21:21:86:a5:0a:57:03:23:36:1c:63:12:55:bf:d4:
                    b2:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:D4:11:69:75:D3:E8:7B:D8:A2:8E:64:3C:69:A3:08:1D:E0:01:9F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/5996e1-2ff0-4bb7-a880-faab9cae1e81/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/5996e1-2ff0-4bb7-a880-faab9cae1e81/1/8tQRaXXT6HvYoo5kPGmjCB3gAZ8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.167.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  25297

    Signature Algorithm: sha256WithRSAEncryption
         20:25:90:91:00:8b:44:97:6f:3f:4f:37:34:93:f5:37:e0:3d:
         e2:71:57:c2:28:58:69:80:6d:98:37:60:19:b6:73:5e:ab:3a:
         94:36:c9:ae:e1:13:82:91:36:06:91:4b:5f:2b:d0:9b:c2:a6:
         6a:49:c2:17:d7:de:12:12:ac:c5:86:e6:95:fd:fc:57:f3:3b:
         e6:72:dc:77:7a:e8:d5:78:c3:ca:5b:79:68:31:d6:ec:71:19:
         78:88:cb:56:48:91:f8:cc:70:44:74:83:78:f0:5c:56:9b:61:
         f6:b3:fc:db:b6:e1:55:5a:26:f0:74:32:da:4c:75:12:0c:de:
         9b:4e:70:99:07:85:03:50:9c:6a:b5:60:b0:51:15:48:d8:96:
         62:e0:98:b3:4d:bc:9c:13:d3:53:fd:87:53:92:99:01:5b:31:
         f9:d5:38:c6:2f:14:9d:bb:36:d4:e6:20:5d:3c:a7:40:1c:9e:
         97:22:51:4e:55:18:10:48:ff:3e:07:85:0b:67:1c:d1:40:ef:
         eb:8e:55:6e:83:60:50:2f:56:05:66:f0:c3:4a:7f:31:af:2b:
         a2:f0:1b:cf:7d:32:4a:56:45:32:46:c4:58:22:54:9f:fb:e3:
         52:30:85:c6:51:94:b6:ec:5d:27:52:49:df:c6:e6:3d:27:10:
         61:0c:c6:1c
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAYzFbuEYDRiGW1P/PwckPwK6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmQ0MTE2OTc1ZDNlODdiZDhhMjhlNjQzYzY5YTMwODFkZTAwMTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQhbJIvO03xPjvZ95YXWSWyeL1rw
kPhTsAKhIBf3mBMLE3oPLxw17K5mHONR/YnvDIH/U4ZASpM4CY0WI/Xcluk9a/BO
TR3aY0ZvqhVzlO+GeM7//UEw1uCn3wJdmfLGs6Gn4ALCT/j/6hBwvPG1RUOkaZov
5mJQ6WpQMsQljQW/iLTQbWGHZgbAfcdyVNbTG3Qv22kjUFK2apB6INHYuGQxBtcf
yhLr2Clqt5F8FU+ozS8CN/lmO0rptuKNq4msBu/n4hAx8UW6wTnpeIRi7aXqddRs
CylmPad655dksMpUdiNuWgYKRHXVJduDmV8hIYalClcDIzYcYxJVv9Sy/wIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFPLUEWl10+h72KKOZDxpowgd4AGfMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdmLzU5OTZl
MS0yZmYwLTRiYjctYTg4MC1mYWFiOWNhZTFlODEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2YvNTk5NmUx
LTJmZjAtNGJiNy1hODgwLWZhYWI5Y2FlMWU4MS8xLzh0UVJhWFhUNkh2WW9vNWtQ
R21qQ0IzZ0FaOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAw+qnMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AmLRMA0GCSqGSIb3DQEBCwUAA4IBAQAgJZCRAItEl28/Tzc0k/U34D3icVfCKFhp
gG2YN2AZtnNeqzqUNsmu4ROCkTYGkUtfK9CbwqZqScIX194SEqzFhuaV/fxX8zvm
ctx3eujVeMPKW3loMdbscRl4iMtWSJH4zHBEdIN48FxWm2H2s/zbtuFVWibwdDLa
THUSDN6bTnCZB4UDUJxqtWCwURVI2JZi4JizTbycE9NT/YdTkpkBWzH51TjGLxSd
uzbU5iBdPKdAHJ6XIlFOVRgQSP8+B4ULZxzRQO/rjlVug2BQL1YFZvDDSn8xryui
8BvPfTJKVkUyRsRYIlSf++NSMIXGUZS27F0nUknfxuY9JxBhDMYc
-----END CERTIFICATE-----