Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/977TP_AejgncT-3NAROcDneFSq4.cer
File:                     977TP_AejgncT-3NAROcDneFSq4.cer (raw, json)
Hash identifier:          W0FQQJEDtmoWPYh3YlmvLP2d8slaPsJ7GV7jrOyPA+Y=
Subject key identifier:   F7:BE:D3:3F:F0:1E:8E:09:DC:4F:ED:CD:01:13:9C:0E:77:85:4A:AE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC26D7DE6A9A01C5735E1A4D1B5AE3ED4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/15/5a6d01-a375-4e11-871e-99e6141de7f1/1/977TP_AejgncT-3NAROcDneFSq4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/15/5a6d01-a375-4e11-871e-99e6141de7f1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 00:30:04 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.70.84.0/22
                          IP: 2a03:3520::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 23:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:7d:e6:a9:a0:1c:57:35:e1:a4:d1:b5:ae:3e:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7bed33ff01e8e09dc4fedcd01139c0e77854aae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:aa:44:9d:56:c7:cf:73:2f:d9:25:fd:30:38:
                    6c:93:df:f3:ad:7d:63:3f:af:95:18:e5:cc:08:f5:
                    eb:21:98:15:62:7a:8e:bc:86:12:46:03:f3:1c:8e:
                    1d:bd:a4:c4:08:9e:a0:c0:77:d2:6f:a2:a6:2f:fb:
                    0c:d2:8e:36:88:59:72:dc:cd:bd:32:6b:68:74:55:
                    e1:7c:ae:24:d7:7f:11:6d:81:e1:f3:c8:9c:20:ec:
                    5a:70:3b:b1:cc:a0:bf:6d:a8:43:5a:4d:d9:5b:9b:
                    aa:21:64:4e:be:e5:1b:c6:39:3e:8e:0f:dc:79:5e:
                    64:2f:a8:14:95:52:4d:90:b5:52:2d:6f:1c:5d:67:
                    92:a1:75:da:77:b1:9f:95:ff:53:c6:5e:2c:47:ea:
                    8d:21:81:82:46:a5:d5:22:20:5e:96:cf:3b:0f:77:
                    f4:c2:17:fe:d2:6c:8c:b3:05:af:9e:17:9d:4c:18:
                    39:10:fe:3c:a1:b4:95:e0:c7:d8:7a:89:e9:18:4c:
                    f1:35:ca:f4:cc:52:0c:7b:d7:6b:d7:50:a3:ef:96:
                    2f:3f:9e:4c:c9:ff:d8:73:20:3a:13:ed:19:04:31:
                    41:e3:f4:9f:6c:71:7a:ab:a3:c0:2b:62:ff:5e:89:
                    23:81:d3:c9:e6:3b:45:79:1d:e6:84:7b:ed:09:c6:
                    fd:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:BE:D3:3F:F0:1E:8E:09:DC:4F:ED:CD:01:13:9C:0E:77:85:4A:AE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/5a6d01-a375-4e11-871e-99e6141de7f1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/5a6d01-a375-4e11-871e-99e6141de7f1/1/977TP_AejgncT-3NAROcDneFSq4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.70.84.0/22
                IPv6:
                  2a03:3520::/32

    Signature Algorithm: sha256WithRSAEncryption
         3f:35:de:e1:f2:99:40:12:c8:63:0f:6a:a9:9c:28:aa:5c:d1:
         55:2b:53:57:14:3f:68:80:9a:ed:13:47:86:e7:67:30:b8:42:
         ff:10:88:b4:b8:32:de:4e:d5:f4:b5:97:9c:13:3e:b8:d8:ef:
         5b:00:51:6b:f5:af:94:a7:e9:97:f4:2e:b4:97:70:b5:a6:0d:
         29:dc:03:a6:5e:c3:7f:9e:1e:56:00:4b:f7:ea:a6:93:37:29:
         57:7c:35:35:57:c1:23:06:ca:6a:86:ce:30:cc:f3:c7:ce:ea:
         43:73:93:0c:b8:5e:3f:42:4d:02:83:20:f1:c4:e1:d2:3c:c7:
         1d:87:38:be:dd:7a:26:3a:40:4b:71:15:ce:4c:e6:75:9d:9e:
         6d:15:26:70:52:08:fe:f1:2f:4a:80:1e:b2:cf:9b:9e:7f:ee:
         c4:31:c3:37:9d:c9:74:9e:c5:4f:86:d6:24:a5:ef:da:19:9a:
         bf:2b:2c:a6:dc:50:e3:1c:e6:16:36:ef:20:de:a4:63:9c:42:
         4f:2a:44:12:b7:bf:dd:f8:2e:8a:cb:ea:8a:b4:80:8b:c4:91:
         7d:5b:24:51:62:5e:77:d4:5b:b0:76:3d:b5:b4:95:ba:3d:5b:
         25:03:68:1f:80:fc:8d:b3:67:cb:3a:3c:70:19:50:8f:bf:bc:
         c9:db:72:3e
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzCbX3mqaAcVzXhpNG1rj7UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDAzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2JlZDMzZmYwMWU4ZTA5ZGM0ZmVkY2QwMTEzOWMwZTc3ODU0YWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjapEnVbHz3Mv2SX9MDhsk9/zrX1j
P6+VGOXMCPXrIZgVYnqOvIYSRgPzHI4dvaTECJ6gwHfSb6KmL/sM0o42iFly3M29
MmtodFXhfK4k138RbYHh88icIOxacDuxzKC/bahDWk3ZW5uqIWROvuUbxjk+jg/c
eV5kL6gUlVJNkLVSLW8cXWeSoXXad7Gflf9Txl4sR+qNIYGCRqXVIiBels87D3f0
whf+0myMswWvnhedTBg5EP48obSV4MfYeonpGEzxNcr0zFIMe9dr11Cj75YvP55M
yf/YcyA6E+0ZBDFB4/SfbHF6q6PAK2L/XokjgdPJ5jtFeR3mhHvtCcb97QIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFPe+0z/wHo4J3E/tzQETnA53hUquMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE1LzVhNmQw
MS1hMzc1LTRlMTEtODcxZS05OWU2MTQxZGU3ZjEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTUvNWE2ZDAx
LWEzNzUtNGUxMS04NzFlLTk5ZTYxNDFkZTdmMS8xLzk3N1RQX0FlamduY1QtM05B
Uk9jRG5lRlNxNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuUZUMA0EAgACMAcDBQAqAzUgMA0GCSqGSIb3
DQEBCwUAA4IBAQA/Nd7h8plAEshjD2qpnCiqXNFVK1NXFD9ogJrtE0eG52cwuEL/
EIi0uDLeTtX0tZecEz642O9bAFFr9a+Up+mX9C60l3C1pg0p3AOmXsN/nh5WAEv3
6qaTNylXfDU1V8EjBspqhs4wzPPHzupDc5MMuF4/Qk0CgyDxxOHSPMcdhzi+3Xom
OkBLcRXOTOZ1nZ5tFSZwUgj+8S9KgB6yz5uef+7EMcM3ncl0nsVPhtYkpe/aGZq/
Kyym3FDjHOYWNu8g3qRjnEJPKkQSt7/d+C6Ky+qKtICLxJF9WyRRYl531Fuwdj21
tJW6PVslA2gfgPyNs2fLOjxwGVCPv7zJ23I+
-----END CERTIFICATE-----