Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9MZJlOJNSu_cQqiDH-Dc4g1gRok.cer
File:                     9MZJlOJNSu_cQqiDH-Dc4g1gRok.cer (raw, json)
Hash identifier:          2aOhBz8WHPjyHxZworcak8USkc2eCvXElAUMGq20L7I=
Subject key identifier:   F4:C6:49:94:E2:4D:4A:EF:DC:42:A8:83:1F:E0:DC:E2:0D:60:46:89
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8019047B6FFA26D72474166C902D7C4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/33/64658d-d5eb-489b-bc15-3855698fb57f/1/9MZJlOJNSu_cQqiDH-Dc4g1gRok.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/33/64658d-d5eb-489b-bc15-3855698fb57f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:29:54 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 45.80.232.0/22
                          IP: 2a0e:4980::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:90:47:b6:ff:a2:6d:72:47:41:66:c9:02:d7:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4c64994e24d4aefdc42a8831fe0dce20d604689
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d9:1e:1c:cd:55:f6:3a:c5:b7:b9:87:61:42:
                    ae:82:76:00:c8:7a:72:6c:71:32:bf:4b:5b:68:87:
                    93:64:8e:18:da:6d:4a:d0:45:f6:e2:45:24:ec:5c:
                    ea:fc:cf:ef:c3:7e:9b:a1:01:e6:a9:6e:19:f0:10:
                    9b:3f:ac:e9:3c:06:4d:06:5e:1e:02:66:12:54:76:
                    c7:e1:28:32:5f:57:65:ba:78:4b:e7:04:54:f4:d4:
                    b7:b0:a6:34:9b:04:06:06:fa:ef:5b:77:0c:9b:88:
                    4d:19:94:3a:61:65:cf:41:e4:82:a0:4b:d2:70:90:
                    0b:e6:f2:46:54:5f:8f:31:db:5d:5a:10:83:3d:13:
                    0b:1f:c6:fc:ed:3e:c5:e6:36:7f:20:7a:64:23:31:
                    a5:4a:40:f0:d1:be:98:a2:9d:a8:25:ab:dc:bd:16:
                    33:1d:21:10:6d:3b:ba:9a:63:50:9d:29:eb:2e:16:
                    62:77:da:a1:4e:c2:38:bf:9f:29:f2:9c:39:61:7d:
                    82:c1:b1:f0:ce:b5:12:4b:c7:5b:ab:e8:3b:70:78:
                    82:47:87:d1:eb:5b:ab:1c:2d:52:e5:49:c3:61:03:
                    2a:13:ac:f9:23:c8:fb:9d:4e:f6:b1:1a:32:97:2d:
                    ad:c0:81:10:39:9b:28:48:50:14:bd:c1:bd:76:e1:
                    fb:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:C6:49:94:E2:4D:4A:EF:DC:42:A8:83:1F:E0:DC:E2:0D:60:46:89
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/64658d-d5eb-489b-bc15-3855698fb57f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/64658d-d5eb-489b-bc15-3855698fb57f/1/9MZJlOJNSu_cQqiDH-Dc4g1gRok.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.232.0/22
                IPv6:
                  2a0e:4980::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:ae:50:b7:6b:df:27:7a:99:2a:7b:a8:1b:0e:d6:56:3a:d5:
         51:b7:92:d8:5d:53:5d:0d:83:5f:15:3f:39:a0:00:ab:05:f0:
         c6:87:5c:c3:11:5f:03:1e:55:9d:04:51:e8:2f:ff:ce:52:97:
         63:a4:94:09:fb:b6:2d:45:92:69:0c:08:30:2c:fa:f7:e7:a5:
         8a:6a:b3:d5:83:cd:18:5b:09:06:7e:fc:8f:6d:06:8e:62:5b:
         40:ce:68:26:bc:18:7b:50:d2:84:f1:f8:11:03:53:c4:a1:58:
         3f:a6:e8:2b:77:0d:42:45:20:47:50:d6:e9:cc:b6:a3:df:69:
         f3:e7:54:fd:ad:a1:af:74:df:f7:b7:e7:f8:cd:d9:07:9d:ed:
         84:ca:98:d5:d5:62:bb:3a:c3:5b:f4:58:b6:48:37:c9:93:ac:
         f5:03:b4:ca:7a:35:ee:8b:a8:b4:10:21:7b:b4:80:41:7a:5b:
         3c:93:8d:89:6c:0e:5f:4c:67:80:cc:80:66:5b:20:c9:42:e3:
         5c:12:92:b3:a2:b4:c3:04:19:4d:cd:65:2e:3b:48:67:e1:2d:
         f4:85:50:66:67:4c:be:ad:15:4e:dd:ec:01:1e:78:27:b8:a1:
         e4:90:22:e8:15:96:7c:40:62:40:b4:fb:99:7a:52:49:39:0e:
         e5:7a:59:15
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzIAZBHtv+ibXJHQWbJAtfEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGM2NDk5NGUyNGQ0YWVmZGM0MmE4ODMxZmUwZGNlMjBkNjA0Njg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNkeHM1V9jrFt7mHYUKugnYAyHpy
bHEyv0tbaIeTZI4Y2m1K0EX24kUk7Fzq/M/vw36boQHmqW4Z8BCbP6zpPAZNBl4e
AmYSVHbH4SgyX1dlunhL5wRU9NS3sKY0mwQGBvrvW3cMm4hNGZQ6YWXPQeSCoEvS
cJAL5vJGVF+PMdtdWhCDPRMLH8b87T7F5jZ/IHpkIzGlSkDw0b6Yop2oJavcvRYz
HSEQbTu6mmNQnSnrLhZid9qhTsI4v58p8pw5YX2CwbHwzrUSS8dbq+g7cHiCR4fR
61urHC1S5UnDYQMqE6z5I8j7nU72sRoyly2twIEQOZsoSFAUvcG9duH7EQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFPTGSZTiTUrv3EKogx/g3OINYEaJMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzLzY0NjU4
ZC1kNWViLTQ4OWItYmMxNS0zODU1Njk4ZmI1N2YvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzMvNjQ2NThk
LWQ1ZWItNDg5Yi1iYzE1LTM4NTU2OThmYjU3Zi8xLzlNWkpsT0pOU3VfY1FxaURI
LURjNGcxZ1Jvay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCLVDoMA0EAgACMAcDBQAqDkmAMA0GCSqGSIb3
DQEBCwUAA4IBAQBcrlC3a98nepkqe6gbDtZWOtVRt5LYXVNdDYNfFT85oACrBfDG
h1zDEV8DHlWdBFHoL//OUpdjpJQJ+7YtRZJpDAgwLPr356WKarPVg80YWwkGfvyP
bQaOYltAzmgmvBh7UNKE8fgRA1PEoVg/pugrdw1CRSBHUNbpzLaj32nz51T9raGv
dN/3t+f4zdkHne2EypjV1WK7OsNb9Fi2SDfJk6z1A7TKejXui6i0ECF7tIBBels8
k42JbA5fTGeAzIBmWyDJQuNcEpKzorTDBBlNzWUuO0hn4S30hVBmZ0y+rRVO3ewB
HngnuKHkkCLoFZZ8QGJAtPuZelJJOQ7lelkV
-----END CERTIFICATE-----