Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9URgWW1tUyQB3jE9-JA2blN21gI.cer
File:                     9URgWW1tUyQB3jE9-JA2blN21gI.cer (raw, json)
Hash identifier:          +FHTkYGR50PlkUNZuuptKAkMOpCyO5hOGOsmGiP2xX4=
Subject key identifier:   F5:44:60:59:6D:6D:53:24:01:DE:31:3D:F8:90:36:6E:53:76:D6:02
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018D0C798D228C436B37E4463F0F105D027D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/56/a9ede2-28c2-4bef-9bef-c809c0a40888/1/9URgWW1tUyQB3jE9-JA2blN21gI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/56/a9ede2-28c2-4bef-9bef-c809c0a40888/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 15 Jan 2024 09:35:09 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 195.158.254.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0c:79:8d:22:8c:43:6b:37:e4:46:3f:0f:10:5d:02:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 15 09:35:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f54460596d6d532401de313df890366e5376d602
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d6:70:d2:8b:79:f4:66:e4:5b:bf:dc:74:55:
                    6d:b6:41:40:c9:e2:1a:a4:5a:50:54:74:04:23:53:
                    d9:cc:64:a3:50:69:99:6f:54:0e:50:ce:8b:67:bf:
                    8a:28:e6:fe:ea:cc:40:f2:e2:3a:12:b8:dc:be:92:
                    aa:83:04:96:1b:bb:77:d8:ab:47:2c:b0:57:f3:53:
                    a4:f9:08:73:dc:2e:48:65:15:b9:f2:28:7e:3d:f2:
                    84:b1:ef:99:63:ed:a7:d0:b3:5f:b9:ac:f6:0e:07:
                    9a:b1:9d:f5:18:f4:31:ac:78:51:9f:c3:1a:6f:5e:
                    2a:6c:41:94:58:7d:44:33:19:e4:46:9f:79:91:19:
                    ef:b9:dc:c2:7a:ee:9e:db:e1:0c:e8:c9:ef:82:41:
                    72:be:88:a5:7d:3b:16:47:99:fb:87:e7:01:69:71:
                    bb:2c:74:7a:ae:4f:a6:e0:44:91:25:14:f3:31:66:
                    30:ee:e6:a8:7a:52:db:9d:1a:3a:8c:2d:8e:c7:00:
                    83:79:ed:8f:c8:91:5b:3b:26:9e:23:db:ce:76:6f:
                    bf:93:65:41:05:1f:df:31:80:25:56:d0:05:23:40:
                    b7:98:58:15:6d:71:96:2a:4a:63:55:60:60:c4:5f:
                    bd:f1:0a:cd:8e:60:1b:16:de:9b:dd:97:03:46:cc:
                    7d:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:44:60:59:6D:6D:53:24:01:DE:31:3D:F8:90:36:6E:53:76:D6:02
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/a9ede2-28c2-4bef-9bef-c809c0a40888/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/a9ede2-28c2-4bef-9bef-c809c0a40888/1/9URgWW1tUyQB3jE9-JA2blN21gI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.158.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         30:2a:ef:2c:2e:ee:b3:52:4a:89:90:c0:3e:cb:dd:69:2f:9f:
         d6:3b:27:47:bd:79:00:4a:2a:c1:48:3d:1c:5c:9b:90:b0:32:
         54:79:d4:6d:8b:8a:33:75:be:4b:34:46:7e:3e:54:ff:11:64:
         d0:26:ec:dd:9b:b4:c2:dc:b3:b2:c7:0c:7f:53:da:73:12:77:
         a5:4d:47:5c:21:16:e1:67:eb:15:d4:5d:7b:2e:ad:a4:aa:78:
         3d:d4:89:e9:57:ed:f3:71:61:1e:3c:d1:2f:f9:af:af:38:73:
         78:78:70:db:94:a6:6c:e1:b8:90:6f:b2:f9:10:12:84:7b:ff:
         40:4a:47:77:d0:fc:27:ed:79:0a:31:8a:81:fe:e6:ef:21:c3:
         57:34:0f:45:48:9b:e5:e9:44:d6:05:73:ad:ad:08:ae:97:18:
         8d:71:99:d7:4f:63:9c:f6:f3:0c:8f:95:16:35:61:50:0c:87:
         7a:3c:a5:52:9e:29:2f:3e:8c:05:41:e0:67:fd:2e:fb:fe:59:
         45:8c:21:dc:57:99:59:97:43:ad:3c:a6:d5:c8:2b:3c:ec:9b:
         bd:7d:e7:e7:e2:0e:57:90:d4:45:12:bd:55:56:68:e9:93:f2:
         31:94:7c:85:96:bd:75:c1:98:0b:d6:11:dd:da:03:04:74:d3:
         88:db:76:b4
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAY0MeY0ijENrN+RGPw8QXQJ9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTE1MDkzNTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTQ0NjA1OTZkNmQ1MzI0MDFkZTMxM2RmODkwMzY2ZTUzNzZkNjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtZw0ot59GbkW7/cdFVttkFAyeIa
pFpQVHQEI1PZzGSjUGmZb1QOUM6LZ7+KKOb+6sxA8uI6ErjcvpKqgwSWG7t32KtH
LLBX81Ok+Qhz3C5IZRW58ih+PfKEse+ZY+2n0LNfuaz2DgeasZ31GPQxrHhRn8Ma
b14qbEGUWH1EMxnkRp95kRnvudzCeu6e2+EM6MnvgkFyvoilfTsWR5n7h+cBaXG7
LHR6rk+m4ESRJRTzMWYw7uaoelLbnRo6jC2OxwCDee2PyJFbOyaeI9vOdm+/k2VB
BR/fMYAlVtAFI0C3mFgVbXGWKkpjVWBgxF+98QrNjmAbFt6b3ZcDRsx9LwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFPVEYFltbVMkAd4xPfiQNm5TdtYCMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU2L2E5ZWRl
Mi0yOGMyLTRiZWYtOWJlZi1jODA5YzBhNDA4ODgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTYvYTllZGUy
LTI4YzItNGJlZi05YmVmLWM4MDljMGE0MDg4OC8xLzlVUmdXVzF0VXlRQjNqRTkt
SkEyYmxOMjFnSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBw57+MA0GCSqGSIb3DQEBCwUAA4IBAQAwKu8s
Lu6zUkqJkMA+y91pL5/WOydHvXkASirBSD0cXJuQsDJUedRti4ozdb5LNEZ+PlT/
EWTQJuzdm7TC3LOyxwx/U9pzEnelTUdcIRbhZ+sV1F17Lq2kqng91InpV+3zcWEe
PNEv+a+vOHN4eHDblKZs4biQb7L5EBKEe/9ASkd30Pwn7XkKMYqB/ubvIcNXNA9F
SJvl6UTWBXOtrQiulxiNcZnXT2Oc9vMMj5UWNWFQDId6PKVSnikvPowFQeBn/S77
/llFjCHcV5lZl0OtPKbVyCs87Ju9fefn4g5XkNRFEr1VVmjpk/IxlHyFlr11wZgL
1hHd2gMEdNOI23a0
-----END CERTIFICATE-----