Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9zptr2Ui8pVVUZr9FC1KA1x0krg.cer
File:                     9zptr2Ui8pVVUZr9FC1KA1x0krg.cer (raw, json)
Hash identifier:          k1dMazGLVUKToHjWpNmjFAxQhhOudt+BLP1NYVmlMkk=
Subject key identifier:   F7:3A:6D:AF:65:22:F2:95:55:51:9A:FD:14:2D:4A:03:5C:74:92:B8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC34954B50BD74447680B465629E377D3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/65/0a48d8-12fc-4741-b53e-2429b3e3def9/1/9zptr2Ui8pVVUZr9FC1KA1x0krg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/65/0a48d8-12fc-4741-b53e-2429b3e3def9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:30:12 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.211.43.0/24
                          IP: 2a12:af80::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Dec 2024 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:54:b5:0b:d7:44:47:68:0b:46:56:29:e3:77:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f73a6daf6522f29555519afd142d4a035c7492b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:5d:78:ae:09:03:31:90:bb:a9:04:2b:02:d7:
                    58:63:de:08:df:41:9e:bf:f1:50:f5:01:7d:98:17:
                    fc:2a:c2:ed:ad:2d:ee:48:e3:fa:40:e7:cf:7f:81:
                    e1:a1:42:b5:fd:e9:1f:1f:95:c8:a8:91:50:46:76:
                    0a:ae:9a:b2:c5:aa:6f:31:ea:44:7b:c3:cb:be:3c:
                    5a:84:c6:b0:68:66:c9:b7:3e:2d:bb:55:f4:f8:22:
                    a8:d0:a8:70:c3:4a:ef:5b:b3:a9:3b:e5:36:48:18:
                    8c:6c:a0:a0:c5:65:12:ff:a6:be:8e:83:a1:68:ec:
                    d4:31:40:2b:fc:31:46:a2:8b:37:63:b3:d2:c5:31:
                    28:1b:11:9d:47:43:92:66:a2:c4:76:36:e8:4b:b8:
                    cd:b9:ce:14:38:57:54:e2:4c:6d:71:15:64:1e:12:
                    b3:a5:6b:d2:0a:e0:2b:25:86:24:fc:8a:9f:5d:b5:
                    58:7f:63:87:9e:e8:ce:82:4d:c8:56:09:c0:d9:f3:
                    04:c2:41:fc:83:39:5a:79:75:db:24:31:d6:8f:9e:
                    51:f4:56:1c:0d:03:74:45:74:7b:05:c2:ac:aa:5a:
                    9d:f1:9b:6d:c6:ee:22:09:aa:d6:b7:09:36:b1:b8:
                    53:59:0e:6b:35:a5:bc:14:d2:dd:67:4e:84:4e:54:
                    b5:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:3A:6D:AF:65:22:F2:95:55:51:9A:FD:14:2D:4A:03:5C:74:92:B8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/0a48d8-12fc-4741-b53e-2429b3e3def9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/0a48d8-12fc-4741-b53e-2429b3e3def9/1/9zptr2Ui8pVVUZr9FC1KA1x0krg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.43.0/24
                IPv6:
                  2a12:af80::/29

    Signature Algorithm: sha256WithRSAEncryption
         9d:f2:25:84:d2:f9:e8:f1:52:7f:cc:31:ed:f8:7c:ba:4f:b5:
         f3:e1:59:48:eb:90:d7:d9:7d:8e:4b:7c:ac:36:7a:9c:35:66:
         ec:fb:ca:19:3b:ca:c9:b0:04:8a:e7:a3:ac:32:a7:d2:f7:69:
         4c:be:2c:ad:76:14:55:7b:59:c4:4a:df:00:ea:d4:12:64:62:
         d6:a3:d4:68:42:f7:f7:d5:ba:a2:8b:5c:fe:92:59:29:49:8f:
         c6:39:94:1d:b4:54:e6:44:f9:b4:7f:79:5a:9b:fc:de:b5:b8:
         f7:a2:fa:65:43:c8:14:b7:3d:ba:46:02:af:56:f4:a2:d9:82:
         21:f0:2d:65:cc:8a:c8:39:a0:dd:99:76:b9:3b:d0:d1:d3:a2:
         18:75:f9:89:32:d1:12:a3:f5:09:a6:40:eb:ef:77:c4:e9:ea:
         8c:ef:40:18:22:17:81:40:08:12:48:2a:fc:f2:00:a3:f4:7f:
         53:64:05:45:46:8e:1b:07:bb:3b:e1:80:b5:35:fb:b8:27:b5:
         ff:ca:d2:86:41:30:24:7a:89:c3:ea:40:d2:7d:51:d8:40:93:
         a6:27:ba:4c:02:37:9f:fc:1f:f9:8d:29:80:7e:50:3f:a5:fc:
         0d:b4:86:74:87:dd:62:36:ef:06:06:79:69:f1:e0:49:2b:dc:
         58:5f:ec:13
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzDSVS1C9dER2gLRlYp43fTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzNhNmRhZjY1MjJmMjk1NTU1MTlhZmQxNDJkNGEwMzVjNzQ5MmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk114rgkDMZC7qQQrAtdYY94I30Ge
v/FQ9QF9mBf8KsLtrS3uSOP6QOfPf4HhoUK1/ekfH5XIqJFQRnYKrpqyxapvMepE
e8PLvjxahMawaGbJtz4tu1X0+CKo0Khww0rvW7OpO+U2SBiMbKCgxWUS/6a+joOh
aOzUMUAr/DFGoos3Y7PSxTEoGxGdR0OSZqLEdjboS7jNuc4UOFdU4kxtcRVkHhKz
pWvSCuArJYYk/IqfXbVYf2OHnujOgk3IVgnA2fMEwkH8gzlaeXXbJDHWj55R9FYc
DQN0RXR7BcKsqlqd8Zttxu4iCarWtwk2sbhTWQ5rNaW8FNLdZ06ETlS1ZwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFPc6ba9lIvKVVVGa/RQtSgNcdJK4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzY1LzBhNDhk
OC0xMmZjLTQ3NDEtYjUzZS0yNDI5YjNlM2RlZjkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjUvMGE0OGQ4
LTEyZmMtNDc0MS1iNTNlLTI0MjliM2UzZGVmOS8xLzl6cHRyMlVpOHBWVlVacjlG
QzFLQTF4MGtyZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAudMrMA0EAgACMAcDBQMqEq+AMA0GCSqGSIb3
DQEBCwUAA4IBAQCd8iWE0vno8VJ/zDHt+Hy6T7Xz4VlI65DX2X2OS3ysNnqcNWbs
+8oZO8rJsASK56OsMqfS92lMviytdhRVe1nESt8A6tQSZGLWo9RoQvf31bqii1z+
klkpSY/GOZQdtFTmRPm0f3lam/zetbj3ovplQ8gUtz26RgKvVvSi2YIh8C1lzIrI
OaDdmXa5O9DR06IYdfmJMtESo/UJpkDr73fE6eqM70AYIheBQAgSSCr88gCj9H9T
ZAVFRo4bB7s74YC1Nfu4J7X/ytKGQTAkeonD6kDSfVHYQJOmJ7pMAjef/B/5jSmA
flA/pfwNtIZ0h91iNu8GBnlp8eBJK9xYX+wT
-----END CERTIFICATE-----