Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/A2hHspcjX68HFob-0sHpEL9gBIY.cer
File:                     A2hHspcjX68HFob-0sHpEL9gBIY.cer (raw, json)
Hash identifier:          oxifWOKcynS1CLLWRABs7tUz2QUsnCx9i6UuO6QJlWA=
Subject key identifier:   03:68:47:B2:97:23:5F:AF:07:16:86:FE:D2:C1:E9:10:BF:60:04:86
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC6B8856285FF0DBC919059770E5659B5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/1e/44b797-cd5b-4ded-a562-bdd7328e94cb/1/A2hHspcjX68HFob-0sHpEL9gBIY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/1e/44b797-cd5b-4ded-a562-bdd7328e94cb/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 20:30:30 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.240.192.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 25 Apr 2024 23:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:85:62:85:ff:0d:bc:91:90:59:77:0e:56:59:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=036847b297235faf071686fed2c1e910bf600486
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:53:28:06:2a:e7:c6:68:18:51:05:5c:01:29:
                    6d:42:86:7f:79:8f:17:00:ec:fc:1c:05:af:df:cf:
                    fc:e5:6e:23:04:13:77:6e:95:6d:4e:30:8e:91:35:
                    9a:e8:e4:e0:63:e9:b2:b1:1f:33:72:60:8c:42:2a:
                    87:db:98:b9:16:1a:bf:35:4b:9f:7e:07:c6:61:d2:
                    ab:d3:f4:ee:77:a2:2e:62:b3:fc:4d:01:1c:84:e3:
                    c4:01:7a:81:6e:40:29:81:73:c7:cc:bf:ae:34:74:
                    ce:8d:c6:7f:fa:0a:fb:6c:24:33:7f:63:7b:13:f0:
                    c1:fc:7b:10:fb:49:9b:ce:3b:fb:73:59:6b:f7:c8:
                    fe:38:87:2a:34:99:81:ec:52:58:d8:5d:68:a7:7c:
                    8d:4f:a6:a2:d2:c0:9a:40:d6:b0:97:97:fb:94:ff:
                    aa:03:a2:d9:88:3e:b3:01:a4:3a:e7:72:68:a6:bc:
                    9f:08:5c:d3:42:74:bc:0d:c3:be:37:a8:c9:7d:8a:
                    b6:bf:fa:19:06:9c:79:16:87:4c:c1:f6:ce:66:72:
                    26:da:bf:9e:55:e7:fa:75:e4:02:87:67:47:1b:26:
                    6c:a1:6f:54:be:de:72:78:8b:c0:46:8a:47:87:88:
                    f0:7a:75:30:db:19:54:d5:1c:23:70:ca:09:7f:b6:
                    96:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:68:47:B2:97:23:5F:AF:07:16:86:FE:D2:C1:E9:10:BF:60:04:86
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/44b797-cd5b-4ded-a562-bdd7328e94cb/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/44b797-cd5b-4ded-a562-bdd7328e94cb/1/A2hHspcjX68HFob-0sHpEL9gBIY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:db:21:2c:40:8f:4a:49:46:d0:93:49:c3:50:9e:30:64:5e:
         f1:51:d3:cb:da:83:3a:d3:bf:a4:12:37:e7:e8:41:01:f2:ab:
         96:e9:63:1b:dc:e3:10:f6:be:d8:e6:93:53:a1:66:f3:f6:46:
         d2:b2:74:a7:61:43:62:62:cb:3e:2d:41:8a:48:db:1d:37:13:
         ca:4d:71:ab:1d:1c:58:ea:74:79:a7:a6:bf:a0:79:49:f0:b4:
         e8:c8:10:57:98:54:4a:87:9f:34:30:8a:7e:b6:dc:4d:01:76:
         5c:58:c9:83:dd:43:aa:71:7a:3f:7f:2e:49:02:8a:91:a5:1c:
         64:61:a4:5e:99:61:6a:96:63:dd:06:c6:50:4f:de:3c:e8:cc:
         84:24:46:b1:2f:5a:da:85:99:34:20:cf:c8:04:27:95:a3:9c:
         20:a8:9d:16:47:0e:a9:ea:07:21:74:d2:7b:64:88:d8:66:4d:
         b0:f0:eb:a2:2f:c2:87:ce:b9:2a:64:66:20:d9:9a:49:a1:29:
         a7:3c:c6:fc:36:44:cf:2b:01:30:4a:96:1c:8f:4d:0c:1e:fc:
         04:fe:88:21:33:e3:6d:e2:83:2d:43:0b:a4:24:f3:0f:a1:91:
         38:ab:3f:e3:93:ab:e9:11:5c:77:5e:c4:e5:a1:20:f5:cf:20:
         b8:77:27:79
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzGuIVihf8NvJGQWXcOVlm1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjAzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzY4NDdiMjk3MjM1ZmFmMDcxNjg2ZmVkMmMxZTkxMGJmNjAwNDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlMoBirnxmgYUQVcASltQoZ/eY8X
AOz8HAWv38/85W4jBBN3bpVtTjCOkTWa6OTgY+mysR8zcmCMQiqH25i5Fhq/NUuf
fgfGYdKr0/Tud6IuYrP8TQEchOPEAXqBbkApgXPHzL+uNHTOjcZ/+gr7bCQzf2N7
E/DB/HsQ+0mbzjv7c1lr98j+OIcqNJmB7FJY2F1op3yNT6ai0sCaQNawl5f7lP+q
A6LZiD6zAaQ653JopryfCFzTQnS8DcO+N6jJfYq2v/oZBpx5FodMwfbOZnIm2r+e
Vef6deQCh2dHGyZsoW9Uvt5yeIvARopHh4jwenUw2xlU1RwjcMoJf7aWXQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFANoR7KXI1+vBxaG/tLB6RC/YASGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFlLzQ0Yjc5
Ny1jZDViLTRkZWQtYTU2Mi1iZGQ3MzI4ZTk0Y2IvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWUvNDRiNzk3
LWNkNWItNGRlZC1hNTYyLWJkZDczMjhlOTRjYi8xL0EyaEhzcGNqWDY4SEZvYi0w
c0hwRUw5Z0JJWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW/DAMA0GCSqGSIb3DQEBCwUAA4IBAQBy2yEs
QI9KSUbQk0nDUJ4wZF7xUdPL2oM607+kEjfn6EEB8quW6WMb3OMQ9r7Y5pNToWbz
9kbSsnSnYUNiYss+LUGKSNsdNxPKTXGrHRxY6nR5p6a/oHlJ8LToyBBXmFRKh580
MIp+ttxNAXZcWMmD3UOqcXo/fy5JAoqRpRxkYaRemWFqlmPdBsZQT9486MyEJEax
L1rahZk0IM/IBCeVo5wgqJ0WRw6p6gchdNJ7ZIjYZk2w8OuiL8KHzrkqZGYg2ZpJ
oSmnPMb8NkTPKwEwSpYcj00MHvwE/oghM+Nt4oMtQwukJPMPoZE4qz/jk6vpEVx3
XsTloSD1zyC4dyd5
-----END CERTIFICATE-----