Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/AaIKvBDEaMuZQ70Dfs-MPiTvogE.cer
File:                     AaIKvBDEaMuZQ70Dfs-MPiTvogE.cer (raw, json)
Hash identifier:          8AMU9S6t3eml0YZnxHPWle+jW/KaA5mR9/Gh7yb3NM4=
Subject key identifier:   01:A2:0A:BC:10:C4:68:CB:99:43:BD:03:7E:CF:8C:3E:24:EF:A2:01
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC9BC385FF9CE3AA046FCC7753C29911A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e6/8521d5-b054-4d33-86a8-ff1d8cd4f095/1/AaIKvBDEaMuZQ70Dfs-MPiTvogE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e6/8521d5-b054-4d33-86a8-ff1d8cd4f095/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 10:33:24 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.208.36.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:38:5f:f9:ce:3a:a0:46:fc:c7:75:3c:29:91:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 10:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01a20abc10c468cb9943bd037ecf8c3e24efa201
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:4e:c8:bd:fb:99:da:3b:e0:19:ad:6d:03:62:
                    63:bb:ab:af:fa:5e:11:39:4a:d3:99:61:95:d7:46:
                    18:9f:1b:78:de:52:4e:ca:f4:3c:1e:b8:ae:f2:88:
                    a5:bf:92:91:27:6d:82:ff:44:7b:9e:8d:7f:1b:ba:
                    94:ef:24:06:c2:d9:e7:2d:14:b9:7f:bb:3b:ab:6a:
                    e3:2b:ad:cc:37:05:52:78:d6:b1:80:1d:76:e4:88:
                    c0:52:8a:db:8b:4a:44:fc:36:51:92:78:f1:76:9f:
                    da:5e:0e:f4:2f:6a:d6:e7:1a:37:13:68:e1:1b:16:
                    a4:49:72:b5:8d:cf:36:15:6c:74:df:47:97:43:4b:
                    d5:39:c7:7c:e0:4d:e3:24:b7:b9:31:59:74:aa:38:
                    b9:d8:6a:90:f6:f3:46:31:73:08:34:61:99:a3:d4:
                    2e:89:0b:a2:1b:c5:a0:0f:68:7a:94:93:2e:7b:ba:
                    18:9b:bb:c0:a3:10:92:ef:70:e9:d8:27:51:4a:fd:
                    91:55:28:4a:9e:78:c4:00:e6:68:10:cf:bd:06:89:
                    1b:3f:b3:e8:d5:38:2c:d1:6e:bb:79:50:54:df:52:
                    91:10:f0:ad:73:0e:bc:d9:74:21:0e:4f:29:8f:1f:
                    87:a2:65:7f:f3:19:22:49:77:78:2b:20:ec:0b:50:
                    77:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:A2:0A:BC:10:C4:68:CB:99:43:BD:03:7E:CF:8C:3E:24:EF:A2:01
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/8521d5-b054-4d33-86a8-ff1d8cd4f095/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/8521d5-b054-4d33-86a8-ff1d8cd4f095/1/AaIKvBDEaMuZQ70Dfs-MPiTvogE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:50:69:c3:79:4f:fd:d1:e0:71:70:38:a2:70:26:f4:9b:9d:
         3a:98:a2:71:5f:26:43:3f:71:d5:c5:42:72:77:17:27:d0:ca:
         92:f1:79:65:a6:07:57:7a:12:b4:0b:df:bc:7b:63:aa:f2:ec:
         45:86:7f:c9:b7:05:80:0b:b2:c5:e1:b6:0d:b7:16:e0:85:be:
         dd:d3:e0:02:37:b0:98:0f:d3:a6:91:bb:8b:9d:74:99:dc:ae:
         5e:b9:b7:7e:1a:a8:f4:d5:13:ee:c0:e3:4c:56:03:35:f3:ec:
         35:29:dd:4d:b5:04:83:ed:d5:07:ae:42:73:a4:b3:41:89:72:
         99:3f:81:39:8a:9c:25:2f:20:63:b3:06:4f:a4:95:d6:19:54:
         dd:42:cc:55:e4:2b:ef:65:56:a8:81:56:a6:ce:9a:e0:6b:81:
         88:46:77:cc:04:e6:35:af:9d:17:5a:a0:30:e2:78:23:80:33:
         f9:da:be:6c:f1:41:a4:4f:ab:04:9c:4e:52:cb:85:8d:0b:b9:
         a5:88:f0:84:ce:df:e3:f3:06:4d:72:68:79:61:38:10:ed:04:
         3b:fe:7c:cf:a4:56:be:e2:d3:c7:1e:b1:18:8c:ee:45:61:9d:
         f5:f0:31:95:d9:53:08:2b:90:2c:0e:74:9b:52:7b:9e:43:2d:
         41:94:92:7f
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzJvDhf+c46oEb8x3U8KZEaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTAzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWEyMGFiYzEwYzQ2OGNiOTk0M2JkMDM3ZWNmOGMzZTI0ZWZhMjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwE7IvfuZ2jvgGa1tA2Jju6uv+l4R
OUrTmWGV10YYnxt43lJOyvQ8Hriu8oilv5KRJ22C/0R7no1/G7qU7yQGwtnnLRS5
f7s7q2rjK63MNwVSeNaxgB125IjAUorbi0pE/DZRknjxdp/aXg70L2rW5xo3E2jh
GxakSXK1jc82FWx030eXQ0vVOcd84E3jJLe5MVl0qji52GqQ9vNGMXMINGGZo9Qu
iQuiG8WgD2h6lJMue7oYm7vAoxCS73Dp2CdRSv2RVShKnnjEAOZoEM+9BokbP7Po
1Tgs0W67eVBU31KREPCtcw682XQhDk8pjx+HomV/8xkiSXd4KyDsC1B3dwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFAGiCrwQxGjLmUO9A37PjD4k76IBMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U2Lzg1MjFk
NS1iMDU0LTRkMzMtODZhOC1mZjFkOGNkNGYwOTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTYvODUyMWQ1
LWIwNTQtNGQzMy04NmE4LWZmMWQ4Y2Q0ZjA5NS8xL0FhSUt2QkRFYU11WlE3MERm
cy1NUGlUdm9nRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9AkMA0GCSqGSIb3DQEBCwUAA4IBAQBFUGnD
eU/90eBxcDiicCb0m506mKJxXyZDP3HVxUJydxcn0MqS8XllpgdXehK0C9+8e2Oq
8uxFhn/JtwWAC7LF4bYNtxbghb7d0+ACN7CYD9OmkbuLnXSZ3K5eubd+Gqj01RPu
wONMVgM18+w1Kd1NtQSD7dUHrkJzpLNBiXKZP4E5ipwlLyBjswZPpJXWGVTdQsxV
5CvvZVaogVamzprga4GIRnfMBOY1r50XWqAw4ngjgDP52r5s8UGkT6sEnE5Sy4WN
C7mliPCEzt/j8wZNcmh5YTgQ7QQ7/nzPpFa+4tPHHrEYjO5FYZ318DGV2VMIK5As
DnSbUnueQy1BlJJ/
-----END CERTIFICATE-----