Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/BAxkI-mAsol2Wq2SQjX0bS4gwBw.cer
File:                     BAxkI-mAsol2Wq2SQjX0bS4gwBw.cer (raw, json)
Hash identifier:          s5hzGNloMOG6dpg/pIQx6JMEswHe+nWLg4JPLksjfB0=
Subject key identifier:   04:0C:64:23:E9:80:B2:89:76:5A:AD:92:42:35:F4:6D:2E:20:C0:1C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01916A1256A6D91C1F767635C50A7B614234
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/de/642ab3-9c72-4b6f-8772-d52f4228f8b3/1/BAxkI-mAsol2Wq2SQjX0bS4gwBw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/de/642ab3-9c72-4b6f-8772-d52f4228f8b3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 19 Aug 2024 09:57:52 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 84.38.250.0/24
                          IP: 2001:3f80::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6a:12:56:a6:d9:1c:1f:76:76:35:c5:0a:7b:61:42:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Aug 19 09:57:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=040c6423e980b289765aad924235f46d2e20c01c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:50:2b:59:47:7f:ce:27:97:e4:1f:2b:60:ec:
                    30:78:be:ca:58:ab:1b:f9:70:ee:c1:31:1f:9e:bf:
                    f7:81:ff:f4:55:1d:24:44:da:61:0f:af:d0:86:87:
                    4e:68:43:89:ba:84:d1:5e:39:c0:09:f9:25:ed:4a:
                    dd:f1:07:20:6c:e2:23:07:7f:e6:84:14:8c:04:92:
                    ef:c4:28:03:4a:02:4e:3c:fb:97:f3:f4:a1:8e:19:
                    96:0f:83:2b:21:ad:53:31:db:90:5c:e6:a1:c6:ee:
                    bb:3f:da:1b:fa:30:ee:24:88:24:27:6e:6a:5a:56:
                    e7:ba:fb:d6:66:61:33:8d:b6:f1:ab:b2:69:bd:5b:
                    35:22:6f:e2:c1:08:73:c1:61:98:22:0a:3b:78:ee:
                    5a:a8:8a:bc:f3:af:98:32:1b:cd:35:98:df:97:3b:
                    fa:93:e3:69:f6:39:87:4d:01:ee:1b:f5:69:fb:44:
                    5f:fe:90:bd:c6:f9:08:db:31:cf:0a:c5:f8:f5:12:
                    8b:66:e7:a5:9c:0f:ea:cd:37:99:2a:d1:c7:b1:17:
                    93:a7:17:78:1c:12:51:f0:ea:ce:0e:7b:f1:e1:45:
                    03:22:a8:f2:cf:d5:d5:96:a6:1c:86:34:4b:2d:4c:
                    7a:53:a0:3f:44:46:90:54:12:33:69:68:e0:8b:78:
                    28:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:0C:64:23:E9:80:B2:89:76:5A:AD:92:42:35:F4:6D:2E:20:C0:1C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/642ab3-9c72-4b6f-8772-d52f4228f8b3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/642ab3-9c72-4b6f-8772-d52f4228f8b3/1/BAxkI-mAsol2Wq2SQjX0bS4gwBw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.38.250.0/24
                IPv6:
                  2001:3f80::/29

    Signature Algorithm: sha256WithRSAEncryption
         38:0d:04:1f:44:da:48:28:59:9d:f3:fb:86:97:9c:47:26:e7:
         27:0d:3a:01:d3:6c:2a:d7:07:05:50:41:ea:29:e3:dd:ce:e5:
         0a:6b:01:d1:3a:99:1f:0d:19:40:19:10:72:fd:51:08:c2:e1:
         4a:01:15:e3:82:19:0c:67:84:7b:ad:34:d9:0b:99:3f:69:07:
         76:3d:7f:7a:f3:c6:af:8a:81:3a:7f:48:ec:77:35:a3:14:08:
         57:49:20:5a:06:46:a2:b1:34:a4:8f:c3:63:5e:e4:37:d0:f9:
         d6:b5:bc:4d:3a:03:b4:3a:ca:b2:84:06:7c:52:3d:ff:53:f4:
         07:d5:72:5b:42:c6:73:fd:c6:4a:9a:43:93:fc:8a:1c:da:56:
         96:e3:9f:8a:f9:b5:ff:9c:05:d1:e8:74:bc:a6:9f:e6:d4:ce:
         79:b0:d8:7d:a2:39:c4:2b:23:72:1d:f6:1c:36:41:3f:db:51:
         df:a2:8c:5c:5f:a7:14:83:6d:ac:ec:8a:36:2b:9f:9c:b4:b4:
         8a:ec:2b:57:13:b8:1e:e8:51:ad:90:82:d3:d1:17:c3:21:06:
         e6:83:70:d2:69:8a:32:99:50:70:7f:a2:07:bb:71:8e:78:99:
         80:73:36:44:54:aa:b2:c5:78:2f:61:3b:76:08:a6:e5:d7:47:
         a2:38:3a:72
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZFqElam2RwfdnY1xQp7YUI0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwODE5MDk1NzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDBjNjQyM2U5ODBiMjg5NzY1YWFkOTI0MjM1ZjQ2ZDJlMjBjMDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVArWUd/zieX5B8rYOwweL7KWKsb
+XDuwTEfnr/3gf/0VR0kRNphD6/QhodOaEOJuoTRXjnACfkl7Urd8QcgbOIjB3/m
hBSMBJLvxCgDSgJOPPuX8/ShjhmWD4MrIa1TMduQXOahxu67P9ob+jDuJIgkJ25q
WlbnuvvWZmEzjbbxq7JpvVs1Im/iwQhzwWGYIgo7eO5aqIq886+YMhvNNZjflzv6
k+Np9jmHTQHuG/Vp+0Rf/pC9xvkI2zHPCsX49RKLZuelnA/qzTeZKtHHsReTpxd4
HBJR8OrODnvx4UUDIqjyz9XVlqYchjRLLUx6U6A/REaQVBIzaWjgi3gopwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFAQMZCPpgLKJdlqtkkI19G0uIMAcMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2RlLzY0MmFi
My05YzcyLTRiNmYtODc3Mi1kNTJmNDIyOGY4YjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGUvNjQyYWIz
LTljNzItNGI2Zi04NzcyLWQ1MmY0MjI4ZjhiMy8xL0JBeGtJLW1Bc29sMldxMlNR
algwYlM0Z3dCdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAVCb6MA0EAgACMAcDBQMgAT+AMA0GCSqGSIb3
DQEBCwUAA4IBAQA4DQQfRNpIKFmd8/uGl5xHJucnDToB02wq1wcFUEHqKePdzuUK
awHROpkfDRlAGRBy/VEIwuFKARXjghkMZ4R7rTTZC5k/aQd2PX9688avioE6f0js
dzWjFAhXSSBaBkaisTSkj8NjXuQ30PnWtbxNOgO0OsqyhAZ8Uj3/U/QH1XJbQsZz
/cZKmkOT/Ioc2laW45+K+bX/nAXR6HS8pp/m1M55sNh9ojnEKyNyHfYcNkE/21Hf
ooxcX6cUg22s7Io2K5+ctLSK7CtXE7ge6FGtkILT0RfDIQbmg3DSaYoymVBwf6IH
u3GOeJmAczZEVKqyxXgvYTt2CKbl10eiODpy
-----END CERTIFICATE-----