Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/BAxkI-mAsol2Wq2SQjX0bS4gwBw.cer
File:                     BAxkI-mAsol2Wq2SQjX0bS4gwBw.cer (raw, json)
Hash identifier:          lq2L+NHDYs0iCge0bIQJr+9il5Qm/RrlU8wdpBcYMig=
Subject key identifier:   04:0C:64:23:E9:80:B2:89:76:5A:AD:92:42:35:F4:6D:2E:20:C0:1C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC49253F5F8F9BF7D94B2F6AC6B67C658
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/de/642ab3-9c72-4b6f-8772-d52f4228f8b3/1/BAxkI-mAsol2Wq2SQjX0bS4gwBw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/de/642ab3-9c72-4b6f-8772-d52f4228f8b3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 10:29:33 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 84.38.250.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:53:f5:f8:f9:bf:7d:94:b2:f6:ac:6b:67:c6:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 10:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=040c6423e980b289765aad924235f46d2e20c01c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:50:2b:59:47:7f:ce:27:97:e4:1f:2b:60:ec:
                    30:78:be:ca:58:ab:1b:f9:70:ee:c1:31:1f:9e:bf:
                    f7:81:ff:f4:55:1d:24:44:da:61:0f:af:d0:86:87:
                    4e:68:43:89:ba:84:d1:5e:39:c0:09:f9:25:ed:4a:
                    dd:f1:07:20:6c:e2:23:07:7f:e6:84:14:8c:04:92:
                    ef:c4:28:03:4a:02:4e:3c:fb:97:f3:f4:a1:8e:19:
                    96:0f:83:2b:21:ad:53:31:db:90:5c:e6:a1:c6:ee:
                    bb:3f:da:1b:fa:30:ee:24:88:24:27:6e:6a:5a:56:
                    e7:ba:fb:d6:66:61:33:8d:b6:f1:ab:b2:69:bd:5b:
                    35:22:6f:e2:c1:08:73:c1:61:98:22:0a:3b:78:ee:
                    5a:a8:8a:bc:f3:af:98:32:1b:cd:35:98:df:97:3b:
                    fa:93:e3:69:f6:39:87:4d:01:ee:1b:f5:69:fb:44:
                    5f:fe:90:bd:c6:f9:08:db:31:cf:0a:c5:f8:f5:12:
                    8b:66:e7:a5:9c:0f:ea:cd:37:99:2a:d1:c7:b1:17:
                    93:a7:17:78:1c:12:51:f0:ea:ce:0e:7b:f1:e1:45:
                    03:22:a8:f2:cf:d5:d5:96:a6:1c:86:34:4b:2d:4c:
                    7a:53:a0:3f:44:46:90:54:12:33:69:68:e0:8b:78:
                    28:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:0C:64:23:E9:80:B2:89:76:5A:AD:92:42:35:F4:6D:2E:20:C0:1C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/642ab3-9c72-4b6f-8772-d52f4228f8b3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/642ab3-9c72-4b6f-8772-d52f4228f8b3/1/BAxkI-mAsol2Wq2SQjX0bS4gwBw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.38.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:0f:21:f7:38:29:5c:7c:1c:74:db:62:3e:ac:a5:03:f7:9a:
         03:91:47:91:56:7c:de:3c:48:4b:d5:13:87:51:7b:a9:01:f3:
         24:5f:b7:1c:68:de:4c:54:ff:c8:64:0c:d1:ea:df:ba:62:d4:
         79:27:e2:87:74:ab:0e:a0:fd:b0:0d:65:47:c0:2c:27:47:c6:
         74:2f:62:bb:09:ac:f3:52:e2:6a:2e:73:1f:10:f3:f4:a5:72:
         fa:dc:3f:2f:79:1e:e7:55:50:0e:29:e4:83:14:37:97:b0:e6:
         5b:f7:36:17:7a:3a:4c:07:42:cf:47:7e:21:66:21:0f:9e:35:
         8a:f4:3f:9b:1e:b6:1d:00:37:b8:0c:11:90:b2:c7:b3:98:05:
         c5:c8:fc:2e:14:c0:e2:dd:84:84:15:ab:74:ad:03:1d:26:b8:
         ef:65:d2:b4:60:ec:81:62:0a:3e:c1:ed:08:b3:57:4f:6d:6d:
         97:83:60:5a:4a:a6:00:a7:c5:7d:ce:59:ff:74:67:b3:9e:e2:
         72:a5:da:af:75:e8:87:9f:c1:0e:c5:67:b7:c8:d9:17:24:08:
         07:ae:64:ab:78:64:6c:7b:d4:9e:e0:38:70:e9:62:b2:cc:e8:
         13:95:c9:7c:1e:67:97:34:d0:34:e9:75:03:79:f0:9a:da:ac:
         5f:d1:c0:2d
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzEklP1+Pm/fZSy9qxrZ8ZYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDBjNjQyM2U5ODBiMjg5NzY1YWFkOTI0MjM1ZjQ2ZDJlMjBjMDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVArWUd/zieX5B8rYOwweL7KWKsb
+XDuwTEfnr/3gf/0VR0kRNphD6/QhodOaEOJuoTRXjnACfkl7Urd8QcgbOIjB3/m
hBSMBJLvxCgDSgJOPPuX8/ShjhmWD4MrIa1TMduQXOahxu67P9ob+jDuJIgkJ25q
WlbnuvvWZmEzjbbxq7JpvVs1Im/iwQhzwWGYIgo7eO5aqIq886+YMhvNNZjflzv6
k+Np9jmHTQHuG/Vp+0Rf/pC9xvkI2zHPCsX49RKLZuelnA/qzTeZKtHHsReTpxd4
HBJR8OrODnvx4UUDIqjyz9XVlqYchjRLLUx6U6A/REaQVBIzaWjgi3gopwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFAQMZCPpgLKJdlqtkkI19G0uIMAcMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2RlLzY0MmFi
My05YzcyLTRiNmYtODc3Mi1kNTJmNDIyOGY4YjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGUvNjQyYWIz
LTljNzItNGI2Zi04NzcyLWQ1MmY0MjI4ZjhiMy8xL0JBeGtJLW1Bc29sMldxMlNR
algwYlM0Z3dCdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAVCb6MA0GCSqGSIb3DQEBCwUAA4IBAQAuDyH3
OClcfBx022I+rKUD95oDkUeRVnzePEhL1ROHUXupAfMkX7ccaN5MVP/IZAzR6t+6
YtR5J+KHdKsOoP2wDWVHwCwnR8Z0L2K7CazzUuJqLnMfEPP0pXL63D8veR7nVVAO
KeSDFDeXsOZb9zYXejpMB0LPR34hZiEPnjWK9D+bHrYdADe4DBGQssezmAXFyPwu
FMDi3YSEFat0rQMdJrjvZdK0YOyBYgo+we0Is1dPbW2Xg2BaSqYAp8V9zln/dGez
nuJypdqvdeiHn8EOxWe3yNkXJAgHrmSreGRse9Se4Dhw6WKyzOgTlcl8HmeXNNA0
6XUDefCa2qxf0cAt
-----END CERTIFICATE-----