Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/BLHnVu2xw70vV2afWCv2qVG4P0g.cer
File:                     BLHnVu2xw70vV2afWCv2qVG4P0g.cer (raw, json)
Hash identifier:          ATLT/0zuqaRCrHal9tzN0rgPTZumDxayQ9URgAOLEEo=
Subject key identifier:   04:B1:E7:56:ED:B1:C3:BD:2F:57:66:9F:58:2B:F6:A9:51:B8:3F:48
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC500FF8E1BAA6D109C1DC49EF2F59227
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7f/a5b368-3313-4132-9897-d017957ea39e/1/BLHnVu2xw70vV2afWCv2qVG4P0g.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7f/a5b368-3313-4132-9897-d017957ea39e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:30:26 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 192.124.245.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 25 Apr 2024 02:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:ff:8e:1b:aa:6d:10:9c:1d:c4:9e:f2:f5:92:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04b1e756edb1c3bd2f57669f582bf6a951b83f48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:1b:a7:f8:c5:82:92:ec:3a:b3:4d:b0:d1:18:
                    0a:25:33:76:bb:19:11:7e:91:5c:00:83:8b:fe:b7:
                    99:4a:f7:9e:75:2c:61:cf:1b:96:bc:c1:8d:02:14:
                    bd:1f:3c:3d:07:04:3f:79:36:8d:40:e7:f5:6a:04:
                    14:1d:a5:80:01:7e:06:15:fc:df:11:8e:9a:16:ed:
                    e6:ff:64:62:10:9e:56:f9:29:f9:a2:32:fd:2d:06:
                    a5:e0:e3:de:07:66:08:8f:16:0b:27:5e:e1:02:76:
                    53:e1:24:58:cd:51:15:94:84:96:b7:39:e5:fc:44:
                    ca:0f:c2:69:26:28:4e:db:55:e3:dd:dc:22:80:e1:
                    20:87:15:74:56:a2:66:11:3b:75:bf:27:fa:93:43:
                    d6:9d:45:09:58:37:7d:67:57:c7:b7:f7:30:ac:3f:
                    ce:1d:c8:c5:a0:c5:d5:8d:f6:30:8f:7a:3a:17:98:
                    98:2c:5d:3b:52:22:fe:15:ff:f5:a0:50:a2:37:59:
                    3f:22:65:3e:71:e1:2c:6d:23:56:a4:17:66:31:31:
                    d4:84:83:28:b9:97:0a:c3:77:3f:20:f4:ed:84:25:
                    81:e8:94:e9:a2:f1:e2:57:e5:3e:21:ac:3a:47:7c:
                    a5:f4:1e:6c:8e:43:87:a4:37:51:80:da:4a:c1:9f:
                    eb:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:B1:E7:56:ED:B1:C3:BD:2F:57:66:9F:58:2B:F6:A9:51:B8:3F:48
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/a5b368-3313-4132-9897-d017957ea39e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/a5b368-3313-4132-9897-d017957ea39e/1/BLHnVu2xw70vV2afWCv2qVG4P0g.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:ac:36:c1:24:77:3e:97:fb:1e:97:4e:0f:9b:e4:4e:02:57:
         8f:6b:43:5d:e4:70:bf:5e:de:9b:69:fa:98:69:56:2f:7a:53:
         de:54:22:dc:11:54:2a:0f:71:99:bd:0b:8c:1c:1d:6e:8e:2d:
         38:97:64:00:12:e2:5f:f4:67:ee:9d:6c:a1:79:af:e5:41:50:
         33:5b:4c:8b:a2:41:7c:ac:20:2a:c5:49:a7:ef:6d:28:02:5e:
         c5:84:e2:e3:64:c1:f6:4b:85:97:71:28:80:50:f6:70:04:61:
         63:ca:3d:9c:56:66:ff:8e:29:bc:79:9d:fd:86:7b:12:1f:1f:
         5e:2a:21:eb:21:ef:b2:25:b2:be:6f:7f:b2:b9:2d:18:a0:0c:
         e2:b7:f9:3d:84:0c:b8:20:f9:51:5b:9b:0d:83:7d:f3:39:94:
         99:49:ac:06:5e:38:32:9d:43:af:d2:85:62:ce:0f:0d:74:26:
         46:5a:84:6f:bc:70:f6:fe:0c:d4:27:ab:05:dc:ec:5c:0d:94:
         85:43:d0:3f:2c:5d:70:85:87:5c:c7:d3:1e:b5:cf:ba:38:c1:
         3c:8a:aa:b7:73:69:76:88:98:cd:8a:ff:93:da:9f:f2:38:04:
         7c:17:3e:fe:91:a3:48:e4:8c:75:ef:b6:68:cf:24:88:89:0b:
         0a:13:f4:a5
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzFAP+OG6ptEJwdxJ7y9ZInMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGIxZTc1NmVkYjFjM2JkMmY1NzY2OWY1ODJiZjZhOTUxYjgzZjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRun+MWCkuw6s02w0RgKJTN2uxkR
fpFcAIOL/reZSveedSxhzxuWvMGNAhS9Hzw9BwQ/eTaNQOf1agQUHaWAAX4GFfzf
EY6aFu3m/2RiEJ5W+Sn5ojL9LQal4OPeB2YIjxYLJ17hAnZT4SRYzVEVlISWtznl
/ETKD8JpJihO21Xj3dwigOEghxV0VqJmETt1vyf6k0PWnUUJWDd9Z1fHt/cwrD/O
HcjFoMXVjfYwj3o6F5iYLF07UiL+Ff/1oFCiN1k/ImU+ceEsbSNWpBdmMTHUhIMo
uZcKw3c/IPTthCWB6JTpovHiV+U+Iaw6R3yl9B5sjkOHpDdRgNpKwZ/rHwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFASx51btscO9L1dmn1gr9qlRuD9IMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdmL2E1YjM2
OC0zMzEzLTQxMzItOTg5Ny1kMDE3OTU3ZWEzOWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2YvYTViMzY4
LTMzMTMtNDEzMi05ODk3LWQwMTc5NTdlYTM5ZS8xL0JMSG5WdTJ4dzcwdlYyYWZX
Q3YycVZHNFAwZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwHz1MA0GCSqGSIb3DQEBCwUAA4IBAQCXrDbB
JHc+l/sel04Pm+ROAlePa0Nd5HC/Xt6bafqYaVYvelPeVCLcEVQqD3GZvQuMHB1u
ji04l2QAEuJf9GfunWyhea/lQVAzW0yLokF8rCAqxUmn720oAl7FhOLjZMH2S4WX
cSiAUPZwBGFjyj2cVmb/jim8eZ39hnsSHx9eKiHrIe+yJbK+b3+yuS0YoAzit/k9
hAy4IPlRW5sNg33zOZSZSawGXjgynUOv0oVizg8NdCZGWoRvvHD2/gzUJ6sF3Oxc
DZSFQ9A/LF1whYdcx9Metc+6OME8iqq3c2l2iJjNiv+T2p/yOAR8Fz7+kaNI5Ix1
77ZozySIiQsKE/Sl
-----END CERTIFICATE-----