Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/CBSas_GOw-02_yqB1ImvEGmcs5I.cer
File:                     CBSas_GOw-02_yqB1ImvEGmcs5I.cer (raw, json)
Hash identifier:          iLbIQpEufDnUMc13Wj+6uC2NnJ5OPzthGt5DTPVy1/Y=
Subject key identifier:   08:14:9A:B3:F1:8E:C3:ED:36:FF:2A:81:D4:89:AF:10:69:9C:B3:92
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01900BCB38CBB56C11C0EEE8FE2469C90802
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2c/911a25-a383-48c2-bf63-d87112ca99ae/1/CBSas_GOw-02_yqB1ImvEGmcs5I.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2c/911a25-a383-48c2-bf63-d87112ca99ae/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 12 Jun 2024 09:33:06 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 192.109.53.0/24
                          IP: 193.141.107.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:0b:cb:38:cb:b5:6c:11:c0:ee:e8:fe:24:69:c9:08:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jun 12 09:33:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08149ab3f18ec3ed36ff2a81d489af10699cb392
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:d9:a5:0a:b3:2e:82:4c:bc:78:69:4d:64:eb:
                    e9:25:a2:a0:c4:d2:70:61:3a:95:0f:d1:0b:26:e4:
                    91:44:19:37:17:0d:a5:15:aa:90:da:f8:fc:15:23:
                    43:05:6f:b4:a5:ed:a0:7f:3a:92:68:5f:90:bf:c3:
                    7f:e9:6e:17:f8:5e:b1:b6:fb:3e:5d:26:57:5f:66:
                    3c:17:4d:b4:31:1b:c5:0e:4f:2b:a4:a2:f7:6c:df:
                    ff:93:ab:53:d9:39:dc:90:a2:25:c4:34:22:d4:4d:
                    6b:bd:fd:b9:b6:4d:c8:a8:3e:d5:55:80:2a:53:2b:
                    dd:dc:28:b3:0d:36:0c:4e:f5:59:ac:d2:0d:0b:19:
                    d8:f0:6e:dd:80:18:76:ae:52:68:0a:85:26:95:cc:
                    fc:01:bf:21:64:70:53:97:fa:4f:95:66:70:7b:cb:
                    7a:7a:58:19:7f:c8:c3:0c:d8:4b:5a:66:9f:07:fb:
                    1b:36:fc:7b:80:58:a0:b0:05:9c:7a:bd:90:58:97:
                    e8:80:80:19:83:76:d9:7c:73:a9:c4:86:f9:27:32:
                    c2:8f:7e:82:b6:28:aa:7b:40:a8:9e:e7:09:5f:9f:
                    d4:74:73:ee:9f:39:e6:1b:a2:d9:b9:b2:07:92:17:
                    4d:66:f2:36:bf:b6:23:73:de:69:e5:bd:6e:12:7c:
                    1f:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:14:9A:B3:F1:8E:C3:ED:36:FF:2A:81:D4:89:AF:10:69:9C:B3:92
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/911a25-a383-48c2-bf63-d87112ca99ae/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/911a25-a383-48c2-bf63-d87112ca99ae/1/CBSas_GOw-02_yqB1ImvEGmcs5I.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.53.0/24
                  193.141.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:29:84:c6:39:17:e6:a4:6a:8f:a1:2d:02:93:0b:c8:11:41:
         24:ab:ee:8d:36:af:01:ea:e8:d9:6e:7a:24:b5:8c:41:b7:00:
         fc:52:26:4b:51:af:f3:3d:cf:23:81:85:24:c6:be:e6:f8:9f:
         ef:aa:e4:b7:92:aa:fe:3e:1b:dc:fe:64:d5:84:dc:c1:fc:b7:
         02:38:d5:a3:33:04:49:91:51:67:49:93:17:91:ab:28:e9:f4:
         30:77:20:51:bb:f0:bf:85:20:33:7c:2c:5b:c2:80:8e:bf:a7:
         07:a4:e3:74:45:73:bc:ae:7c:3d:6f:62:93:a5:b8:91:5e:81:
         46:d2:f9:b4:cb:ba:b7:76:3e:38:ff:0f:d0:64:df:2d:59:17:
         79:e3:1c:6b:90:87:78:72:bc:d6:ea:36:c0:0c:6a:84:cc:1d:
         7d:12:92:bc:b9:1a:7c:57:a7:e2:7c:9b:19:c0:57:07:2c:f8:
         c1:0a:c8:5c:4e:00:03:c7:ca:8d:eb:ee:39:72:d8:63:f7:94:
         dd:90:86:19:80:a2:74:da:7a:89:10:c5:20:89:6f:84:bc:6a:
         0c:18:39:54:24:e5:97:4d:2f:72:35:d3:35:2d:0c:49:47:86:
         f3:d1:98:ce:e9:f1:97:6b:c3:ef:2d:9f:77:db:02:6c:6d:cd:
         0d:11:a9:a0
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAZALyzjLtWwRwO7o/iRpyQgCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNjEyMDkzMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODE0OWFiM2YxOGVjM2VkMzZmZjJhODFkNDg5YWYxMDY5OWNiMzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1NmlCrMugky8eGlNZOvpJaKgxNJw
YTqVD9ELJuSRRBk3Fw2lFaqQ2vj8FSNDBW+0pe2gfzqSaF+Qv8N/6W4X+F6xtvs+
XSZXX2Y8F020MRvFDk8rpKL3bN//k6tT2TnckKIlxDQi1E1rvf25tk3IqD7VVYAq
Uyvd3CizDTYMTvVZrNINCxnY8G7dgBh2rlJoCoUmlcz8Ab8hZHBTl/pPlWZwe8t6
elgZf8jDDNhLWmafB/sbNvx7gFigsAWcer2QWJfogIAZg3bZfHOpxIb5JzLCj36C
tiiqe0ConucJX5/UdHPunznmG6LZubIHkhdNZvI2v7Yjc95p5b1uEnwfPQIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFAgUmrPxjsPtNv8qgdSJrxBpnLOSMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJjLzkxMWEy
NS1hMzgzLTQ4YzItYmY2My1kODcxMTJjYTk5YWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmMvOTExYTI1
LWEzODMtNDhjMi1iZjYzLWQ4NzExMmNhOTlhZS8xL0NCU2FzX0dPdy0wMl95cUIx
SW12RUdtY3M1SS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQAwG01AwQAwY1rMA0GCSqGSIb3DQEBCwUAA4IB
AQBRKYTGORfmpGqPoS0CkwvIEUEkq+6NNq8B6ujZbnoktYxBtwD8UiZLUa/zPc8j
gYUkxr7m+J/vquS3kqr+Phvc/mTVhNzB/LcCONWjMwRJkVFnSZMXkaso6fQwdyBR
u/C/hSAzfCxbwoCOv6cHpON0RXO8rnw9b2KTpbiRXoFG0vm0y7q3dj44/w/QZN8t
WRd54xxrkId4crzW6jbADGqEzB19EpK8uRp8V6fifJsZwFcHLPjBCshcTgADx8qN
6+45cthj95TdkIYZgKJ02nqJEMUgiW+EvGoMGDlUJOWXTS9yNdM1LQxJR4bz0ZjO
6fGXa8PvLZ932wJsbc0NEamg
-----END CERTIFICATE-----