Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/CDMy0vYHhPErstIQrsgKtBu_EVk.cer
File:                     CDMy0vYHhPErstIQrsgKtBu_EVk.cer (raw, json)
Hash identifier:          d0kZ8LF4rReNZtQT8BLEe7pTBVDleh9iojHv1W0Ts6c=
Subject key identifier:   08:33:32:D2:F6:07:84:F1:2B:B2:D2:10:AE:C8:0A:B4:1B:BF:11:59
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2860002FB9C760D3B4A3E835D1BB7C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/52/3ea1ae-1f87-4cfb-9412-df542cdc3976/1/CDMy0vYHhPErstIQrsgKtBu_EVk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/52/3ea1ae-1f87-4cfb-9412-df542cdc3976/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:31:32 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 80.91.208.0/24
                          IP: 2a09:5880::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:60:00:2f:b9:c7:60:d3:b4:a3:e8:35:d1:bb:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=083332d2f60784f12bb2d210aec80ab41bbf1159
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:4e:09:42:24:9e:90:3e:84:88:22:69:8b:6f:
                    3f:3b:9a:29:3e:e6:d0:c7:85:41:11:6c:32:e3:8d:
                    f5:03:2b:f3:c5:ad:ef:63:b5:44:6e:d5:ae:dd:97:
                    33:06:d0:33:d2:39:a1:06:84:be:36:27:55:fd:29:
                    ad:26:39:69:ef:ad:98:a9:97:c1:d0:d1:7f:a2:79:
                    c5:ea:3e:96:66:05:da:2e:46:f6:f7:e9:35:27:49:
                    19:d0:a4:f1:f4:84:74:a1:6e:d6:84:69:38:fb:ec:
                    81:5e:87:36:6e:80:9c:f6:95:0b:d1:e4:17:b2:e9:
                    35:39:19:52:ce:08:ef:5f:db:5a:72:b5:1b:43:3e:
                    bd:9c:78:33:bf:b3:b6:39:d8:df:3c:83:21:2b:10:
                    65:db:3b:5b:d8:6b:c0:48:f7:68:be:e7:11:6f:ae:
                    04:ea:8d:a3:be:89:75:1a:9b:a6:67:c5:cf:2f:89:
                    81:e5:8f:3b:76:96:e7:96:34:10:d0:39:e2:6b:dd:
                    8e:05:1f:98:e5:8a:6d:f5:66:b2:93:f9:c9:f7:c9:
                    c1:72:c4:df:45:87:da:d2:5a:9e:26:fd:bd:20:87:
                    c1:fb:a9:25:fc:d9:de:38:c0:d0:13:0b:99:d0:9d:
                    50:82:52:7c:73:cd:59:ea:c1:d8:e7:6a:9f:71:16:
                    06:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:33:32:D2:F6:07:84:F1:2B:B2:D2:10:AE:C8:0A:B4:1B:BF:11:59
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/3ea1ae-1f87-4cfb-9412-df542cdc3976/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/3ea1ae-1f87-4cfb-9412-df542cdc3976/1/CDMy0vYHhPErstIQrsgKtBu_EVk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.91.208.0/24
                IPv6:
                  2a09:5880::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:10:a6:61:3e:98:c1:a4:de:46:56:72:89:c1:57:f1:b1:70:
         ff:df:ad:42:a0:e3:29:71:e2:e4:8d:8e:4e:cb:4a:95:33:b9:
         3b:fd:95:68:ac:09:aa:44:cb:8c:18:8e:61:96:83:83:f2:41:
         08:d7:7d:e5:97:ab:56:43:c1:7f:47:88:36:98:51:e4:48:16:
         7f:b5:bf:2a:34:63:00:00:3e:29:63:03:4d:72:78:2f:16:f4:
         a4:d5:1a:e3:f0:88:05:3e:10:8a:7b:1e:99:06:35:4a:3f:a6:
         8f:f5:5e:b7:0e:7c:87:2c:63:1f:f0:2f:e1:96:10:45:b3:3f:
         e8:92:8c:04:ad:28:d5:4f:a0:23:57:6b:45:f4:44:64:2e:69:
         b9:ba:78:7e:fa:90:6a:7b:5d:1d:01:31:4e:c0:23:9f:e5:22:
         0e:7c:37:dc:8c:58:73:15:4f:d3:c9:6a:c6:3d:5e:66:fd:1d:
         d2:dc:e7:e8:e6:bc:53:5a:64:f4:5c:db:a3:a9:b0:2d:cb:ae:
         23:44:ac:34:cc:54:7e:fb:58:64:82:16:b2:d7:19:d5:ff:67:
         86:be:ee:f9:00:63:e1:a8:3b:6c:cc:5b:40:d8:a0:f6:86:5e:
         cc:6a:bb:54:33:30:93:e2:1c:da:45:a7:fe:e2:81:7b:ca:8f:
         87:f1:a0:03
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzKKGAAL7nHYNO0o+g10bt8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODMzMzJkMmY2MDc4NGYxMmJiMmQyMTBhZWM4MGFiNDFiYmYxMTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtk4JQiSekD6EiCJpi28/O5opPubQ
x4VBEWwy4431Ayvzxa3vY7VEbtWu3ZczBtAz0jmhBoS+NidV/SmtJjlp762YqZfB
0NF/onnF6j6WZgXaLkb29+k1J0kZ0KTx9IR0oW7WhGk4++yBXoc2boCc9pUL0eQX
suk1ORlSzgjvX9tacrUbQz69nHgzv7O2OdjfPIMhKxBl2ztb2GvASPdovucRb64E
6o2jvol1GpumZ8XPL4mB5Y87dpbnljQQ0Dnia92OBR+Y5Ypt9Wayk/nJ98nBcsTf
RYfa0lqeJv29IIfB+6kl/NneOMDQEwuZ0J1QglJ8c81Z6sHY52qfcRYGTQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFAgzMtL2B4TxK7LSEK7ICrQbvxFZMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzUyLzNlYTFh
ZS0xZjg3LTRjZmItOTQxMi1kZjU0MmNkYzM5NzYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTIvM2VhMWFl
LTFmODctNGNmYi05NDEyLWRmNTQyY2RjMzk3Ni8xL0NETXkwdllIaFBFcnN0SVFy
c2dLdEJ1X0VWay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAUFvQMA0EAgACMAcDBQMqCViAMA0GCSqGSIb3
DQEBCwUAA4IBAQABEKZhPpjBpN5GVnKJwVfxsXD/361CoOMpceLkjY5Oy0qVM7k7
/ZVorAmqRMuMGI5hloOD8kEI133ll6tWQ8F/R4g2mFHkSBZ/tb8qNGMAAD4pYwNN
cngvFvSk1Rrj8IgFPhCKex6ZBjVKP6aP9V63DnyHLGMf8C/hlhBFsz/okowErSjV
T6AjV2tF9ERkLmm5unh++pBqe10dATFOwCOf5SIOfDfcjFhzFU/TyWrGPV5m/R3S
3Ofo5rxTWmT0XNujqbAty64jRKw0zFR++1hkghay1xnV/2eGvu75AGPhqDtszFtA
2KD2hl7MartUMzCT4hzaRaf+4oF7yo+H8aAD
-----END CERTIFICATE-----