Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/DKqIQOU7uWW-UZLIW3QDReegZSw.cer
File:                     DKqIQOU7uWW-UZLIW3QDReegZSw.cer (raw, json)
Hash identifier:          86Huix4TPF3nFj3jjFvsjCG4Vr0cDI0G8NSmXyGfXzo=
Subject key identifier:   0C:AA:88:40:E5:3B:B9:65:BE:51:92:C8:5B:74:03:45:E7:A0:65:2C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC4255B19A257795435B5A87417785D83
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/61/c67c3e-45c6-4c81-9738-c44ddffa69ab/1/DKqIQOU7uWW-UZLIW3QDReegZSw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/61/c67c3e-45c6-4c81-9738-c44ddffa69ab/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 08:30:31 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.107.46.0/24
                          IP: 2a13:7f00::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 25 Apr 2024 01:58:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5b:19:a2:57:79:54:35:b5:a8:74:17:78:5d:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 08:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0caa8840e53bb965be5192c85b740345e7a0652c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:20:d9:82:ff:1e:b5:96:34:a9:b8:93:e0:4e:
                    40:a1:a1:2d:35:b3:fc:75:b3:7e:82:a3:40:04:3a:
                    79:fe:22:4b:b6:28:fe:bf:e7:8d:ad:6e:9c:5f:7b:
                    12:2e:ca:0c:12:dc:c0:07:e4:79:f6:c7:3e:52:71:
                    2b:82:7f:21:ee:15:87:70:58:4c:47:50:88:f1:90:
                    02:fe:00:35:7a:b2:1a:a6:84:40:eb:10:10:eb:6b:
                    8b:02:3a:c7:6a:30:f5:59:84:22:be:3f:77:4d:d0:
                    68:ab:1e:9b:ee:54:63:33:5c:89:b8:b9:49:b2:01:
                    b0:61:92:12:bb:98:2a:c8:6c:40:a4:99:c5:1d:0b:
                    9e:10:c3:3e:d1:b6:a2:10:6c:db:44:a7:4d:05:37:
                    7a:9e:fc:e7:98:79:dd:32:37:e3:7f:89:2a:59:fe:
                    5f:b4:84:dd:52:7a:f0:b4:cc:9a:24:8d:26:36:67:
                    51:00:3e:04:4d:59:27:fb:fc:ac:15:51:2d:4c:bb:
                    97:14:9d:39:b7:1a:6d:2b:d9:30:71:00:38:84:e8:
                    ec:41:99:6e:90:25:fc:bf:38:88:08:dd:1a:5e:05:
                    b1:46:0f:82:c2:55:c6:8c:6e:a8:a9:87:1d:f8:4b:
                    02:ce:d4:4c:5d:00:ca:e1:56:27:ac:5c:23:c3:06:
                    c0:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:AA:88:40:E5:3B:B9:65:BE:51:92:C8:5B:74:03:45:E7:A0:65:2C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/c67c3e-45c6-4c81-9738-c44ddffa69ab/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/c67c3e-45c6-4c81-9738-c44ddffa69ab/1/DKqIQOU7uWW-UZLIW3QDReegZSw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.107.46.0/24
                IPv6:
                  2a13:7f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         73:54:81:24:22:d1:69:c7:d9:2d:3c:8b:01:c0:5c:9e:c9:33:
         1e:b4:0d:46:95:a6:2b:b7:cb:71:71:e7:ce:82:0c:cc:ac:bf:
         df:1d:6c:f6:2f:ea:5a:ef:10:64:5f:8d:cd:55:00:20:a6:65:
         4e:4a:14:4b:8b:cc:44:e9:15:01:fd:14:77:85:b1:26:09:61:
         cd:89:14:75:1f:bd:cb:fa:33:54:71:55:28:12:53:43:d6:59:
         7c:1c:5e:32:34:99:a1:2e:8c:d2:43:1c:09:a0:89:6e:b4:35:
         93:1e:7d:08:37:20:e9:fe:bf:fd:75:de:0b:6d:83:9e:52:e9:
         85:2f:0c:99:bc:e6:05:f8:56:41:78:1e:5b:20:77:b2:38:42:
         d6:84:87:06:9b:c8:ec:f9:e1:e2:b0:9d:25:df:77:0c:ab:c5:
         30:3e:90:42:04:5a:b1:8e:f5:7a:76:db:99:2b:b6:06:88:f9:
         64:c1:c1:3f:f5:21:22:ef:2b:2f:9c:51:ff:39:64:5f:fd:48:
         b9:b4:92:93:e2:20:7b:fd:cb:c5:27:07:0a:27:db:24:a7:39:
         3c:05:d3:5a:8f:bc:85:8d:58:f5:c6:9d:c5:cf:8a:d6:de:8a:
         35:f6:67:d5:6d:0d:51:13:5d:e4:55:11:ab:b5:d6:30:b6:a5:
         90:74:8f:69
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzEJVsZold5VDW1qHQXeF2DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDgzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2FhODg0MGU1M2JiOTY1YmU1MTkyYzg1Yjc0MDM0NWU3YTA2NTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSDZgv8etZY0qbiT4E5AoaEtNbP8
dbN+gqNABDp5/iJLtij+v+eNrW6cX3sSLsoMEtzAB+R59sc+UnErgn8h7hWHcFhM
R1CI8ZAC/gA1erIapoRA6xAQ62uLAjrHajD1WYQivj93TdBoqx6b7lRjM1yJuLlJ
sgGwYZISu5gqyGxApJnFHQueEMM+0baiEGzbRKdNBTd6nvznmHndMjfjf4kqWf5f
tITdUnrwtMyaJI0mNmdRAD4ETVkn+/ysFVEtTLuXFJ05txptK9kwcQA4hOjsQZlu
kCX8vziICN0aXgWxRg+CwlXGjG6oqYcd+EsCztRMXQDK4VYnrFwjwwbACQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFAyqiEDlO7llvlGSyFt0A0XnoGUsMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzYxL2M2N2Mz
ZS00NWM2LTRjODEtOTczOC1jNDRkZGZmYTY5YWIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjEvYzY3YzNl
LTQ1YzYtNGM4MS05NzM4LWM0NGRkZmZhNjlhYi8xL0RLcUlRT1U3dVdXLVVaTElX
M1FEUmVlZ1pTdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAwWsuMA0EAgACMAcDBQMqE38AMA0GCSqGSIb3
DQEBCwUAA4IBAQBzVIEkItFpx9ktPIsBwFyeyTMetA1GlaYrt8txcefOggzMrL/f
HWz2L+pa7xBkX43NVQAgpmVOShRLi8xE6RUB/RR3hbEmCWHNiRR1H73L+jNUcVUo
ElND1ll8HF4yNJmhLozSQxwJoIlutDWTHn0INyDp/r/9dd4LbYOeUumFLwyZvOYF
+FZBeB5bIHeyOELWhIcGm8js+eHisJ0l33cMq8UwPpBCBFqxjvV6dtuZK7YGiPlk
wcE/9SEi7ysvnFH/OWRf/Ui5tJKT4iB7/cvFJwcKJ9skpzk8BdNaj7yFjVj1xp3F
z4rW3oo19mfVbQ1RE13kVRGrtdYwtqWQdI9p
-----END CERTIFICATE-----