Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/DZxWoYyYei0aLnBEt-MbMhv3rBY.cer
File:                     DZxWoYyYei0aLnBEt-MbMhv3rBY.cer (raw, json)
Hash identifier:          pNIpdKU3870Xhk4Jzc4QKmBIUsCUsD5xHK/8V3hLe28=
Subject key identifier:   0D:9C:56:A1:8C:98:7A:2D:1A:2E:70:44:B7:E3:1B:32:1B:F7:AC:16
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56DE17646A885814ED5D37EBDB49886
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ca/bd1b8f-d065-4cc7-9a1f-45ab3f520f00/1/DZxWoYyYei0aLnBEt-MbMhv3rBY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ca/bd1b8f-d065-4cc7-9a1f-45ab3f520f00/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:29:21 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 192.144.0.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:e1:76:46:a8:85:81:4e:d5:d3:7e:bd:b4:98:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d9c56a18c987a2d1a2e7044b7e31b321bf7ac16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f2:77:ff:90:5c:cb:90:c3:45:9d:28:ed:55:
                    fc:97:fc:f0:12:af:44:f9:d7:b8:0f:7c:ea:e7:99:
                    f4:6f:0c:4a:4c:b9:0f:41:40:da:65:d0:fd:88:4c:
                    b6:f5:0c:51:55:a5:c0:ec:ec:3e:5f:08:fd:f2:29:
                    5b:29:9a:50:7d:97:96:3a:9d:46:b0:a0:36:ef:6f:
                    4c:3b:02:c2:08:42:33:dd:7d:90:43:c6:f9:2d:ae:
                    45:17:60:4d:37:62:e1:c3:4d:12:47:f0:f9:50:94:
                    4c:5f:3c:2a:4a:ac:d4:9f:d7:fe:08:a8:db:bd:60:
                    32:fd:a2:55:d5:e7:74:d8:a6:74:4f:9b:29:3f:a0:
                    9d:f6:ae:a9:e0:0d:42:66:97:72:f9:b0:08:b9:a7:
                    d5:6c:a2:82:ec:20:02:a6:d1:e1:ec:96:51:77:ce:
                    43:dc:3a:5f:a7:c3:50:67:04:a1:a4:5a:2a:a4:bf:
                    92:52:a3:63:d2:eb:8f:57:ce:0e:81:18:24:29:24:
                    12:df:1d:9b:ab:80:6f:0e:a8:7c:9b:d7:b3:fd:ab:
                    15:36:8f:8a:f6:7e:49:d7:f2:f0:cc:5c:02:4d:75:
                    4d:76:4b:26:80:7f:b9:a5:21:2b:7d:3d:b0:81:8f:
                    e7:d9:da:af:56:ba:49:12:93:cb:a7:43:0f:01:63:
                    f6:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:9C:56:A1:8C:98:7A:2D:1A:2E:70:44:B7:E3:1B:32:1B:F7:AC:16
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/bd1b8f-d065-4cc7-9a1f-45ab3f520f00/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/bd1b8f-d065-4cc7-9a1f-45ab3f520f00/1/DZxWoYyYei0aLnBEt-MbMhv3rBY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.144.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a6:d6:cd:64:58:9e:ba:d4:45:03:89:8a:3b:fc:2b:87:41:d2:
         db:24:3c:32:e0:c3:b7:84:af:6a:95:9c:d9:89:0c:e9:c6:a5:
         02:80:d6:d7:02:97:d3:6a:f3:46:df:94:f5:14:4a:e1:81:75:
         b6:db:48:e5:3c:3f:d4:06:0c:57:2a:1c:78:ce:3a:f2:a5:82:
         15:7f:00:e7:1e:16:d5:8f:eb:04:dc:76:4f:ec:4e:c0:d8:2b:
         6b:a2:e3:6d:4a:0c:69:11:3e:f6:ae:de:31:05:df:40:1f:c3:
         1d:ea:b5:f5:b1:15:f8:3f:12:2d:bb:6c:62:7f:0a:83:3a:1d:
         75:0d:cf:ac:41:5f:70:86:5c:fc:e2:40:79:a5:f2:6d:84:0a:
         d1:29:4b:e9:f5:5d:25:b1:cc:07:74:8a:bf:f1:29:bc:b9:44:
         f2:3c:2d:72:5b:40:22:7b:7b:f6:82:36:d4:4a:82:6f:9d:28:
         ac:fe:53:1d:a4:72:0c:d6:3f:89:b5:d7:c7:c6:bb:83:56:7d:
         33:f7:2a:d2:b3:c7:34:0c:0d:ec:98:8e:a3:20:71:33:38:70:
         cc:eb:d8:82:da:ae:20:57:a8:5e:ff:57:e1:18:9e:f9:b8:f1:
         8b:d5:3b:bb:da:e7:17:07:5a:f4:34:51:f7:eb:8a:1f:fc:ad:
         fe:d1:3f:6f
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzFbeF2RqiFgU7V0369tJiGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDljNTZhMThjOTg3YTJkMWEyZTcwNDRiN2UzMWIzMjFiZjdhYzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPJ3/5Bcy5DDRZ0o7VX8l/zwEq9E
+de4D3zq55n0bwxKTLkPQUDaZdD9iEy29QxRVaXA7Ow+Xwj98ilbKZpQfZeWOp1G
sKA2729MOwLCCEIz3X2QQ8b5La5FF2BNN2Lhw00SR/D5UJRMXzwqSqzUn9f+CKjb
vWAy/aJV1ed02KZ0T5spP6Cd9q6p4A1CZpdy+bAIuafVbKKC7CACptHh7JZRd85D
3Dpfp8NQZwShpFoqpL+SUqNj0uuPV84OgRgkKSQS3x2bq4BvDqh8m9ez/asVNo+K
9n5J1/LwzFwCTXVNdksmgH+5pSErfT2wgY/n2dqvVrpJEpPLp0MPAWP2zwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFA2cVqGMmHotGi5wRLfjGzIb96wWMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NhL2JkMWI4
Zi1kMDY1LTRjYzctOWExZi00NWFiM2Y1MjBmMDAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2EvYmQxYjhm
LWQwNjUtNGNjNy05YTFmLTQ1YWIzZjUyMGYwMC8xL0RaeFdvWXlZZWkwYUxuQkV0
LU1iTWh2M3JCWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwJAAMA0GCSqGSIb3DQEBCwUAA4IBAQCm1s1k
WJ661EUDiYo7/CuHQdLbJDwy4MO3hK9qlZzZiQzpxqUCgNbXApfTavNG35T1FErh
gXW220jlPD/UBgxXKhx4zjrypYIVfwDnHhbVj+sE3HZP7E7A2CtrouNtSgxpET72
rt4xBd9AH8Md6rX1sRX4PxItu2xifwqDOh11Dc+sQV9whlz84kB5pfJthArRKUvp
9V0lscwHdIq/8Sm8uUTyPC1yW0Aie3v2gjbUSoJvnSis/lMdpHIM1j+JtdfHxruD
Vn0z9yrSs8c0DA3smI6jIHEzOHDM69iC2q4gV6he/1fhGJ75uPGL1Tu72ucXB1r0
NFH364of/K3+0T9v
-----END CERTIFICATE-----