Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/D_4AEevk8hbFjTq0KBK5hAK-Cyw.cer
File:                     D_4AEevk8hbFjTq0KBK5hAK-Cyw.cer (raw, json)
Hash identifier:          d/7FFMaOxTG2Op6+NJ+9GW7SmpO23RGsYa5QxNrsd5c=
Subject key identifier:   0F:FE:00:11:EB:E4:F2:16:C5:8D:3A:B4:28:12:B9:84:02:BE:0B:2C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC64A8B31C608BD85CABC52057B2666B9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9a/96184d-5981-4702-9d32-6cc0daf341c4/1/D_4AEevk8hbFjTq0KBK5hAK-Cyw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9a/96184d-5981-4702-9d32-6cc0daf341c4/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:30:23 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.216.179.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Apr 2024 17:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:8b:31:c6:08:bd:85:ca:bc:52:05:7b:26:66:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ffe0011ebe4f216c58d3ab42812b98402be0b2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:3d:1f:13:37:98:5b:4f:62:bf:b8:2b:79:f2:
                    13:1a:d1:56:9d:72:27:92:55:b7:ce:cc:b5:d3:62:
                    28:8f:9d:cd:de:f0:93:d1:2f:b5:88:70:26:93:9a:
                    e0:9e:dc:86:c7:b7:3b:ac:2d:4b:ab:3f:42:64:e0:
                    e8:51:1e:18:e5:78:9a:bb:cf:50:7c:22:6d:86:fd:
                    0d:5d:19:ae:3f:a7:17:df:cb:13:4b:49:f5:b4:c9:
                    30:4d:f1:9b:8b:c0:3e:39:22:0a:cc:2a:b2:51:a5:
                    3e:4d:22:e2:29:2d:82:b2:d2:0d:17:d1:e0:dd:2b:
                    42:f2:d4:fd:b4:78:86:e9:8f:0f:2c:91:d0:f3:5b:
                    fa:81:ca:6a:0d:97:3e:44:73:74:59:5b:3e:53:96:
                    50:40:3a:a1:28:9d:78:4d:03:00:17:19:66:fc:58:
                    36:ee:b7:78:cb:ce:4c:3e:58:07:79:8b:38:98:c5:
                    2b:45:0f:9e:6d:b7:4d:b6:b6:0a:86:95:e3:df:d1:
                    0a:dd:4e:75:18:f4:f8:3c:fa:31:a6:d8:ae:25:25:
                    cd:c6:c8:56:f9:32:ef:2f:9c:d9:9a:f5:1b:cc:b3:
                    bb:32:1f:93:5e:0a:dd:12:53:bc:42:e9:78:75:ee:
                    ee:34:a7:2b:ac:cf:28:c5:32:79:8c:e6:f8:d6:80:
                    2e:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:FE:00:11:EB:E4:F2:16:C5:8D:3A:B4:28:12:B9:84:02:BE:0B:2C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/96184d-5981-4702-9d32-6cc0daf341c4/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/96184d-5981-4702-9d32-6cc0daf341c4/1/D_4AEevk8hbFjTq0KBK5hAK-Cyw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:34:58:c5:24:4b:a9:6d:23:57:82:3f:63:a0:48:a5:b9:61:
         39:3e:80:6d:7b:fb:e5:ae:26:69:fd:4c:9b:e1:99:a4:ec:e9:
         51:3e:0f:a3:94:52:c3:4b:ab:40:e6:39:f5:44:88:98:17:2a:
         47:fb:33:2f:0d:f7:7b:5a:38:67:66:67:a9:48:20:7c:e5:49:
         7a:4c:c2:c9:57:06:1a:a9:a9:37:0c:92:dc:b1:c3:e1:fc:e3:
         50:12:b7:60:28:46:a9:ea:b0:b6:26:84:93:ea:c9:dc:11:e4:
         bb:ed:8a:76:71:cc:59:b9:1a:ca:9a:99:0f:af:52:3b:22:22:
         d8:7e:e1:2a:1a:a6:06:89:ef:bd:5a:f5:57:96:98:d5:44:e9:
         be:63:2d:f5:21:c5:07:9b:f9:96:8a:44:99:3c:c1:b2:19:80:
         51:6a:77:a6:ae:ed:27:fe:4c:ee:05:f7:37:1e:0f:2b:08:9a:
         66:2d:b8:d1:a0:26:3b:ac:23:11:9e:7c:09:1a:14:52:5a:87:
         71:38:4a:31:19:2a:70:3c:3c:ca:ab:7c:72:b6:a1:20:23:e1:
         d8:95:94:fb:2b:cd:86:52:c1:05:fc:53:a8:1f:0d:c7:4f:c8:
         1c:dd:3e:55:75:4b:03:0e:cd:72:16:1c:ec:52:ca:33:f0:75:
         a1:18:b1:98
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzGSosxxgi9hcq8UgV7Jma5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmZlMDAxMWViZTRmMjE2YzU4ZDNhYjQyODEyYjk4NDAyYmUwYjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuz0fEzeYW09iv7grefITGtFWnXIn
klW3zsy102Ioj53N3vCT0S+1iHAmk5rgntyGx7c7rC1Lqz9CZODoUR4Y5Xiau89Q
fCJthv0NXRmuP6cX38sTS0n1tMkwTfGbi8A+OSIKzCqyUaU+TSLiKS2CstINF9Hg
3StC8tT9tHiG6Y8PLJHQ81v6gcpqDZc+RHN0WVs+U5ZQQDqhKJ14TQMAFxlm/Fg2
7rd4y85MPlgHeYs4mMUrRQ+ebbdNtrYKhpXj39EK3U51GPT4PPoxptiuJSXNxshW
+TLvL5zZmvUbzLO7Mh+TXgrdElO8Qul4de7uNKcrrM8oxTJ5jOb41oAuDwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFA/+ABHr5PIWxY06tCgSuYQCvgssMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzlhLzk2MTg0
ZC01OTgxLTQ3MDItOWQzMi02Y2MwZGFmMzQxYzQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWEvOTYxODRk
LTU5ODEtNDcwMi05ZDMyLTZjYzBkYWYzNDFjNC8xL0RfNEFFZXZrOGhiRmpUcTBL
Qks1aEFLLUN5dy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9izMA0GCSqGSIb3DQEBCwUAA4IBAQBENFjF
JEupbSNXgj9joEiluWE5PoBte/vlriZp/Uyb4Zmk7OlRPg+jlFLDS6tA5jn1RIiY
FypH+zMvDfd7WjhnZmepSCB85Ul6TMLJVwYaqak3DJLcscPh/ONQErdgKEap6rC2
JoST6sncEeS77Yp2ccxZuRrKmpkPr1I7IiLYfuEqGqYGie+9WvVXlpjVROm+Yy31
IcUHm/mWikSZPMGyGYBRanemru0n/kzuBfc3Hg8rCJpmLbjRoCY7rCMRnnwJGhRS
WodxOEoxGSpwPDzKq3xytqEgI+HYlZT7K82GUsEF/FOoHw3HT8gc3T5VdUsDDs1y
FhzsUsoz8HWhGLGY
-----END CERTIFICATE-----