Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/DhI9xSvlTkcrv-N18u1B5JqHg-c.cer
File:                     DhI9xSvlTkcrv-N18u1B5JqHg-c.cer (raw, json)
Hash identifier:          3lI3vYRc1kOJBUHEZrN1DgD3CFSycpcAWyTfsIGkjL0=
Subject key identifier:   0E:12:3D:C5:2B:E5:4E:47:2B:BF:E3:75:F2:ED:41:E4:9A:87:83:E7
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC6B8F1940302AE0C405172E9823116BD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/72/53be2f-e997-470d-93bf-41b5863ca8db/1/DhI9xSvlTkcrv-N18u1B5JqHg-c.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/72/53be2f-e997-470d-93bf-41b5863ca8db/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 20:30:58 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 2.57.0.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:f1:94:03:02:ae:0c:40:51:72:e9:82:31:16:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e123dc52be54e472bbfe375f2ed41e49a8783e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:88:f2:93:2f:fb:c3:67:a0:b3:9d:44:a2:d2:
                    32:69:6f:a7:cf:7e:8f:78:77:a9:40:90:08:82:91:
                    d5:cd:d1:f5:77:2c:23:f6:ee:ff:d4:55:ab:e4:af:
                    b4:ac:a8:4f:f6:e7:0d:5b:4e:5e:c5:e2:b3:37:79:
                    55:d0:cb:0a:06:c8:7f:31:f0:01:7b:17:8a:49:fa:
                    22:72:b4:73:15:ed:f7:69:bb:d6:d5:29:c5:d2:3a:
                    b6:56:c0:51:3a:16:bd:ee:bc:a4:ec:c5:84:0e:4e:
                    d7:32:cb:7a:35:5c:51:fb:ea:2c:ac:1b:92:67:89:
                    89:d8:05:84:a4:91:49:90:59:1c:00:99:5d:7a:1d:
                    79:f7:de:3e:61:d3:17:2b:dd:8a:42:33:7d:c8:62:
                    69:b1:30:10:0a:ac:81:30:76:fc:79:2d:d7:50:0a:
                    fa:2e:b9:34:32:d9:fe:f4:0b:cb:51:c8:23:b1:61:
                    f7:3f:80:4e:cc:87:64:55:4c:7d:00:bb:2a:ef:89:
                    15:79:3e:ac:36:70:e1:28:42:86:55:0c:b4:cf:5b:
                    17:e1:03:a2:90:28:16:3f:e7:df:42:a3:83:a1:2b:
                    82:23:90:d4:18:55:9f:50:b6:6c:00:5c:ef:fc:52:
                    f5:21:3a:b5:88:86:94:8f:4a:45:3c:1c:e8:41:02:
                    13:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:12:3D:C5:2B:E5:4E:47:2B:BF:E3:75:F2:ED:41:E4:9A:87:83:E7
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/53be2f-e997-470d-93bf-41b5863ca8db/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/53be2f-e997-470d-93bf-41b5863ca8db/1/DhI9xSvlTkcrv-N18u1B5JqHg-c.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:7e:e7:c6:04:3a:7b:16:5a:b9:3c:b1:18:52:93:f9:a9:df:
         f8:f8:39:fd:de:0f:4f:be:7e:f8:55:c2:0e:08:94:ab:7c:da:
         6f:7c:79:21:0b:52:3f:4a:1f:d5:25:70:f8:d7:7c:a2:fe:22:
         f3:a8:91:27:f8:36:e1:b2:29:be:aa:af:59:0e:cd:c5:0a:ef:
         d2:93:8c:4a:a1:ac:f8:42:e0:51:2c:19:ac:40:bc:db:2e:26:
         a8:6b:67:37:a5:f8:96:22:74:f9:cd:a5:b6:35:80:1b:4e:d5:
         72:81:f2:b3:af:f0:0c:71:34:ea:62:1a:71:e4:09:2e:05:bc:
         c4:e9:8f:12:be:8a:0d:38:88:d8:0e:29:13:80:18:ae:75:b9:
         de:b2:19:8e:31:4c:38:e6:8f:23:9e:40:af:e0:bf:be:44:83:
         0a:4d:89:7d:13:c5:72:2e:d8:60:1f:dc:60:7d:c2:b5:89:50:
         d3:9e:43:02:d2:a9:48:49:37:43:8e:9c:84:27:ed:d3:7d:fa:
         c0:b0:cf:11:a8:dc:1a:58:57:66:11:95:bd:24:b0:3a:c2:97:
         c9:41:28:c8:88:2e:1b:b0:7f:f9:33:74:af:59:7a:36:49:54:
         3e:58:67:ac:79:b0:3c:a0:63:7c:cd:7e:0b:e9:4f:7c:6d:3d:
         d5:c4:f5:b2
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzGuPGUAwKuDEBRcumCMRa9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjAzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTEyM2RjNTJiZTU0ZTQ3MmJiZmUzNzVmMmVkNDFlNDlhODc4M2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYjyky/7w2egs51EotIyaW+nz36P
eHepQJAIgpHVzdH1dywj9u7/1FWr5K+0rKhP9ucNW05exeKzN3lV0MsKBsh/MfAB
exeKSfoicrRzFe33abvW1SnF0jq2VsBROha97ryk7MWEDk7XMst6NVxR++osrBuS
Z4mJ2AWEpJFJkFkcAJldeh15994+YdMXK92KQjN9yGJpsTAQCqyBMHb8eS3XUAr6
Lrk0Mtn+9AvLUcgjsWH3P4BOzIdkVUx9ALsq74kVeT6sNnDhKEKGVQy0z1sX4QOi
kCgWP+ffQqODoSuCI5DUGFWfULZsAFzv/FL1ITq1iIaUj0pFPBzoQQIT3QIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFA4SPcUr5U5HK7/jdfLtQeSah4PnMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzcyLzUzYmUy
Zi1lOTk3LTQ3MGQtOTNiZi00MWI1ODYzY2E4ZGIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzIvNTNiZTJm
LWU5OTctNDcwZC05M2JmLTQxYjU4NjNjYThkYi8xL0RoSTl4U3ZsVGtjcnYtTjE4
dTFCNUpxSGctYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAAjkAMA0GCSqGSIb3DQEBCwUAA4IBAQBcfufG
BDp7Flq5PLEYUpP5qd/4+Dn93g9Pvn74VcIOCJSrfNpvfHkhC1I/Sh/VJXD413yi
/iLzqJEn+Dbhsim+qq9ZDs3FCu/Sk4xKoaz4QuBRLBmsQLzbLiaoa2c3pfiWInT5
zaW2NYAbTtVygfKzr/AMcTTqYhpx5AkuBbzE6Y8SvooNOIjYDikTgBiudbneshmO
MUw45o8jnkCv4L++RIMKTYl9E8VyLthgH9xgfcK1iVDTnkMC0qlISTdDjpyEJ+3T
ffrAsM8RqNwaWFdmEZW9JLA6wpfJQSjIiC4bsH/5M3SvWXo2SVQ+WGesebA8oGN8
zX4L6U98bT3VxPWy
-----END CERTIFICATE-----