Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/EJU-YHZw_3OO7mprV32MiygE4eE.cer
File:                     EJU-YHZw_3OO7mprV32MiygE4eE.cer (raw, json)
Hash identifier:          QGTfbzBwABjb7IgAm7UBwVKYfsX1GP84lVAy+6CwhVU=
Subject key identifier:   10:95:3E:60:76:70:FF:73:8E:EE:6A:6B:57:7D:8C:8B:28:04:E1:E1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC7955990B6B24545BCBDA39C5049CBD5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/42/a99355-2d01-4da5-8e73-1bc552c00dd7/1/EJU-YHZw_3OO7mprV32MiygE4eE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/42/a99355-2d01-4da5-8e73-1bc552c00dd7/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:31:42 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 176.124.224.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:59:90:b6:b2:45:45:bc:bd:a3:9c:50:49:cb:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10953e607670ff738eee6a6b577d8c8b2804e1e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ce:99:5b:f9:fb:75:2e:db:10:be:8e:08:55:
                    50:b0:29:74:12:c9:85:b3:33:f2:b3:65:e5:df:5a:
                    a0:a3:a1:68:7e:01:4d:af:dd:94:16:e2:9a:61:20:
                    d4:7f:e3:5a:57:de:f3:81:db:38:61:7a:e4:46:4f:
                    e8:35:ac:7a:96:23:17:bb:5b:05:75:8f:68:e5:38:
                    b3:64:37:5d:91:6c:2a:f0:b4:1a:2c:9b:a2:5d:e5:
                    ef:c1:ef:eb:0b:3f:c5:56:0d:e5:a0:26:ff:d0:f0:
                    34:49:0a:a9:76:c5:19:b6:f6:29:cf:77:28:27:8a:
                    d2:5a:27:d3:9f:4a:0c:bd:2d:51:de:f4:d0:31:b9:
                    62:f6:e1:60:d6:12:34:80:3c:2e:bc:43:1c:a9:de:
                    21:a6:1e:c8:89:8d:7d:ab:1d:ee:06:80:e4:a3:ca:
                    f3:e1:e6:a0:5f:23:fc:46:ca:98:2c:f7:c4:3e:e3:
                    d1:3e:19:64:53:09:8b:38:8f:23:77:f7:13:41:70:
                    6c:d0:4a:9e:af:24:3f:9d:78:ee:62:41:2a:12:8a:
                    db:4e:cc:8a:5d:01:f2:0c:35:4f:de:ae:9b:59:11:
                    08:77:fd:65:f0:50:d4:fb:ba:82:88:2b:72:77:cb:
                    dd:dd:00:f3:f5:18:1d:26:dc:a4:7e:10:66:ce:5e:
                    d3:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:95:3E:60:76:70:FF:73:8E:EE:6A:6B:57:7D:8C:8B:28:04:E1:E1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/a99355-2d01-4da5-8e73-1bc552c00dd7/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/a99355-2d01-4da5-8e73-1bc552c00dd7/1/EJU-YHZw_3OO7mprV32MiygE4eE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.124.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         69:a6:9a:7d:66:38:d1:ce:b5:5e:23:21:de:71:d4:4d:0b:7b:
         4d:89:4a:e4:cc:d9:ec:b5:ad:a4:5d:9e:50:12:02:e6:8b:b6:
         36:e5:7b:45:28:ab:dd:e9:38:81:3d:ea:a4:e5:69:38:2e:6c:
         f8:81:b7:87:53:4c:c4:63:70:e6:b7:8e:a5:94:39:79:8e:06:
         26:4f:29:66:6e:b7:b8:19:29:7b:4b:27:97:31:73:3d:94:74:
         14:6d:c4:20:4a:82:e1:aa:b1:c2:48:39:f7:23:6d:21:d4:a9:
         d8:9c:d0:80:06:8e:c8:c3:8e:b9:61:36:97:35:2d:f1:e5:28:
         a7:b5:4b:fc:4b:29:1a:d0:ba:3b:5d:11:a2:ce:f1:48:b8:e3:
         f8:7f:5c:28:15:13:1d:6d:0a:ca:be:6c:78:42:27:1a:c3:79:
         89:a1:65:47:c9:f0:c0:c5:d3:5f:55:9d:3e:bc:38:05:59:f6:
         ae:fe:aa:30:68:f9:d3:45:be:c9:7a:6a:56:73:90:0d:81:39:
         9f:a7:43:b2:18:61:4c:82:51:50:0f:4f:c4:3c:f1:10:89:93:
         7c:7f:51:f6:0c:ba:3e:97:81:fc:1a:79:18:e7:d5:17:0e:18:
         0f:19:41:4b:ca:9a:1f:50:7e:71:04:66:8e:bb:c7:6e:25:82:
         2b:77:3b:45
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzHlVmQtrJFRby9o5xQScvVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDk1M2U2MDc2NzBmZjczOGVlZTZhNmI1NzdkOGM4YjI4MDRlMWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqM6ZW/n7dS7bEL6OCFVQsCl0EsmF
szPys2Xl31qgo6FofgFNr92UFuKaYSDUf+NaV97zgds4YXrkRk/oNax6liMXu1sF
dY9o5TizZDddkWwq8LQaLJuiXeXvwe/rCz/FVg3loCb/0PA0SQqpdsUZtvYpz3co
J4rSWifTn0oMvS1R3vTQMbli9uFg1hI0gDwuvEMcqd4hph7IiY19qx3uBoDko8rz
4eagXyP8RsqYLPfEPuPRPhlkUwmLOI8jd/cTQXBs0EqeryQ/nXjuYkEqEorbTsyK
XQHyDDVP3q6bWREId/1l8FDU+7qCiCtyd8vd3QDz9RgdJtykfhBmzl7ThQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFBCVPmB2cP9zju5qa1d9jIsoBOHhMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQyL2E5OTM1
NS0yZDAxLTRkYTUtOGU3My0xYmM1NTJjMDBkZDcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDIvYTk5MzU1
LTJkMDEtNGRhNS04ZTczLTFiYzU1MmMwMGRkNy8xL0VKVS1ZSFp3XzNPTzdtcHJW
MzJNaXlnRTRlRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBsHzgMA0GCSqGSIb3DQEBCwUAA4IBAQBpppp9
ZjjRzrVeIyHecdRNC3tNiUrkzNnsta2kXZ5QEgLmi7Y25XtFKKvd6TiBPeqk5Wk4
Lmz4gbeHU0zEY3Dmt46llDl5jgYmTylmbre4GSl7SyeXMXM9lHQUbcQgSoLhqrHC
SDn3I20h1KnYnNCABo7Iw465YTaXNS3x5SintUv8Syka0Lo7XRGizvFIuOP4f1wo
FRMdbQrKvmx4Qicaw3mJoWVHyfDAxdNfVZ0+vDgFWfau/qowaPnTRb7JempWc5AN
gTmfp0OyGGFMglFQD0/EPPEQiZN8f1H2DLo+l4H8GnkY59UXDhgPGUFLypofUH5x
BGaOu8duJYIrdztF
-----END CERTIFICATE-----