Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/EQqvkBamh1L8kTIUm5Ho-rFuJL4.cer
File:                     EQqvkBamh1L8kTIUm5Ho-rFuJL4.cer (raw, json)
Hash identifier:          uNWBTUNJoycexaLdMNvtTneJo1aAFUwfKhMSq1a+kZc=
Subject key identifier:   11:0A:AF:90:16:A6:87:52:FC:91:32:14:9B:91:E8:FA:B1:6E:24:BE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC7274829DEAE17AE8212D71493B7AF02
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f2/e411e8-0dc6-46e2-b3a7-d0debcfffd76/1/EQqvkBamh1L8kTIUm5Ho-rFuJL4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f2/e411e8-0dc6-46e2-b3a7-d0debcfffd76/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 22:31:29 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 45.90.164.0/22
                          IP: 2a0e:2c0::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:48:29:de:ae:17:ae:82:12:d7:14:93:b7:af:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=110aaf9016a68752fc9132149b91e8fab16e24be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:a1:5c:39:3a:37:26:cd:03:14:49:63:5d:39:
                    10:67:e5:9e:5d:78:69:19:dd:3d:7a:67:e7:1f:86:
                    58:c5:70:78:c5:c3:5b:5b:0e:e7:8b:3f:e7:3a:16:
                    d7:44:5b:3e:af:e2:d7:4f:a6:37:83:93:37:2c:a5:
                    df:2d:81:39:29:dd:6f:52:86:f9:23:1d:85:e3:23:
                    49:e6:f4:6a:67:b7:33:5a:4c:ce:5e:74:38:f7:d6:
                    00:d1:72:90:b5:00:2d:5d:ed:97:93:5c:99:1a:4c:
                    5e:2e:f1:ac:9b:e6:2a:d2:be:ee:e7:e9:d1:a0:db:
                    60:bd:5f:1c:aa:a3:f1:9b:7d:00:2a:0e:7e:f2:6d:
                    b8:72:64:43:71:96:a2:b0:6a:1c:5c:cd:ff:7a:78:
                    87:dd:46:8e:ec:3b:b9:77:65:2a:3a:4d:12:bf:db:
                    95:52:70:29:54:2a:d1:2d:53:35:5f:44:06:c2:43:
                    60:ce:12:9e:a1:04:09:40:c2:61:b0:55:45:54:da:
                    28:49:32:09:ce:59:64:0b:91:a4:d2:38:e2:85:0d:
                    53:29:ba:43:8c:02:00:50:fa:3a:0a:7d:8a:1b:fc:
                    d1:b9:86:f1:cb:7b:8c:2c:39:1c:00:a8:96:7f:bb:
                    31:f9:6c:bf:fc:ba:44:d3:87:a3:50:98:8c:59:80:
                    e5:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:0A:AF:90:16:A6:87:52:FC:91:32:14:9B:91:E8:FA:B1:6E:24:BE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/e411e8-0dc6-46e2-b3a7-d0debcfffd76/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/e411e8-0dc6-46e2-b3a7-d0debcfffd76/1/EQqvkBamh1L8kTIUm5Ho-rFuJL4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.164.0/22
                IPv6:
                  2a0e:2c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         69:2c:a7:90:ef:77:1e:43:32:cb:a3:86:7c:0f:30:1a:c8:6c:
         10:0e:12:32:06:62:7d:d8:93:62:b1:aa:77:af:8e:d6:9a:1b:
         79:3c:2b:f6:7a:dc:9f:f0:63:ab:61:ca:1e:b7:2c:64:c0:3b:
         31:5d:7b:9a:72:8e:be:23:74:4d:9b:9b:0d:3d:1b:bf:ac:19:
         42:3b:93:fc:6b:a6:94:6d:20:d3:56:d3:b9:31:c7:cf:a7:1a:
         bc:56:11:32:72:97:f8:95:2e:21:94:95:1e:45:7a:b9:80:0d:
         9e:5c:e5:53:41:8b:75:82:16:97:36:17:dd:de:34:23:2a:a1:
         5f:d6:4b:66:dc:51:b1:67:5d:8a:40:e5:fd:bf:36:e3:be:52:
         a8:a6:52:cd:17:4c:e3:67:2e:00:52:6b:66:65:4e:f0:ed:b6:
         99:d2:6b:e4:8c:7f:c7:66:87:60:59:05:91:3a:52:75:6a:38:
         79:3b:9c:10:a2:9b:97:40:cd:3e:fd:42:a2:63:b4:41:ac:19:
         7f:63:0d:95:c2:e0:38:43:ab:e4:32:dc:83:6c:ea:88:3d:f1:
         2a:3f:6d:02:03:56:40:41:c5:8e:97:da:e2:eb:53:c2:3f:2c:
         e4:13:cd:16:39:b1:47:55:3d:99:ed:f8:a2:99:33:5f:f8:59:
         96:a6:8f:e1
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzHJ0gp3q4XroIS1xSTt68CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTBhYWY5MDE2YTY4NzUyZmM5MTMyMTQ5YjkxZThmYWIxNmUyNGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6aFcOTo3Js0DFEljXTkQZ+WeXXhp
Gd09emfnH4ZYxXB4xcNbWw7niz/nOhbXRFs+r+LXT6Y3g5M3LKXfLYE5Kd1vUob5
Ix2F4yNJ5vRqZ7czWkzOXnQ499YA0XKQtQAtXe2Xk1yZGkxeLvGsm+Yq0r7u5+nR
oNtgvV8cqqPxm30AKg5+8m24cmRDcZaisGocXM3/eniH3UaO7Du5d2UqOk0Sv9uV
UnApVCrRLVM1X0QGwkNgzhKeoQQJQMJhsFVFVNooSTIJzllkC5Gk0jjihQ1TKbpD
jAIAUPo6Cn2KG/zRuYbxy3uMLDkcAKiWf7sx+Wy//LpE04ejUJiMWYDlrwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFBEKr5AWpodS/JEyFJuR6PqxbiS+MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YyL2U0MTFl
OC0wZGM2LTQ2ZTItYjNhNy1kMGRlYmNmZmZkNzYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjIvZTQxMWU4
LTBkYzYtNDZlMi1iM2E3LWQwZGViY2ZmZmQ3Ni8xL0VRcXZrQmFtaDFMOGtUSVVt
NUhvLXJGdUpMNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCLVqkMA0EAgACMAcDBQMqDgLAMA0GCSqGSIb3
DQEBCwUAA4IBAQBpLKeQ73ceQzLLo4Z8DzAayGwQDhIyBmJ92JNisap3r47Wmht5
PCv2etyf8GOrYcoetyxkwDsxXXuaco6+I3RNm5sNPRu/rBlCO5P8a6aUbSDTVtO5
McfPpxq8VhEycpf4lS4hlJUeRXq5gA2eXOVTQYt1ghaXNhfd3jQjKqFf1ktm3FGx
Z12KQOX9vzbjvlKoplLNF0zjZy4AUmtmZU7w7baZ0mvkjH/HZodgWQWROlJ1ajh5
O5wQopuXQM0+/UKiY7RBrBl/Yw2VwuA4Q6vkMtyDbOqIPfEqP20CA1ZAQcWOl9ri
61PCPyzkE80WObFHVT2Z7fiimTNf+FmWpo/h
-----END CERTIFICATE-----