Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ERRf3gGvgQdg7mG881TPlirEYNk.cer
File:                     ERRf3gGvgQdg7mG881TPlirEYNk.cer (raw, json)
Hash identifier:          NIaJ5A0Wfy+9Wil19LSDCkKiVc7o+DEXCAYhVz71YVs=
Subject key identifier:   11:14:5F:DE:01:AF:81:07:60:EE:61:BC:F3:54:CF:96:2A:C4:60:D9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC6B9224DB5008E052ABE36C7ABB6FF5D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/74/a43f79-f728-4645-a71e-c305c8d9a319/1/ERRf3gGvgQdg7mG881TPlirEYNk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/74/a43f79-f728-4645-a71e-c305c8d9a319/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 20:31:10 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.102.108.0/22
                          IP: 2a06:2400::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:22:4d:b5:00:8e:05:2a:be:36:c7:ab:b6:ff:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11145fde01af810760ee61bcf354cf962ac460d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:85:d4:78:3d:17:27:90:7c:25:22:fc:32:9d:
                    4f:a0:99:c5:58:df:32:9e:6e:74:19:0e:7c:30:4e:
                    dc:d7:82:3e:41:91:12:d1:06:07:04:54:d5:b7:64:
                    05:37:df:2c:ec:f4:aa:ac:80:1b:a7:f6:7c:79:17:
                    e6:bb:b4:07:ed:d2:f0:e2:30:6f:59:92:e6:02:3a:
                    d0:d1:8e:9e:4c:17:09:22:df:62:34:6b:8c:b9:a7:
                    97:1c:64:34:a1:ab:9a:86:86:01:94:8c:fe:a1:29:
                    40:3e:ae:1b:bb:6d:ed:e4:a8:2e:79:de:76:49:b5:
                    1c:90:43:1c:60:f7:d2:18:17:1c:74:41:a2:5a:dc:
                    a4:6f:45:19:e6:6d:bf:9d:ba:13:40:41:04:65:6d:
                    00:f6:8b:46:39:da:e0:1f:91:49:45:fa:20:ac:57:
                    d8:39:22:f9:c7:2b:68:f8:e0:d7:a5:77:90:7c:f2:
                    73:6d:af:4f:f7:db:ce:76:0c:97:8d:47:36:d2:b4:
                    27:3c:3a:e4:fc:11:45:6c:b6:e6:2e:1d:ac:e6:08:
                    51:2a:7f:ae:66:b0:58:54:1d:9e:20:fc:c2:52:c6:
                    d6:12:2f:fb:9a:db:c1:7a:35:d8:82:24:da:87:1c:
                    e7:bd:79:5b:68:f3:7b:ec:40:0a:1e:ba:e8:bb:1e:
                    d2:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:14:5F:DE:01:AF:81:07:60:EE:61:BC:F3:54:CF:96:2A:C4:60:D9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/a43f79-f728-4645-a71e-c305c8d9a319/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/a43f79-f728-4645-a71e-c305c8d9a319/1/ERRf3gGvgQdg7mG881TPlirEYNk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.108.0/22
                IPv6:
                  2a06:2400::/29

    Signature Algorithm: sha256WithRSAEncryption
         87:e1:21:45:a5:6a:72:00:75:72:d0:5a:77:16:1c:f6:12:35:
         d4:ad:b5:22:62:87:37:d4:15:58:92:c7:45:f8:f4:dd:02:a2:
         c2:dd:99:82:41:ac:d9:47:2b:cd:30:ad:04:21:51:3c:13:ec:
         89:b3:d7:9a:28:99:3e:db:25:c5:4d:bc:36:3c:ef:64:05:10:
         96:88:29:41:ba:b6:51:0f:e8:d9:1c:2d:38:8f:d5:69:94:ff:
         8e:88:b2:5e:dc:7c:49:c0:b0:95:60:9b:1c:ea:8d:2b:20:67:
         d6:93:fc:9d:17:c7:1b:02:a8:51:0f:7d:1c:9e:1f:72:72:bd:
         43:9c:a3:7f:5d:02:40:a9:30:55:18:9e:ff:fd:95:8a:a7:00:
         c3:b4:df:3c:84:a0:b4:f5:0b:df:5d:78:74:45:e0:35:5c:bf:
         50:b0:20:c2:fb:02:87:b8:d7:e1:87:92:e0:fe:a1:ce:ab:54:
         59:06:57:4e:92:27:3b:fa:1c:18:60:d6:9c:d3:e7:ed:d7:3e:
         8d:bf:45:ff:ad:d7:25:62:90:62:08:07:21:04:4c:e4:6d:40:
         ac:9f:f8:77:bb:57:77:ce:8e:a1:65:2e:0a:b6:91:be:87:96:
         53:67:1e:e5:d3:84:5c:d5:01:6f:7e:a0:7b:d3:b2:47:8f:40:
         4e:84:57:5e
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzGuSJNtQCOBSq+Nsertv9dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjAzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTE0NWZkZTAxYWY4MTA3NjBlZTYxYmNmMzU0Y2Y5NjJhYzQ2MGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgoXUeD0XJ5B8JSL8Mp1PoJnFWN8y
nm50GQ58ME7c14I+QZES0QYHBFTVt2QFN98s7PSqrIAbp/Z8eRfmu7QH7dLw4jBv
WZLmAjrQ0Y6eTBcJIt9iNGuMuaeXHGQ0oauahoYBlIz+oSlAPq4bu23t5Kgued52
SbUckEMcYPfSGBccdEGiWtykb0UZ5m2/nboTQEEEZW0A9otGOdrgH5FJRfogrFfY
OSL5xyto+ODXpXeQfPJzba9P99vOdgyXjUc20rQnPDrk/BFFbLbmLh2s5ghRKn+u
ZrBYVB2eIPzCUsbWEi/7mtvBejXYgiTahxznvXlbaPN77EAKHrroux7SBQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFBEUX94Br4EHYO5hvPNUz5YqxGDZMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc0L2E0M2Y3
OS1mNzI4LTQ2NDUtYTcxZS1jMzA1YzhkOWEzMTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzQvYTQzZjc5
LWY3MjgtNDY0NS1hNzFlLWMzMDVjOGQ5YTMxOS8xL0VSUmYzZ0d2Z1FkZzdtRzg4
MVRQbGlyRVlOay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuWZsMA0EAgACMAcDBQMqBiQAMA0GCSqGSIb3
DQEBCwUAA4IBAQCH4SFFpWpyAHVy0Fp3Fhz2EjXUrbUiYoc31BVYksdF+PTdAqLC
3ZmCQazZRyvNMK0EIVE8E+yJs9eaKJk+2yXFTbw2PO9kBRCWiClBurZRD+jZHC04
j9VplP+OiLJe3HxJwLCVYJsc6o0rIGfWk/ydF8cbAqhRD30cnh9ycr1DnKN/XQJA
qTBVGJ7//ZWKpwDDtN88hKC09QvfXXh0ReA1XL9QsCDC+wKHuNfhh5Lg/qHOq1RZ
BldOkic7+hwYYNac0+ft1z6Nv0X/rdclYpBiCAchBEzkbUCsn/h3u1d3zo6hZS4K
tpG+h5ZTZx7l04Rc1QFvfqB707JHj0BOhFde
-----END CERTIFICATE-----