Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/EfXV5hsLpNx7zHM-WrISVzU1ay8.cer
File:                     EfXV5hsLpNx7zHM-WrISVzU1ay8.cer (raw, json)
Hash identifier:          aXMEOQo9BqFsare9gAXxjhWvIXMFOy2VSd0oC29i4mk=
Subject key identifier:   11:F5:D5:E6:1B:0B:A4:DC:7B:CC:73:3E:5A:B2:12:57:35:35:6B:2F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC4254F73DC2D4DAF844B5A4791E47CA5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9a/777c74-c6c0-4679-b0bc-4331a1f1abd0/1/EfXV5hsLpNx7zHM-WrISVzU1ay8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9a/777c74-c6c0-4679-b0bc-4331a1f1abd0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 08:30:28 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 45.146.48.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:4f:73:dc:2d:4d:af:84:4b:5a:47:91:e4:7c:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 08:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11f5d5e61b0ba4dc7bcc733e5ab2125735356b2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:0e:7a:60:86:cb:0e:89:c9:a2:9d:2e:3e:8e:
                    75:02:4d:f3:25:63:04:42:ce:e8:66:40:1c:35:03:
                    80:15:88:24:73:e5:2d:2a:e2:9a:b8:72:a7:cc:8d:
                    38:c2:37:9b:dd:1b:73:9f:56:69:8c:27:20:45:6f:
                    ff:a4:71:ce:36:62:7c:16:c5:95:c8:14:a7:f6:f3:
                    05:84:35:40:ef:f5:e0:f0:88:e7:8d:2e:6a:54:45:
                    30:33:d1:77:bc:e3:4c:a5:1c:83:27:c9:c9:85:8d:
                    79:3b:a2:59:8b:d1:3b:38:19:6a:dc:06:ff:ff:21:
                    53:9b:d6:c6:74:26:ff:8b:d6:47:66:0a:7e:61:ea:
                    59:cd:29:52:63:98:fd:db:22:e9:f1:1e:b2:ea:4a:
                    c2:02:9c:17:a3:57:90:f6:27:82:e1:06:7b:85:4a:
                    7f:de:13:ad:0f:f3:36:98:4d:5f:0f:dc:37:16:fa:
                    09:f3:e7:bf:88:b1:85:36:38:cd:fe:fe:b2:2f:0d:
                    68:73:7b:9c:0c:29:20:e8:99:d0:d8:24:e9:3f:d5:
                    a4:7a:30:c8:9d:a7:af:43:89:70:bc:a6:33:47:c2:
                    86:b1:98:2c:87:34:1c:52:19:f0:25:a9:b3:fa:1d:
                    d9:7b:b1:7a:13:9a:74:3f:d4:ed:5a:52:3e:a2:7e:
                    21:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:F5:D5:E6:1B:0B:A4:DC:7B:CC:73:3E:5A:B2:12:57:35:35:6B:2F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/777c74-c6c0-4679-b0bc-4331a1f1abd0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/777c74-c6c0-4679-b0bc-4331a1f1abd0/1/EfXV5hsLpNx7zHM-WrISVzU1ay8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:8d:24:4f:a2:b6:f4:30:2f:b0:ee:8c:e8:ed:9f:70:36:fd:
         ac:3a:74:0c:d5:77:85:25:1c:39:74:61:4f:df:c6:7f:31:4d:
         bb:d0:1c:15:dc:26:c0:c2:a2:14:d8:03:4f:55:62:c5:41:46:
         48:8d:76:53:42:61:c0:4e:39:df:4d:d3:87:92:bc:a6:ae:41:
         bc:b8:a9:d9:65:43:df:91:ff:c5:cf:c5:de:fe:ad:3b:c5:c8:
         8c:91:be:c8:5b:d1:d3:80:b2:76:29:b9:21:3d:2b:c3:16:da:
         5a:1a:f6:ae:08:42:e5:cd:0a:0e:91:b6:8e:06:0d:ca:bb:79:
         e2:f1:82:f3:3c:46:75:ff:c1:b0:af:a2:3b:ee:ad:f5:76:61:
         c5:0b:b1:bd:13:de:8c:4b:f7:03:09:5e:c4:3c:9b:22:0d:3c:
         96:9b:3e:59:9a:2d:50:0f:c9:39:d4:ff:da:03:5e:9c:a9:12:
         f0:a6:e3:6a:4c:fb:08:ee:81:c8:5c:69:24:67:91:58:dc:48:
         23:63:48:98:ee:38:f8:37:94:cc:7f:b9:8c:d6:3a:ae:62:7f:
         18:75:2c:8e:f1:cf:e6:7a:41:14:7f:2c:5e:f8:73:6c:45:97:
         b7:6f:35:df:c7:2e:0d:b4:22:2d:05:3e:e0:a7:7b:2e:d1:2e:
         3b:0f:68:62
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzEJU9z3C1Nr4RLWkeR5HylMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDgzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWY1ZDVlNjFiMGJhNGRjN2JjYzczM2U1YWIyMTI1NzM1MzU2YjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2A56YIbLDonJop0uPo51Ak3zJWME
Qs7oZkAcNQOAFYgkc+UtKuKauHKnzI04wjeb3Rtzn1ZpjCcgRW//pHHONmJ8FsWV
yBSn9vMFhDVA7/Xg8IjnjS5qVEUwM9F3vONMpRyDJ8nJhY15O6JZi9E7OBlq3Ab/
/yFTm9bGdCb/i9ZHZgp+YepZzSlSY5j92yLp8R6y6krCApwXo1eQ9ieC4QZ7hUp/
3hOtD/M2mE1fD9w3FvoJ8+e/iLGFNjjN/v6yLw1oc3ucDCkg6JnQ2CTpP9WkejDI
naevQ4lwvKYzR8KGsZgshzQcUhnwJamz+h3Ze7F6E5p0P9TtWlI+on4hnwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFBH11eYbC6Tce8xzPlqyElc1NWsvMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzlhLzc3N2M3
NC1jNmMwLTQ2NzktYjBiYy00MzMxYTFmMWFiZDAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWEvNzc3Yzc0
LWM2YzAtNDY3OS1iMGJjLTQzMzFhMWYxYWJkMC8xL0VmWFY1aHNMcE54N3pITS1X
cklTVnpVMWF5OC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCLZIwMA0GCSqGSIb3DQEBCwUAA4IBAQBwjSRP
orb0MC+w7ozo7Z9wNv2sOnQM1XeFJRw5dGFP38Z/MU270BwV3CbAwqIU2ANPVWLF
QUZIjXZTQmHATjnfTdOHkrymrkG8uKnZZUPfkf/Fz8Xe/q07xciMkb7IW9HTgLJ2
KbkhPSvDFtpaGvauCELlzQoOkbaOBg3Ku3ni8YLzPEZ1/8Gwr6I77q31dmHFC7G9
E96MS/cDCV7EPJsiDTyWmz5Zmi1QD8k51P/aA16cqRLwpuNqTPsI7oHIXGkkZ5FY
3EgjY0iY7jj4N5TMf7mM1jquYn8YdSyO8c/mekEUfyxe+HNsRZe3bzXfxy4NtCIt
BT7gp3su0S47D2hi
-----END CERTIFICATE-----