Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/F2w05a5wFsNgXTJpVkrpaFRDWV0.cer
File:                     F2w05a5wFsNgXTJpVkrpaFRDWV0.cer (raw, json)
Hash identifier:          73+OC74pjEa8ZYM3KN7uXDYP4pg1nxVprk+6BcHMLTo=
Subject key identifier:   17:6C:34:E5:AE:70:16:C3:60:5D:32:69:56:4A:E9:68:54:43:59:5D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56ED1E6290826234D4B1009E54786E7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/cb/6426a5-6b14-4911-88e1-a75f3df46af1/1/F2w05a5wFsNgXTJpVkrpaFRDWV0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/cb/6426a5-6b14-4911-88e1-a75f3df46af1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:30:23 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.90.112.0/22
                          IP: 2a03:8720::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 25 Apr 2024 23:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d1:e6:29:08:26:23:4d:4b:10:09:e5:47:86:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=176c34e5ae7016c3605d3269564ae9685443595d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:db:81:67:0f:74:80:be:9f:b3:45:96:56:d3:
                    ee:5d:39:fa:aa:c9:0e:7e:88:86:84:b8:6b:78:4e:
                    a7:3a:cb:c7:b0:f1:c4:29:43:9b:b9:7e:f1:9f:24:
                    10:ff:4f:aa:bd:7f:dd:58:e9:6e:ca:91:bd:f3:da:
                    35:96:00:21:af:93:c8:e0:cd:71:17:25:f3:5d:fd:
                    a4:a7:5f:30:1b:c2:16:7e:ed:9e:14:65:1d:58:f3:
                    29:df:8a:f3:e1:07:47:43:df:0d:34:cb:77:70:a4:
                    a7:b0:00:be:05:10:81:c7:e9:7c:b9:01:b1:b3:a0:
                    0d:03:f3:c2:98:f2:db:a8:e6:08:03:4d:8c:c5:46:
                    85:7c:e8:9d:f9:f2:70:f2:f5:d3:4e:f9:a9:bd:b4:
                    b9:6c:2a:ec:e7:74:e0:1f:51:39:ce:2d:98:dd:61:
                    82:f5:d0:58:17:1c:10:4c:42:3a:6e:2e:c6:8f:05:
                    9f:d2:23:9f:5e:4e:cf:ae:c0:d8:61:a3:47:c4:ec:
                    3c:0f:37:0f:48:86:d0:6c:87:86:8b:f2:46:fc:35:
                    99:bf:7e:d5:b8:0e:bb:a6:e5:c3:94:3c:14:ae:72:
                    ad:33:f2:ed:c0:c4:df:67:eb:b6:54:83:81:96:55:
                    b9:d8:88:ef:98:90:ec:7e:e2:b1:70:b0:cb:64:2d:
                    7e:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:6C:34:E5:AE:70:16:C3:60:5D:32:69:56:4A:E9:68:54:43:59:5D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/6426a5-6b14-4911-88e1-a75f3df46af1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/6426a5-6b14-4911-88e1-a75f3df46af1/1/F2w05a5wFsNgXTJpVkrpaFRDWV0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.90.112.0/22
                IPv6:
                  2a03:8720::/32

    Signature Algorithm: sha256WithRSAEncryption
         33:9c:87:df:f5:b7:77:b2:17:3d:78:03:5a:fe:02:49:f1:1c:
         32:3e:41:6c:f5:6c:58:26:ad:34:19:5f:75:7b:b2:03:84:9a:
         d5:27:2b:a6:18:66:93:c7:2f:b7:1d:f8:7c:61:68:62:7a:8d:
         d7:93:37:09:96:b6:e6:9e:3a:5c:b0:20:69:67:89:85:f5:c5:
         9e:79:c3:3c:b9:5a:18:ea:57:8a:fd:25:17:e0:d7:72:39:00:
         51:11:99:bd:4d:4e:e2:f6:f3:2d:29:b8:ff:a4:0b:dd:71:d2:
         37:19:8e:6f:4f:86:66:1e:6a:f3:71:12:6a:b8:3c:6a:b5:d3:
         e0:98:17:b4:b7:24:c7:f0:15:44:6f:b3:b5:01:2f:d8:06:2f:
         4e:d4:5a:3a:44:cf:31:82:40:0c:a9:06:f0:12:43:c2:c7:ba:
         e4:27:91:1a:29:6c:f6:11:78:73:8d:84:34:1b:57:d3:2d:ab:
         0d:4d:8d:a8:8f:f1:57:07:2c:71:60:20:e4:fb:78:d7:25:8c:
         60:38:ab:90:2d:62:63:78:0e:af:61:f1:18:a4:e4:d7:9a:c8:
         05:8e:e0:04:05:55:af:17:3d:87:76:1f:83:a1:b2:f2:d5:97:
         e9:c5:9b:cf:39:d8:2d:a8:0c:2d:6b:33:2d:d7:77:c0:75:f8:
         39:4c:ac:c6
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzFbtHmKQgmI01LEAnlR4bnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzZjMzRlNWFlNzAxNmMzNjA1ZDMyNjk1NjRhZTk2ODU0NDM1OTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA79uBZw90gL6fs0WWVtPuXTn6qskO
foiGhLhreE6nOsvHsPHEKUObuX7xnyQQ/0+qvX/dWOluypG989o1lgAhr5PI4M1x
FyXzXf2kp18wG8IWfu2eFGUdWPMp34rz4QdHQ98NNMt3cKSnsAC+BRCBx+l8uQGx
s6ANA/PCmPLbqOYIA02MxUaFfOid+fJw8vXTTvmpvbS5bCrs53TgH1E5zi2Y3WGC
9dBYFxwQTEI6bi7GjwWf0iOfXk7PrsDYYaNHxOw8DzcPSIbQbIeGi/JG/DWZv37V
uA67puXDlDwUrnKtM/LtwMTfZ+u2VIOBllW52IjvmJDsfuKxcLDLZC1+VwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFBdsNOWucBbDYF0yaVZK6WhUQ1ldMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NiLzY0MjZh
NS02YjE0LTQ5MTEtODhlMS1hNzVmM2RmNDZhZjEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2IvNjQyNmE1
LTZiMTQtNDkxMS04OGUxLWE3NWYzZGY0NmFmMS8xL0YydzA1YTV3RnNOZ1hUSnBW
a3JwYUZSRFdWMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuVpwMA0EAgACMAcDBQAqA4cgMA0GCSqGSIb3
DQEBCwUAA4IBAQAznIff9bd3shc9eANa/gJJ8RwyPkFs9WxYJq00GV91e7IDhJrV
JyumGGaTxy+3Hfh8YWhieo3XkzcJlrbmnjpcsCBpZ4mF9cWeecM8uVoY6leK/SUX
4NdyOQBREZm9TU7i9vMtKbj/pAvdcdI3GY5vT4ZmHmrzcRJquDxqtdPgmBe0tyTH
8BVEb7O1AS/YBi9O1Fo6RM8xgkAMqQbwEkPCx7rkJ5EaKWz2EXhzjYQ0G1fTLasN
TY2oj/FXByxxYCDk+3jXJYxgOKuQLWJjeA6vYfEYpOTXmsgFjuAEBVWvFz2Hdh+D
obLy1ZfpxZvPOdgtqAwtazMt13fAdfg5TKzG
-----END CERTIFICATE-----