Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/F44v4h2iAjXpnsQ8GTgcfG1jo60.cer
File:                     F44v4h2iAjXpnsQ8GTgcfG1jo60.cer (raw, json)
Hash identifier:          RilxxAJDhWTuV5ZLACYkiquwJwrMRlq7ms1yV2A8tPw=
Subject key identifier:   17:8E:2F:E2:1D:A2:02:35:E9:9E:C4:3C:19:38:1C:7C:6D:63:A3:AD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC348E76DFE4745208287A73E8F559679
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/19/f42340-2fcd-4573-a80b-910155525b2c/1/F44v4h2iAjXpnsQ8GTgcfG1jo60.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/19/f42340-2fcd-4573-a80b-910155525b2c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:29:44 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 5.42.206.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 23:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e7:6d:fe:47:45:20:82:87:a7:3e:8f:55:96:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=178e2fe21da20235e99ec43c19381c7c6d63a3ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:02:8f:af:1b:f6:bb:f8:5a:67:13:d9:1f:19:
                    04:6f:9d:23:f1:0a:7c:83:ae:51:0e:53:a9:0d:94:
                    79:a5:5c:0d:c1:c9:68:56:21:ee:77:8b:2a:ae:d4:
                    65:5e:65:3d:bd:d3:fb:ba:14:9c:58:a6:51:3f:d5:
                    21:ad:ec:c1:2b:a6:39:da:a8:65:5c:42:1c:f4:21:
                    bb:25:49:a6:c2:4e:f5:70:97:8d:c6:b0:c3:bb:ef:
                    28:3e:a7:31:3f:7b:ff:5e:78:b7:a0:ea:01:75:00:
                    45:80:c9:75:a8:2b:9a:0d:0e:11:fb:97:e2:0a:72:
                    d4:01:5c:a7:bc:c2:74:41:ea:e6:77:e8:7f:25:c1:
                    8f:9b:f1:38:8b:e6:9f:aa:6b:5d:33:26:2f:05:31:
                    a9:de:0e:40:65:61:b9:91:58:5e:cb:74:a8:7f:d7:
                    3f:e6:78:b2:dd:eb:8b:62:94:ae:d7:69:ea:01:a3:
                    24:50:23:f0:8f:af:e9:4b:5b:c7:33:4e:b4:bb:e6:
                    88:3e:b4:7c:88:ec:7d:5f:58:f8:0f:42:eb:a6:60:
                    73:4f:f4:ad:85:b5:cc:76:21:38:7f:54:d0:af:35:
                    63:f4:73:b3:eb:91:46:99:b3:b8:d9:08:90:a5:95:
                    82:54:d8:21:b2:b6:aa:4c:69:c9:4a:ed:6a:de:be:
                    85:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:8E:2F:E2:1D:A2:02:35:E9:9E:C4:3C:19:38:1C:7C:6D:63:A3:AD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/f42340-2fcd-4573-a80b-910155525b2c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/f42340-2fcd-4573-a80b-910155525b2c/1/F44v4h2iAjXpnsQ8GTgcfG1jo60.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:ef:5c:c7:f6:ea:b3:93:c2:02:9f:d5:84:bc:df:c9:03:6d:
         13:82:1c:44:4b:30:ba:7e:b9:82:c7:6a:30:94:30:19:2d:24:
         f4:a5:38:45:b5:e2:cd:e6:6a:3f:e4:f8:64:0c:32:0a:06:41:
         bf:7c:72:f3:bc:69:2b:2c:0a:48:da:b4:15:5b:24:20:ef:b8:
         99:f0:f7:44:2a:12:51:10:d3:e7:a9:04:d0:ec:a2:34:22:08:
         b4:cc:26:4a:e6:8e:01:a0:31:30:96:94:cb:2b:8c:93:4c:ab:
         0c:2a:19:0f:0b:cf:1e:5d:b3:4b:69:47:67:a9:99:2d:04:a7:
         25:40:c9:81:66:fe:e5:82:7d:47:a2:21:ad:91:85:a1:ed:15:
         79:8d:e7:e9:1e:ce:8f:e5:10:7a:7f:72:ee:ee:0e:12:83:5d:
         89:04:ba:4d:ea:61:74:6d:56:f2:f6:45:70:51:68:2f:f2:47:
         84:27:1a:09:e5:c6:aa:b8:27:6e:72:8e:7b:a1:7a:b0:ea:57:
         bb:86:81:6d:cb:59:72:bd:f4:40:c9:20:f4:0f:9d:f1:6a:91:
         63:a5:9c:ed:5e:94:9d:81:7b:61:e0:5f:f9:7f:d3:b9:5f:34:
         a0:fe:a5:4f:78:5c:56:3a:e2:cf:90:6b:74:83:f2:e8:0f:a7:
         a9:9e:91:bb
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzDSOdt/kdFIIKHpz6PVZZ5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzhlMmZlMjFkYTIwMjM1ZTk5ZWM0M2MxOTM4MWM3YzZkNjNhM2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwKPrxv2u/haZxPZHxkEb50j8Qp8
g65RDlOpDZR5pVwNwcloViHud4sqrtRlXmU9vdP7uhScWKZRP9UhrezBK6Y52qhl
XEIc9CG7JUmmwk71cJeNxrDDu+8oPqcxP3v/Xni3oOoBdQBFgMl1qCuaDQ4R+5fi
CnLUAVynvMJ0Qermd+h/JcGPm/E4i+afqmtdMyYvBTGp3g5AZWG5kVhey3Sof9c/
5niy3euLYpSu12nqAaMkUCPwj6/pS1vHM060u+aIPrR8iOx9X1j4D0LrpmBzT/St
hbXMdiE4f1TQrzVj9HOz65FGmbO42QiQpZWCVNghsraqTGnJSu1q3r6FqwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFBeOL+IdogI16Z7EPBk4HHxtY6OtMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE5L2Y0MjM0
MC0yZmNkLTQ1NzMtYTgwYi05MTAxNTU1MjViMmMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTkvZjQyMzQw
LTJmY2QtNDU3My1hODBiLTkxMDE1NTUyNWIyYy8xL0Y0NHY0aDJpQWpYcG5zUThH
VGdjZkcxam82MC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQABSrOMA0GCSqGSIb3DQEBCwUAA4IBAQBL71zH
9uqzk8ICn9WEvN/JA20TghxESzC6frmCx2owlDAZLST0pThFteLN5mo/5PhkDDIK
BkG/fHLzvGkrLApI2rQVWyQg77iZ8PdEKhJRENPnqQTQ7KI0Igi0zCZK5o4BoDEw
lpTLK4yTTKsMKhkPC88eXbNLaUdnqZktBKclQMmBZv7lgn1HoiGtkYWh7RV5jefp
Hs6P5RB6f3Lu7g4Sg12JBLpN6mF0bVby9kVwUWgv8keEJxoJ5caquCduco57oXqw
6le7hoFty1lyvfRAySD0D53xapFjpZztXpSdgXth4F/5f9O5XzSg/qVPeFxWOuLP
kGt0g/LoD6epnpG7
-----END CERTIFICATE-----