Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/F4yPIMk5qqnIDM5qDRVnGDyhxZk.cer
File:                     F4yPIMk5qqnIDM5qDRVnGDyhxZk.cer (raw, json)
Hash identifier:          9fWMLvI7T2aLOkEIGen3WrLlscDjHtSfG9WLyy0ktAQ=
Subject key identifier:   17:8C:8F:20:C9:39:AA:A9:C8:0C:CE:6A:0D:15:67:18:3C:A1:C5:99
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC801A753BD8221BE4FC5F1849775D89E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/F4yPIMk5qqnIDM5qDRVnGDyhxZk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:30:00 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.199.74.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 08:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:a7:53:bd:82:21:be:4f:c5:f1:84:97:75:d8:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=178c8f20c939aaa9c80cce6a0d1567183ca1c599
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d7:6e:b8:fe:1b:a4:cc:bd:63:5f:ab:2f:a7:
                    ad:fe:13:da:ea:00:8c:8b:8f:5a:b7:7f:c4:84:f2:
                    3d:a2:50:7b:15:51:cc:1e:8e:78:55:df:aa:56:18:
                    ce:54:be:02:0e:1c:91:31:41:4d:a3:26:8d:8b:86:
                    43:70:91:d0:04:42:af:69:0e:b5:15:3d:89:a1:5a:
                    30:18:fc:ca:e5:1f:c2:6a:1b:67:d3:5d:57:10:b4:
                    7d:75:96:ff:34:3b:42:d9:f1:fa:93:44:34:42:08:
                    65:e9:ee:89:cd:64:d0:d8:b0:f9:3c:c3:a2:f5:87:
                    0e:30:bf:54:c2:92:88:ac:d7:a3:38:3e:c2:c6:d9:
                    20:15:7e:fd:f2:24:8d:69:ea:5a:bb:40:20:85:c9:
                    90:45:f7:fb:1d:72:39:21:56:bb:fa:85:61:f0:4d:
                    6a:2a:cb:f2:ad:8b:b1:6b:c8:46:3c:07:61:23:77:
                    53:b7:89:4f:a2:66:b5:4a:45:50:7f:22:57:d9:8e:
                    ab:36:6d:1a:a1:2d:a8:52:d9:13:78:4e:2c:3a:cb:
                    42:cf:89:40:cd:66:8e:5a:58:9c:21:a9:ac:f3:dc:
                    57:e9:2f:64:11:34:74:56:a0:c6:c3:2f:55:d2:20:
                    bb:76:46:cf:20:ab:42:74:7c:4d:99:17:5a:f3:9a:
                    53:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:8C:8F:20:C9:39:AA:A9:C8:0C:CE:6A:0D:15:67:18:3C:A1:C5:99
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/F4yPIMk5qqnIDM5qDRVnGDyhxZk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:18:6e:6b:bb:1f:5c:f1:98:99:fb:62:b8:d8:fc:46:94:f9:
         d9:c4:0f:47:91:94:c6:0b:a7:ed:d1:d4:5c:29:ae:1c:c5:e4:
         5b:ff:b6:0c:a9:be:14:d8:4c:04:fb:c5:f0:a3:20:7b:c4:4e:
         fe:7e:b6:31:51:5c:b6:fc:67:26:0a:fd:e4:c9:64:5c:07:a1:
         a6:85:25:ad:c8:be:dd:35:59:ab:14:60:8d:f7:b7:fc:21:f6:
         1b:d0:73:7a:51:26:cf:4d:c5:80:0d:24:2e:6a:75:28:5f:83:
         99:06:cd:f5:0c:00:ec:49:a3:d5:34:ad:ba:4d:ac:c5:aa:ea:
         67:fb:4f:cb:a9:97:b2:d1:aa:15:e3:12:71:5c:ad:ab:1c:e6:
         d5:25:46:f3:2d:a4:37:8c:c1:05:eb:e8:4a:63:df:79:28:8e:
         81:ec:46:93:73:93:e4:27:85:73:da:76:ac:4c:90:43:66:b6:
         af:11:e3:3d:11:5a:07:02:2c:d5:a8:2f:f5:24:ee:bd:e4:f5:
         65:2f:41:32:0d:49:86:c2:08:37:bc:17:f1:21:97:51:8e:cb:
         a7:cd:ea:2e:4c:21:88:64:2c:a5:4f:b0:b9:9b:e2:dc:94:b9:
         5b:53:67:22:3b:06:98:e2:02:74:02:be:8a:43:0d:81:ae:0a:
         0b:0e:df:5f
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzIAadTvYIhvk/F8YSXddieMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzhjOGYyMGM5MzlhYWE5YzgwY2NlNmEwZDE1NjcxODNjYTFjNTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdduuP4bpMy9Y1+rL6et/hPa6gCM
i49at3/EhPI9olB7FVHMHo54Vd+qVhjOVL4CDhyRMUFNoyaNi4ZDcJHQBEKvaQ61
FT2JoVowGPzK5R/Cahtn011XELR9dZb/NDtC2fH6k0Q0Qghl6e6JzWTQ2LD5PMOi
9YcOML9UwpKIrNejOD7CxtkgFX798iSNaepau0AghcmQRff7HXI5IVa7+oVh8E1q
KsvyrYuxa8hGPAdhI3dTt4lPoma1SkVQfyJX2Y6rNm0aoS2oUtkTeE4sOstCz4lA
zWaOWlicIams89xX6S9kETR0VqDGwy9V0iC7dkbPIKtCdHxNmRda85pTUQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFBeMjyDJOaqpyAzOag0VZxg8ocWZMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzA3LzdlZGQ5
YS1mYjcyLTQzZDctYjI1Mi00Y2QxMWU4Yjc0OTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDcvN2VkZDlh
LWZiNzItNDNkNy1iMjUyLTRjZDExZThiNzQ5Ny8xL0Y0eVBJTWs1cXFuSURNNXFE
UlZuR0R5aHhaay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW8dKMA0GCSqGSIb3DQEBCwUAA4IBAQBfGG5r
ux9c8ZiZ+2K42PxGlPnZxA9HkZTGC6ft0dRcKa4cxeRb/7YMqb4U2EwE+8XwoyB7
xE7+frYxUVy2/GcmCv3kyWRcB6GmhSWtyL7dNVmrFGCN97f8IfYb0HN6USbPTcWA
DSQuanUoX4OZBs31DADsSaPVNK26TazFqupn+0/LqZey0aoV4xJxXK2rHObVJUbz
LaQ3jMEF6+hKY995KI6B7EaTc5PkJ4Vz2nasTJBDZravEeM9EVoHAizVqC/1JO69
5PVlL0EyDUmGwgg3vBfxIZdRjsunzeouTCGIZCylT7C5m+LclLlbU2ciOwaY4gJ0
Ar6KQw2BrgoLDt9f
-----END CERTIFICATE-----