Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/G-vTPUzUVGXvpQ-qgk-4EsQXOic.cer
File:                     G-vTPUzUVGXvpQ-qgk-4EsQXOic.cer (raw, json)
Hash identifier:          IXOQCy2NX5icd9/X2m9imNUwaVBdiGJFctEzOhr1OFI=
Subject key identifier:   1B:EB:D3:3D:4C:D4:54:65:EF:A5:0F:AA:82:4F:B8:12:C4:17:3A:27
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56EE3AC14C32AFD30662EFB26129971
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/12/1e7b02-889b-4a53-a509-8ab5eb558473/1/G-vTPUzUVGXvpQ-qgk-4EsQXOic.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/12/1e7b02-889b-4a53-a509-8ab5eb558473/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:30:28 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 194.15.237.0/24
                          IP: 194.39.120.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:e3:ac:14:c3:2a:fd:30:66:2e:fb:26:12:99:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1bebd33d4cd45465efa50faa824fb812c4173a27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:54:81:b7:f9:a8:3c:22:d2:db:10:ed:d7:dd:
                    df:08:ab:99:d0:a8:65:28:e2:71:d0:b5:ed:e6:6b:
                    2e:56:0a:c7:88:21:44:7f:b5:58:2c:b2:3d:06:f9:
                    96:be:00:df:54:ac:ff:81:b5:f9:31:1a:90:cf:75:
                    fa:91:8c:2c:2f:9a:ec:4d:c0:ff:95:6c:95:76:95:
                    46:f2:92:41:49:38:c0:64:ac:f8:cc:24:73:a0:56:
                    eb:9b:ab:c2:30:cf:8a:28:b8:d6:29:66:dc:41:91:
                    66:e8:41:f1:e2:6b:ec:7c:cf:34:ab:65:b7:f4:06:
                    ff:84:d6:6f:7b:0f:ff:17:46:6c:2e:2a:21:2c:13:
                    58:5c:1f:a2:f2:6b:2f:7e:71:37:03:85:8f:33:a9:
                    48:25:84:bf:2b:b7:65:b5:cd:db:8e:3e:15:fc:a7:
                    64:26:7d:e7:31:f5:47:fb:c4:58:d1:ee:49:23:e5:
                    6d:b7:b4:80:8a:a2:c9:a4:f3:b9:23:74:08:9a:0e:
                    a3:12:d3:0f:8c:74:bd:c3:ed:4b:e7:82:73:af:99:
                    80:18:9f:c8:9c:82:f7:81:a2:2a:b2:05:8b:0c:b4:
                    87:8e:91:7f:4c:72:2d:1b:35:9c:89:cc:5b:81:fc:
                    9e:fc:6a:2d:a7:62:b2:2f:d5:c9:cd:c0:7a:b0:3a:
                    64:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:EB:D3:3D:4C:D4:54:65:EF:A5:0F:AA:82:4F:B8:12:C4:17:3A:27
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/1e7b02-889b-4a53-a509-8ab5eb558473/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/1e7b02-889b-4a53-a509-8ab5eb558473/1/G-vTPUzUVGXvpQ-qgk-4EsQXOic.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.237.0/24
                  194.39.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:94:46:a6:6a:bc:18:f1:55:63:07:e7:fd:43:28:bd:fd:ed:
         66:33:8e:9b:3b:c5:bd:5d:aa:b0:dc:d3:da:13:8f:58:f3:99:
         74:85:39:2d:65:64:b5:a3:f7:33:80:91:47:16:b1:57:e4:d5:
         6b:47:46:fd:cb:ee:c3:fe:50:6a:9d:33:14:90:22:a8:74:95:
         b0:50:48:7b:ed:29:ea:c4:72:1e:eb:5e:5f:7b:72:ca:f9:35:
         b4:9a:5e:e2:04:a3:3d:7f:eb:48:be:27:32:63:cd:0d:80:51:
         8d:b3:25:1d:1c:e4:24:99:87:3a:85:9d:f1:28:23:fd:83:4b:
         2f:bd:1e:b4:eb:02:0b:c6:b9:c1:f9:09:a1:8c:f3:8c:e0:f4:
         95:f4:27:24:09:6a:70:89:4f:a1:e2:65:10:62:45:c1:88:34:
         ad:b7:69:5f:61:fc:f9:32:c9:d3:d3:08:ae:7b:f5:24:b3:78:
         85:66:29:c2:50:c1:7d:83:a7:fb:37:37:bc:3a:90:ab:6a:74:
         64:0c:2c:d6:9a:50:b1:dc:0e:10:53:45:60:89:75:2b:e5:d8:
         98:65:b7:2e:c5:2f:f0:64:73:97:67:7f:d8:32:e4:f6:a1:b0:
         35:f3:b7:ad:3b:37:3c:44:0d:a2:00:0e:9b:20:c8:07:a1:f8:
         d2:63:ba:66
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAYzFbuOsFMMq/TBmLvsmEplxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmViZDMzZDRjZDQ1NDY1ZWZhNTBmYWE4MjRmYjgxMmM0MTczYTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1VSBt/moPCLS2xDt193fCKuZ0Khl
KOJx0LXt5msuVgrHiCFEf7VYLLI9BvmWvgDfVKz/gbX5MRqQz3X6kYwsL5rsTcD/
lWyVdpVG8pJBSTjAZKz4zCRzoFbrm6vCMM+KKLjWKWbcQZFm6EHx4mvsfM80q2W3
9Ab/hNZvew//F0ZsLiohLBNYXB+i8msvfnE3A4WPM6lIJYS/K7dltc3bjj4V/Kdk
Jn3nMfVH+8RY0e5JI+Vtt7SAiqLJpPO5I3QImg6jEtMPjHS9w+1L54Jzr5mAGJ/I
nIL3gaIqsgWLDLSHjpF/THItGzWcicxbgfye/Gotp2KyL9XJzcB6sDpkwwIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFBvr0z1M1FRl76UPqoJPuBLEFzonMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEyLzFlN2Iw
Mi04ODliLTRhNTMtYTUwOS04YWI1ZWI1NTg0NzMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTIvMWU3YjAy
LTg4OWItNGE1My1hNTA5LThhYjVlYjU1ODQ3My8xL0ctdlRQVXpVVkdYdnBRLXFn
ay00RXNRWE9pYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQAwg/tAwQAwid4MA0GCSqGSIb3DQEBCwUAA4IB
AQASlEamarwY8VVjB+f9Qyi9/e1mM46bO8W9Xaqw3NPaE49Y85l0hTktZWS1o/cz
gJFHFrFX5NVrR0b9y+7D/lBqnTMUkCKodJWwUEh77SnqxHIe615fe3LK+TW0ml7i
BKM9f+tIvicyY80NgFGNsyUdHOQkmYc6hZ3xKCP9g0svvR606wILxrnB+QmhjPOM
4PSV9CckCWpwiU+h4mUQYkXBiDStt2lfYfz5MsnT0wiue/Uks3iFZinCUMF9g6f7
Nze8OpCranRkDCzWmlCx3A4QU0VgiXUr5diYZbcuxS/wZHOXZ3/YMuT2obA187et
Ozc8RA2iAA6bIMgHofjSY7pm
-----END CERTIFICATE-----