Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/GAIUWTANFfrFUHBc9uJYmZ09hro.cer
File:                     GAIUWTANFfrFUHBc9uJYmZ09hro.cer (raw, json)
Hash identifier:          qEWVInSStt1beudgUBepK0SfJltcXxmrSMJCOflRwV0=
Subject key identifier:   18:02:14:59:30:0D:15:FA:C5:50:70:5C:F6:E2:58:99:9D:3D:86:BA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC72747EDFB740B925370E0F5CE2485B7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/09/7d3327-7084-4ced-9967-9224ce2e965a/1/GAIUWTANFfrFUHBc9uJYmZ09hro.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/09/7d3327-7084-4ced-9967-9224ce2e965a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 22:31:29 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 195.137.178.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Dec 2024 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:47:ed:fb:74:0b:92:53:70:e0:f5:ce:24:85:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18021459300d15fac550705cf6e258999d3d86ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:86:61:d7:38:f6:20:e6:7c:3d:f1:94:4f:a3:
                    db:ec:2f:0b:5e:2e:41:04:1a:40:f3:7b:7f:49:70:
                    65:d8:4d:62:8d:ea:0b:55:34:15:e9:eb:24:bb:9e:
                    22:e8:70:4d:3c:48:a7:2c:d4:fd:40:2a:18:92:c4:
                    7c:0a:e5:09:e8:5b:09:bd:4a:07:e5:ed:de:74:1b:
                    89:8d:b5:80:5d:c6:aa:5d:74:37:2c:0e:30:4d:1b:
                    3a:19:fe:87:e0:ad:bc:88:91:be:5c:d9:8e:02:d6:
                    77:2f:d9:26:fc:52:31:6a:01:da:09:2c:12:09:b0:
                    f2:f0:b7:bb:fe:be:99:34:87:02:4c:fb:8e:1c:f3:
                    2e:aa:5e:39:fe:94:81:78:c5:7a:7c:bf:7e:38:6d:
                    71:94:7e:2f:81:80:ac:c7:14:3a:8f:52:ea:98:54:
                    de:28:93:41:fe:ce:ea:10:77:c7:aa:40:34:35:f5:
                    fa:44:bb:c8:56:1d:4c:d6:d0:53:a3:80:d6:e2:60:
                    0d:c3:0b:5d:11:34:b4:91:aa:6e:d5:ba:c9:80:94:
                    17:55:61:78:e3:c9:50:08:e1:e5:c9:d4:4e:04:4a:
                    c3:77:e0:b3:56:f0:c0:e8:e9:70:3b:7f:7a:70:82:
                    c0:2f:87:c9:25:71:ba:21:0b:e2:48:70:6c:e2:f5:
                    fb:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:02:14:59:30:0D:15:FA:C5:50:70:5C:F6:E2:58:99:9D:3D:86:BA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7d3327-7084-4ced-9967-9224ce2e965a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7d3327-7084-4ced-9967-9224ce2e965a/1/GAIUWTANFfrFUHBc9uJYmZ09hro.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.137.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:3b:39:6a:ac:54:8e:86:84:83:c3:51:13:59:63:86:c2:ee:
         b1:b3:f5:af:e0:31:b9:f1:69:cc:ee:66:6a:8c:05:e0:6b:01:
         d8:d5:ce:25:bc:0b:87:1e:ed:41:5e:33:ae:ae:a2:6d:16:8f:
         ab:4a:70:a5:57:b2:c3:f9:f8:5e:d1:c3:da:a0:e2:a3:5d:28:
         07:8e:45:64:2d:3a:f4:ec:80:1b:91:8f:8e:93:54:36:c4:2a:
         29:1f:37:1f:bf:ae:95:e7:c9:eb:1f:75:da:ff:6b:8f:d0:67:
         6b:09:5a:9e:00:bf:1c:48:0c:30:1a:d9:88:49:59:ac:09:15:
         d4:cf:2d:99:e0:b5:d1:0b:93:d2:0a:ee:45:18:8d:7e:27:45:
         fd:6d:36:f4:eb:eb:9a:d7:0f:4e:60:a0:69:8a:97:7e:93:6f:
         c0:18:e7:70:5a:53:f1:c9:c7:37:3d:3d:aa:49:d3:be:57:bb:
         86:9d:06:36:e0:38:4d:f9:29:c8:a6:46:21:f9:e1:27:29:08:
         14:53:ed:f3:aa:5d:27:f4:4f:95:0a:b8:16:6f:06:cf:3d:e2:
         b3:8b:6c:70:06:e1:eb:65:a2:8d:5d:67:79:f0:78:67:cf:f7:
         2a:ca:4d:7e:33:b8:22:4b:15:a6:ff:bb:69:4c:4e:d9:4c:0d:
         62:18:b7:a2
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzHJ0ft+3QLklNw4PXOJIW3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODAyMTQ1OTMwMGQxNWZhYzU1MDcwNWNmNmUyNTg5OTlkM2Q4NmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoZh1zj2IOZ8PfGUT6Pb7C8LXi5B
BBpA83t/SXBl2E1ijeoLVTQV6esku54i6HBNPEinLNT9QCoYksR8CuUJ6FsJvUoH
5e3edBuJjbWAXcaqXXQ3LA4wTRs6Gf6H4K28iJG+XNmOAtZ3L9km/FIxagHaCSwS
CbDy8Le7/r6ZNIcCTPuOHPMuql45/pSBeMV6fL9+OG1xlH4vgYCsxxQ6j1LqmFTe
KJNB/s7qEHfHqkA0NfX6RLvIVh1M1tBTo4DW4mANwwtdETS0kapu1brJgJQXVWF4
48lQCOHlydROBErDd+CzVvDA6OlwO396cILAL4fJJXG6IQviSHBs4vX7LQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFBgCFFkwDRX6xVBwXPbiWJmdPYa6MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzA5LzdkMzMy
Ny03MDg0LTRjZWQtOTk2Ny05MjI0Y2UyZTk2NWEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDkvN2QzMzI3
LTcwODQtNGNlZC05OTY3LTkyMjRjZTJlOTY1YS8xL0dBSVVXVEFORmZyRlVIQmM5
dUpZbVowOWhyby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAw4myMA0GCSqGSIb3DQEBCwUAA4IBAQCYOzlq
rFSOhoSDw1ETWWOGwu6xs/Wv4DG58WnM7mZqjAXgawHY1c4lvAuHHu1BXjOurqJt
Fo+rSnClV7LD+fhe0cPaoOKjXSgHjkVkLTr07IAbkY+Ok1Q2xCopHzcfv66V58nr
H3Xa/2uP0GdrCVqeAL8cSAwwGtmISVmsCRXUzy2Z4LXRC5PSCu5FGI1+J0X9bTb0
6+ua1w9OYKBpipd+k2/AGOdwWlPxycc3PT2qSdO+V7uGnQY24DhN+SnIpkYh+eEn
KQgUU+3zql0n9E+VCrgWbwbPPeKzi2xwBuHrZaKNXWd58Hhnz/cqyk1+M7giSxWm
/7tpTE7ZTA1iGLei
-----END CERTIFICATE-----