Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/GE0cAC8GDslW5k5c_k8dwJhYf9Y.cer
File:                     GE0cAC8GDslW5k5c_k8dwJhYf9Y.cer (raw, json)
Hash identifier:          q8ZvwijlXyPQMKv59PzCQgp6kQjckKwuvhzuGk63CgM=
Subject key identifier:   18:4D:1C:00:2F:06:0E:C9:56:E6:4E:5C:FE:4F:1D:C0:98:58:7F:D6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC64B2CEA0A8B3B3006D42183B0B3528E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/3b/04df92-a979-421f-8046-1415c9779e17/1/GE0cAC8GDslW5k5c_k8dwJhYf9Y.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/3b/04df92-a979-421f-8046-1415c9779e17/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:31:04 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 217.28.139.0/24
                          IP: 2a12:3c40::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 02:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:2c:ea:0a:8b:3b:30:06:d4:21:83:b0:b3:52:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=184d1c002f060ec956e64e5cfe4f1dc098587fd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:12:4d:dc:fd:43:6c:ec:15:6c:70:a2:65:1e:
                    9a:42:4d:2e:c0:3e:72:4a:49:74:1d:09:87:ae:ac:
                    07:8f:24:b0:96:43:bf:54:47:70:d2:61:1d:21:d8:
                    54:da:f5:ff:d3:a6:4d:e1:b7:8e:91:ab:f1:66:19:
                    cf:0e:3d:f9:4b:a7:d9:e9:ae:93:b1:67:ba:69:c7:
                    db:be:74:ec:af:c6:22:69:43:e9:6e:43:e1:a4:e4:
                    a2:fd:f6:bd:52:f6:1c:17:87:0a:e3:cc:77:e8:fc:
                    ff:e5:83:88:0e:6a:51:0b:d7:e2:6d:fc:a5:dc:a2:
                    06:d8:a1:4a:f5:19:c1:1e:4e:76:77:bb:23:77:82:
                    76:38:d6:b2:b4:9a:17:82:8f:c6:ee:cc:bd:86:75:
                    c0:44:bf:3c:4b:b4:9a:4f:9f:ea:34:1c:aa:ac:33:
                    00:45:0e:96:cb:2b:6f:6d:08:36:2a:79:43:74:43:
                    57:ad:e9:c2:34:96:e8:64:32:2d:cd:b1:dd:07:38:
                    7d:29:50:32:54:7f:cc:38:8e:a8:1a:f7:21:4f:cb:
                    57:2c:90:fc:c0:77:11:8b:e6:66:e4:79:d0:4a:b4:
                    ab:5c:c4:53:9c:d0:35:e5:d7:54:3a:d5:81:f4:15:
                    f3:ab:f8:aa:10:7c:41:68:d2:1e:96:85:bb:8e:6d:
                    d7:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:4D:1C:00:2F:06:0E:C9:56:E6:4E:5C:FE:4F:1D:C0:98:58:7F:D6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/04df92-a979-421f-8046-1415c9779e17/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/04df92-a979-421f-8046-1415c9779e17/1/GE0cAC8GDslW5k5c_k8dwJhYf9Y.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.28.139.0/24
                IPv6:
                  2a12:3c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         18:7d:8a:e7:10:0c:44:41:96:80:63:52:f5:c3:bd:6c:63:e9:
         70:cb:87:58:fa:13:48:f0:f9:10:af:be:d9:f0:05:10:2f:ac:
         d1:16:f8:59:a5:9e:22:de:5c:5e:1a:15:77:fc:e6:df:6c:f0:
         50:cf:ca:dd:ea:c3:7a:4b:d6:f2:1f:9d:e8:e8:7c:f2:a8:7e:
         74:d3:31:d7:67:5d:fc:89:1b:94:e8:bf:2c:6d:de:a0:1b:c2:
         15:1a:52:ad:1b:31:c2:93:a6:87:87:32:a3:4c:9f:5e:46:02:
         0b:32:8f:25:b8:98:b1:1c:03:f3:86:aa:54:83:7f:32:3a:a2:
         5f:79:f4:73:17:4e:78:9e:66:09:e6:d6:02:ad:08:61:b0:cd:
         c7:dc:37:b4:a5:4c:fc:97:4a:6a:66:54:91:2b:f7:93:d3:8b:
         01:24:9d:e3:08:66:c3:3e:8b:41:66:0f:3f:b2:fa:21:63:8c:
         46:8f:8d:93:1e:3f:e1:58:b5:15:97:8e:db:e5:94:83:95:d4:
         5f:27:d4:61:ce:d2:a0:e5:70:21:50:e9:76:8e:5b:ab:f6:08:
         98:59:a3:11:06:b7:0e:74:6b:5c:66:94:f1:75:24:20:4d:88:
         85:8d:2d:13:7b:65:48:95:ab:f2:6f:bb:80:b8:31:46:64:3d:
         41:7c:0c:b4
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzGSyzqCos7MAbUIYOws1KOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODRkMWMwMDJmMDYwZWM5NTZlNjRlNWNmZTRmMWRjMDk4NTg3ZmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BJN3P1DbOwVbHCiZR6aQk0uwD5y
Skl0HQmHrqwHjySwlkO/VEdw0mEdIdhU2vX/06ZN4beOkavxZhnPDj35S6fZ6a6T
sWe6acfbvnTsr8YiaUPpbkPhpOSi/fa9UvYcF4cK48x36Pz/5YOIDmpRC9fibfyl
3KIG2KFK9RnBHk52d7sjd4J2ONaytJoXgo/G7sy9hnXARL88S7SaT5/qNByqrDMA
RQ6WyytvbQg2KnlDdENXrenCNJboZDItzbHdBzh9KVAyVH/MOI6oGvchT8tXLJD8
wHcRi+Zm5HnQSrSrXMRTnNA15ddUOtWB9BXzq/iqEHxBaNIeloW7jm3XHQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFBhNHAAvBg7JVuZOXP5PHcCYWH/WMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNiLzA0ZGY5
Mi1hOTc5LTQyMWYtODA0Ni0xNDE1Yzk3NzllMTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2IvMDRkZjky
LWE5NzktNDIxZi04MDQ2LTE0MTVjOTc3OWUxNy8xL0dFMGNBQzhHRHNsVzVrNWNf
azhkd0poWWY5WS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQA2RyLMA0EAgACMAcDBQMqEjxAMA0GCSqGSIb3
DQEBCwUAA4IBAQAYfYrnEAxEQZaAY1L1w71sY+lwy4dY+hNI8PkQr77Z8AUQL6zR
FvhZpZ4i3lxeGhV3/ObfbPBQz8rd6sN6S9byH53o6HzyqH500zHXZ138iRuU6L8s
bd6gG8IVGlKtGzHCk6aHhzKjTJ9eRgILMo8luJixHAPzhqpUg38yOqJfefRzF054
nmYJ5tYCrQhhsM3H3De0pUz8l0pqZlSRK/eT04sBJJ3jCGbDPotBZg8/svohY4xG
j42THj/hWLUVl47b5ZSDldRfJ9RhztKg5XAhUOl2jlur9giYWaMRBrcOdGtcZpTx
dSQgTYiFjS0Te2VIlavyb7uAuDFGZD1BfAy0
-----END CERTIFICATE-----