Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/GI7UiE8RGTnKbH8PNLJ5Kzm5NCM.cer
File:                     GI7UiE8RGTnKbH8PNLJ5Kzm5NCM.cer (raw, json)
Hash identifier:          J4RUAI6Kl8VDptNuZtlcWbSrsBN2yx6I6RWJZejYipE=
Subject key identifier:   18:8E:D4:88:4F:11:19:39:CA:6C:7F:0F:34:B2:79:2B:39:B9:34:23
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5DC00C2B9F7E57F84B4ACB9EBA66940
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d7/b88532-9974-4612-94c4-5e0777b04049/1/GI7UiE8RGTnKbH8PNLJ5Kzm5NCM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d7/b88532-9974-4612-94c4-5e0777b04049/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 16:29:38 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 192.76.154.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:00:c2:b9:f7:e5:7f:84:b4:ac:b9:eb:a6:69:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 16:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=188ed4884f111939ca6c7f0f34b2792b39b93423
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:40:2e:01:14:93:88:1d:7b:cf:5c:2e:c0:a1:
                    2c:07:1a:3d:ec:34:e9:ab:e5:82:cc:f0:f4:4e:8a:
                    e2:a8:14:4d:47:28:15:bf:20:fe:10:28:f3:ae:3b:
                    57:c1:68:c5:e2:8b:2f:d8:25:5a:52:73:ae:7e:bf:
                    d7:d7:71:c4:5f:ef:0a:a5:96:d9:02:23:9d:ad:0c:
                    37:bc:01:56:e4:23:3c:91:78:9e:30:3d:a2:c9:16:
                    cb:2c:70:dc:59:a4:d1:7c:8d:93:e9:6b:fe:10:7d:
                    e9:03:f7:91:5e:c1:1d:be:c3:9e:61:90:fb:46:1a:
                    dd:ef:2e:f1:2a:ba:89:19:72:47:96:ed:f3:c4:74:
                    cd:b3:12:c6:d3:f8:f1:1e:37:bf:56:db:ff:de:53:
                    d2:96:f8:05:82:c8:f3:96:0e:85:3a:9f:d2:c5:53:
                    e8:54:b8:cf:92:27:42:ee:c8:d7:20:d1:7d:01:54:
                    48:8c:89:4c:97:73:f9:bf:96:47:d5:d4:0c:46:b7:
                    32:8b:00:04:e9:4b:d0:24:6d:6b:94:db:28:9f:67:
                    71:97:54:ff:fd:d7:54:5a:2b:c2:2e:4c:38:81:f6:
                    d9:27:cf:1c:86:07:92:6e:84:f2:67:f2:42:c5:71:
                    f8:ca:9c:11:73:bc:4e:70:df:7f:12:69:46:bc:52:
                    25:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:8E:D4:88:4F:11:19:39:CA:6C:7F:0F:34:B2:79:2B:39:B9:34:23
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/b88532-9974-4612-94c4-5e0777b04049/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/b88532-9974-4612-94c4-5e0777b04049/1/GI7UiE8RGTnKbH8PNLJ5Kzm5NCM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.76.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:ae:47:a0:d6:1b:bf:e7:09:df:70:e1:8c:d5:06:8e:6c:61:
         08:db:2c:4d:6e:4b:8f:41:db:f7:8d:d9:57:f8:94:35:33:ce:
         0a:d2:dd:0b:d0:d0:94:39:27:25:b9:48:f6:ae:d4:e7:72:73:
         21:0e:bd:7f:78:ff:52:a5:bc:32:92:70:bc:76:d3:dd:ad:6c:
         bc:90:9f:72:5c:98:d1:c2:b8:2a:f5:c7:4d:34:ce:55:a0:29:
         99:32:d6:7a:3a:d1:d4:28:92:5e:f8:2b:3b:0e:45:03:0f:41:
         38:c9:77:27:71:8d:e9:6c:bc:3e:e7:6e:a3:67:35:ba:5f:42:
         64:e5:25:0e:93:1d:a6:c5:73:64:d0:7e:80:79:63:5f:ea:f6:
         3a:b0:00:69:e9:bf:4d:2c:d8:76:14:f3:77:17:80:03:51:cf:
         bb:c7:59:39:53:ee:4b:63:4f:27:ae:27:f9:40:81:0b:21:d2:
         d4:18:f9:75:93:78:cf:0e:00:26:be:5e:e1:97:ea:6d:6a:f8:
         c8:95:27:32:0a:bf:d2:28:e7:d3:62:75:db:87:48:33:aa:73:
         7f:b5:3b:67:c0:ef:8d:3f:d3:f2:26:7a:e0:84:59:34:1e:fe:
         24:5a:a8:19:c5:57:89:e9:66:34:6a:69:ca:c7:f7:a7:34:63:
         f7:03:3a:0a
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzF3ADCufflf4S0rLnrpmlAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODhlZDQ4ODRmMTExOTM5Y2E2YzdmMGYzNGIyNzkyYjM5YjkzNDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0UAuARSTiB17z1wuwKEsBxo97DTp
q+WCzPD0ToriqBRNRygVvyD+ECjzrjtXwWjF4osv2CVaUnOufr/X13HEX+8KpZbZ
AiOdrQw3vAFW5CM8kXieMD2iyRbLLHDcWaTRfI2T6Wv+EH3pA/eRXsEdvsOeYZD7
Rhrd7y7xKrqJGXJHlu3zxHTNsxLG0/jxHje/Vtv/3lPSlvgFgsjzlg6FOp/SxVPo
VLjPkidC7sjXINF9AVRIjIlMl3P5v5ZH1dQMRrcyiwAE6UvQJG1rlNson2dxl1T/
/ddUWivCLkw4gfbZJ88chgeSboTyZ/JCxXH4ypwRc7xOcN9/EmlGvFIlzwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFBiO1IhPERk5ymx/DzSyeSs5uTQjMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q3L2I4ODUz
Mi05OTc0LTQ2MTItOTRjNC01ZTA3NzdiMDQwNDkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDcvYjg4NTMy
LTk5NzQtNDYxMi05NGM0LTVlMDc3N2IwNDA0OS8xL0dJN1VpRThSR1RuS2JIOFBO
TEo1S3ptNU5DTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwEyaMA0GCSqGSIb3DQEBCwUAA4IBAQAHrkeg
1hu/5wnfcOGM1QaObGEI2yxNbkuPQdv3jdlX+JQ1M84K0t0L0NCUOScluUj2rtTn
cnMhDr1/eP9SpbwyknC8dtPdrWy8kJ9yXJjRwrgq9cdNNM5VoCmZMtZ6OtHUKJJe
+Cs7DkUDD0E4yXcncY3pbLw+526jZzW6X0Jk5SUOkx2mxXNk0H6AeWNf6vY6sABp
6b9NLNh2FPN3F4ADUc+7x1k5U+5LY08nrif5QIELIdLUGPl1k3jPDgAmvl7hl+pt
avjIlScyCr/SKOfTYnXbh0gzqnN/tTtnwO+NP9PyJnrghFk0Hv4kWqgZxVeJ6WY0
amnKx/enNGP3AzoK
-----END CERTIFICATE-----