Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/GawUmIYOK7CVgXOFS9BMhpo2kBc.cer
File:                     GawUmIYOK7CVgXOFS9BMhpo2kBc.cer (raw, json)
Hash identifier:          aCNI7YLSnfjrYJnUd38M+9iwM7VU08OA2VBWorp91u4=
Subject key identifier:   19:AC:14:98:86:0E:2B:B0:95:81:73:85:4B:D0:4C:86:9A:36:90:17
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC7272D0570DEB0587CD8D65F9D115897
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/80/69c389-17c9-4461-a390-7aa290e857e9/1/GawUmIYOK7CVgXOFS9BMhpo2kBc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/80/69c389-17c9-4461-a390-7aa290e857e9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 22:31:22 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 37.143.128.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 25 Apr 2024 11:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:2d:05:70:de:b0:58:7c:d8:d6:5f:9d:11:58:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19ac1498860e2bb0958173854bd04c869a369017
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:25:4b:67:96:e5:97:7b:58:eb:95:71:ad:61:
                    aa:a9:b5:72:ca:30:33:28:ba:c8:bd:5f:72:dd:2d:
                    ff:35:59:bc:a1:de:ab:c3:81:96:c0:4d:e5:e9:05:
                    09:9d:d0:4b:cd:fa:8e:4b:b1:4c:59:57:86:82:38:
                    b9:ef:1a:48:a7:af:41:ed:95:ee:93:4c:9b:af:5a:
                    bf:b2:db:9a:57:12:3d:02:80:a6:be:ed:39:11:65:
                    5f:93:ab:97:e0:9c:f0:e4:ef:85:01:1e:4e:c7:1d:
                    9e:db:2b:60:d6:20:2a:88:a5:4c:c2:93:94:c7:48:
                    82:66:2c:ce:ea:cb:83:cb:22:87:4b:3c:79:34:fa:
                    bd:3a:9d:16:48:29:15:7b:c1:88:87:da:37:99:45:
                    00:a5:27:c9:84:a4:90:95:c2:0b:c3:f7:c0:0f:48:
                    f6:3c:37:19:d1:bc:de:d3:69:c5:b5:a4:58:e8:80:
                    03:c7:69:c9:aa:62:47:27:53:e6:68:c5:fb:c2:86:
                    92:5b:7b:5d:ae:61:ff:90:87:76:68:13:7a:93:d5:
                    40:0f:dd:76:dd:98:c2:81:a3:24:f5:a0:66:36:f5:
                    8a:7f:89:df:0a:87:48:7e:e4:0c:f4:99:1b:04:13:
                    04:b2:04:11:eb:c4:60:73:6e:e6:20:f4:01:fe:37:
                    b2:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:AC:14:98:86:0E:2B:B0:95:81:73:85:4B:D0:4C:86:9A:36:90:17
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/69c389-17c9-4461-a390-7aa290e857e9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/69c389-17c9-4461-a390-7aa290e857e9/1/GawUmIYOK7CVgXOFS9BMhpo2kBc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a2:e4:4c:16:83:a9:ea:1e:57:6b:58:09:be:03:68:e8:fd:1c:
         4e:15:ce:29:30:d1:3d:e9:27:46:36:37:78:f4:68:ff:b0:84:
         d9:b4:29:05:95:a9:b7:14:d8:eb:a9:76:61:c6:23:cc:f7:fd:
         4c:13:e9:a8:58:c6:01:06:8e:29:3d:6b:34:60:d7:c7:bf:1b:
         49:76:1c:e9:1b:9d:f4:65:dd:ba:23:f1:b3:6b:27:fb:a2:63:
         03:0d:78:8d:e6:1a:38:8a:bf:9f:30:63:cd:b8:89:cf:57:da:
         9f:74:8b:44:c2:ab:fb:72:6b:e3:77:db:65:84:43:88:f7:3f:
         01:56:db:0e:04:e3:6e:c8:0b:6e:20:a4:7c:81:42:f5:92:d9:
         c4:1d:37:9d:1a:78:e7:bf:2c:fd:91:0e:db:14:7a:e6:d7:9f:
         55:8d:0f:c6:4e:13:27:d0:cf:30:20:72:42:21:37:14:66:42:
         c7:3b:80:50:f8:ef:8e:96:f0:fc:61:07:7c:38:ec:73:b8:60:
         10:cf:e0:52:6d:4b:9c:9b:a9:e2:cf:a6:d9:10:97:bb:88:02:
         f8:4a:60:ce:53:82:af:2e:a3:5e:31:90:a4:3b:68:77:d4:4b:
         15:9a:9e:dd:56:54:16:24:6e:8b:f0:4d:5a:ff:a0:09:26:61:
         eb:a3:27:26
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzHJy0FcN6wWHzY1l+dEViXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjIzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWFjMTQ5ODg2MGUyYmIwOTU4MTczODU0YmQwNGM4NjlhMzY5MDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyVLZ5bll3tY65VxrWGqqbVyyjAz
KLrIvV9y3S3/NVm8od6rw4GWwE3l6QUJndBLzfqOS7FMWVeGgji57xpIp69B7ZXu
k0ybr1q/stuaVxI9AoCmvu05EWVfk6uX4Jzw5O+FAR5Oxx2e2ytg1iAqiKVMwpOU
x0iCZizO6suDyyKHSzx5NPq9Op0WSCkVe8GIh9o3mUUApSfJhKSQlcILw/fAD0j2
PDcZ0bze02nFtaRY6IADx2nJqmJHJ1PmaMX7woaSW3tdrmH/kId2aBN6k9VAD912
3ZjCgaMk9aBmNvWKf4nfCodIfuQM9JkbBBMEsgQR68Rgc27mIPQB/jeyNQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFBmsFJiGDiuwlYFzhUvQTIaaNpAXMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzgwLzY5YzM4
OS0xN2M5LTQ0NjEtYTM5MC03YWEyOTBlODU3ZTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODAvNjljMzg5
LTE3YzktNDQ2MS1hMzkwLTdhYTI5MGU4NTdlOS8xL0dhd1VtSVlPSzdDVmdYT0ZT
OUJNaHBvMmtCYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCJY+AMA0GCSqGSIb3DQEBCwUAA4IBAQCi5EwW
g6nqHldrWAm+A2jo/RxOFc4pMNE96SdGNjd49Gj/sITZtCkFlam3FNjrqXZhxiPM
9/1ME+moWMYBBo4pPWs0YNfHvxtJdhzpG530Zd26I/Gzayf7omMDDXiN5ho4ir+f
MGPNuInPV9qfdItEwqv7cmvjd9tlhEOI9z8BVtsOBONuyAtuIKR8gUL1ktnEHTed
Gnjnvyz9kQ7bFHrm159VjQ/GThMn0M8wIHJCITcUZkLHO4BQ+O+OlvD8YQd8OOxz
uGAQz+BSbUucm6niz6bZEJe7iAL4SmDOU4KvLqNeMZCkO2h31EsVmp7dVlQWJG6L
8E1a/6AJJmHroycm
-----END CERTIFICATE-----