Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/GzApY06o7VRoG6hNFJkLALhk3bg.cer
File:                     GzApY06o7VRoG6hNFJkLALhk3bg.cer (raw, json)
Hash identifier:          yhq70PayiZRcecaIQbNmpXcWof9Z77HJIZzcUmZ8UvA=
Subject key identifier:   1B:30:29:63:4E:A8:ED:54:68:1B:A8:4D:14:99:0B:00:B8:64:DD:B8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC801F73FA52614D4A32472EEB1B028A9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9d/a3bfe9-dc56-4c1f-97a7-6b31a7360f0f/1/GzApY06o7VRoG6hNFJkLALhk3bg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9d/a3bfe9-dc56-4c1f-97a7-6b31a7360f0f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:30:21 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.199.175.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:f7:3f:a5:26:14:d4:a3:24:72:ee:b1:b0:28:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b3029634ea8ed54681ba84d14990b00b864ddb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:5d:95:62:80:d1:ee:cb:83:c1:77:7c:f9:30:
                    e3:78:c6:3d:eb:dd:a5:a9:9f:b0:cd:96:79:57:f9:
                    76:85:f7:67:b1:a0:6e:04:6e:95:c9:d4:06:0f:b1:
                    be:9b:35:00:fb:74:b3:e3:d6:3f:68:06:9e:60:20:
                    92:2f:0c:86:ec:a5:ff:88:ee:8b:96:37:bc:8f:32:
                    89:f6:c1:7c:1f:3f:52:fd:5d:f3:eb:6b:fa:2c:d9:
                    9f:6f:66:95:80:8d:69:ac:06:94:68:ed:34:12:93:
                    7c:47:9f:f5:f3:c8:31:7a:5e:d1:ce:7d:63:b5:0d:
                    78:96:79:05:dd:cd:a4:f0:8c:5c:bb:5e:f1:40:ea:
                    77:c9:28:22:ea:b8:b8:78:4d:00:ca:7e:fa:d2:4e:
                    c6:54:10:76:6e:65:bd:1a:b6:28:ea:6a:bd:bc:51:
                    3a:30:ac:0a:2d:93:bd:d5:d1:f0:72:d9:ec:fc:23:
                    1f:fa:10:4a:52:22:ff:78:46:46:d9:ed:d4:37:f6:
                    41:98:1f:8a:03:d3:b6:f8:55:c4:b4:ce:cc:94:14:
                    23:67:6d:b1:28:db:ab:b0:36:8b:52:a4:6d:0f:2b:
                    7f:ed:af:45:7f:df:62:18:57:79:28:7f:00:aa:f3:
                    23:0b:90:42:8e:7b:33:38:22:31:25:03:28:f7:a8:
                    0a:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:30:29:63:4E:A8:ED:54:68:1B:A8:4D:14:99:0B:00:B8:64:DD:B8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/a3bfe9-dc56-4c1f-97a7-6b31a7360f0f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/a3bfe9-dc56-4c1f-97a7-6b31a7360f0f/1/GzApY06o7VRoG6hNFJkLALhk3bg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:f5:b5:69:24:66:a4:b3:ac:6d:14:c7:74:92:d3:34:75:64:
         9a:64:cf:89:18:63:6e:0d:f1:ce:68:de:88:ee:34:21:bc:a3:
         97:43:d8:9f:b5:b5:aa:3c:9c:d8:1e:3a:a7:f6:c8:f9:8f:ca:
         a4:83:5a:52:25:4f:9d:78:3b:ea:65:6a:d3:05:d9:3d:0d:88:
         d3:0d:ed:11:dc:5d:fb:b8:39:ba:1b:08:25:35:25:06:e2:6e:
         a0:cf:54:10:73:45:c4:cb:72:2c:db:d9:20:d5:ad:a1:e7:27:
         dc:dd:94:92:25:5c:a5:18:27:91:f6:bb:15:72:6e:b1:d1:72:
         b7:a1:26:3a:6d:84:3f:50:98:95:2e:23:ed:06:02:56:8f:e0:
         fb:69:2e:ca:f9:cf:70:64:ba:91:ae:94:c7:ac:ee:79:e6:27:
         69:ee:26:bb:e0:c5:43:f7:8d:f1:14:1a:33:6c:79:4e:d5:1f:
         19:d6:fb:de:78:b2:2d:7c:2a:3c:c0:4f:4f:e7:4d:6c:8e:e3:
         b4:bd:9a:5f:76:67:ad:4c:1f:ed:ea:26:ef:2b:3e:fe:7a:e8:
         fb:50:c7:3f:33:73:f0:b0:7e:d5:2d:9a:7b:91:1e:79:d3:4c:
         24:34:80:cf:dc:c0:c2:a4:3b:6f:c6:68:b8:b9:57:3b:be:47:
         6b:a0:46:54
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzIAfc/pSYU1KMkcu6xsCipMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjMwMjk2MzRlYThlZDU0NjgxYmE4NGQxNDk5MGIwMGI4NjRkZGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs12VYoDR7suDwXd8+TDjeMY9692l
qZ+wzZZ5V/l2hfdnsaBuBG6VydQGD7G+mzUA+3Sz49Y/aAaeYCCSLwyG7KX/iO6L
lje8jzKJ9sF8Hz9S/V3z62v6LNmfb2aVgI1prAaUaO00EpN8R5/188gxel7Rzn1j
tQ14lnkF3c2k8Ixcu17xQOp3ySgi6ri4eE0Ayn760k7GVBB2bmW9GrYo6mq9vFE6
MKwKLZO91dHwctns/CMf+hBKUiL/eEZG2e3UN/ZBmB+KA9O2+FXEtM7MlBQjZ22x
KNursDaLUqRtDyt/7a9Ff99iGFd5KH8AqvMjC5BCjnszOCIxJQMo96gKhQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFBswKWNOqO1UaBuoTRSZCwC4ZN24MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzlkL2EzYmZl
OS1kYzU2LTRjMWYtOTdhNy02YjMxYTczNjBmMGYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWQvYTNiZmU5
LWRjNTYtNGMxZi05N2E3LTZiMzFhNzM2MGYwZi8xL0d6QXBZMDZvN1ZSb0c2aE5G
SmtMQUxoazNiZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW8evMA0GCSqGSIb3DQEBCwUAA4IBAQAF9bVp
JGaks6xtFMd0ktM0dWSaZM+JGGNuDfHOaN6I7jQhvKOXQ9iftbWqPJzYHjqn9sj5
j8qkg1pSJU+deDvqZWrTBdk9DYjTDe0R3F37uDm6GwglNSUG4m6gz1QQc0XEy3Is
29kg1a2h5yfc3ZSSJVylGCeR9rsVcm6x0XK3oSY6bYQ/UJiVLiPtBgJWj+D7aS7K
+c9wZLqRrpTHrO555idp7ia74MVD943xFBozbHlO1R8Z1vveeLItfCo8wE9P501s
juO0vZpfdmetTB/t6ibvKz7+euj7UMc/M3PwsH7VLZp7kR5500wkNIDP3MDCpDtv
xmi4uVc7vkdroEZU
-----END CERTIFICATE-----