Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/HbLi5zWagBYypm0QuWHk8uxt_E8.cer
File:                     HbLi5zWagBYypm0QuWHk8uxt_E8.cer (raw, json)
Hash identifier:          wGYWZfk0+m/1Q6TEqnPWZePQCQzSDCfMiObT4xIaTyY=
Subject key identifier:   1D:B2:E2:E7:35:9A:80:16:32:A6:6D:10:B9:61:E4:F2:EC:6D:FC:4F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B6751F37AB789817B8775FDC61FA51
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b6/6fd9be-9694-4639-90c5-90ebd76e91f9/1/HbLi5zWagBYypm0QuWHk8uxt_E8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b6/6fd9be-9694-4639-90c5-90ebd76e91f9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:29:23 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 147.162.0.0/16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:75:1f:37:ab:78:98:17:b8:77:5f:dc:61:fa:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1db2e2e7359a801632a66d10b961e4f2ec6dfc4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:f3:54:45:a5:73:5f:5c:73:38:24:ab:c9:1a:
                    dd:d5:0f:bc:ff:d2:1f:7a:c1:62:5f:37:41:01:7c:
                    3f:df:a4:3b:18:67:6c:40:cf:5e:67:1a:93:ba:40:
                    75:89:57:ce:6a:f5:f0:d5:e1:7a:25:d7:4d:a7:9c:
                    5f:d2:ab:66:ce:4a:16:31:4e:b0:0f:04:d1:6a:3c:
                    53:45:43:47:78:e2:78:f1:87:15:1e:a9:cc:21:e6:
                    ee:58:0e:b7:1a:05:66:ad:5d:cd:4d:8a:fd:a9:b5:
                    71:56:04:57:f3:92:d4:71:36:45:13:21:b5:1c:b2:
                    fa:7a:c6:26:f0:60:a3:41:f8:6c:0f:8e:1d:d2:2d:
                    e1:dd:b7:fa:86:88:1d:a3:a5:b6:32:8f:05:fa:bc:
                    f5:87:d3:7b:91:21:77:7b:13:9a:c4:b7:1c:31:f8:
                    cd:02:d1:90:c8:69:55:98:c4:fb:0b:4d:5a:30:5e:
                    97:3d:5e:9d:26:61:b4:cc:13:ba:f4:1f:3d:3d:07:
                    ca:fe:b8:58:00:8c:1b:8b:54:cc:60:a2:6e:24:9d:
                    cc:54:93:13:58:fb:04:23:be:6e:d0:57:49:ec:50:
                    c6:66:06:29:5d:4c:26:17:37:93:30:58:9d:4b:18:
                    46:70:11:81:0d:49:ce:1a:7c:04:69:3e:2e:af:f5:
                    f7:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:B2:E2:E7:35:9A:80:16:32:A6:6D:10:B9:61:E4:F2:EC:6D:FC:4F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/6fd9be-9694-4639-90c5-90ebd76e91f9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/6fd9be-9694-4639-90c5-90ebd76e91f9/1/HbLi5zWagBYypm0QuWHk8uxt_E8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.162.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         20:c8:11:8e:d3:9a:aa:68:f7:44:29:ba:73:c7:cf:d3:11:dc:
         ad:0a:3f:c8:5d:6e:df:22:b7:ec:aa:53:30:01:04:87:e7:5d:
         15:09:36:14:f5:72:66:d6:bf:c5:65:22:7e:3c:a5:12:74:4a:
         65:72:91:c3:1e:c3:d0:9f:e3:75:8a:5f:77:08:a8:fc:1a:01:
         b3:b5:c0:14:a7:08:89:fa:e0:14:81:b5:01:d3:28:bf:64:bb:
         10:96:ac:95:8f:1a:ff:3d:f0:61:57:c2:f4:9f:32:44:0e:af:
         66:2d:02:88:53:10:01:19:23:31:86:bd:d2:2a:8c:2a:8b:6f:
         0f:92:0e:c5:36:86:69:cc:85:83:f6:90:30:1d:03:7d:7f:ba:
         3a:48:b3:5d:77:d5:15:61:56:c6:26:86:14:04:b2:34:58:b8:
         47:51:1d:fb:88:5b:ef:b1:af:6c:81:13:6e:c6:57:de:b3:eb:
         86:97:48:88:33:19:9d:9f:52:23:54:d8:d8:42:fc:8c:bb:b1:
         9d:17:8c:b5:c2:f0:40:db:9b:91:05:a0:ba:7a:f6:7a:0b:1b:
         b3:fd:23:d9:bc:11:05:49:29:16:8b:c5:6b:7f:3f:84:65:b3:
         55:f4:65:aa:65:ef:eb:2e:dd:57:9b:97:d3:fa:a6:bb:08:d1:
         c9:82:ba:25
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAYzDtnUfN6t4mBe4d1/cYfpRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGIyZTJlNzM1OWE4MDE2MzJhNjZkMTBiOTYxZTRmMmVjNmRmYzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fNURaVzX1xzOCSryRrd1Q+8/9If
esFiXzdBAXw/36Q7GGdsQM9eZxqTukB1iVfOavXw1eF6JddNp5xf0qtmzkoWMU6w
DwTRajxTRUNHeOJ48YcVHqnMIebuWA63GgVmrV3NTYr9qbVxVgRX85LUcTZFEyG1
HLL6esYm8GCjQfhsD44d0i3h3bf6hogdo6W2Mo8F+rz1h9N7kSF3exOaxLccMfjN
AtGQyGlVmMT7C01aMF6XPV6dJmG0zBO69B89PQfK/rhYAIwbi1TMYKJuJJ3MVJMT
WPsEI75u0FdJ7FDGZgYpXUwmFzeTMFidSxhGcBGBDUnOGnwEaT4ur/X34QIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFB2y4uc1moAWMqZtELlh5PLsbfxPMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2I2LzZmZDli
ZS05Njk0LTQ2MzktOTBjNS05MGViZDc2ZTkxZjkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjYvNmZkOWJl
LTk2OTQtNDYzOS05MGM1LTkwZWJkNzZlOTFmOS8xL0hiTGk1eldhZ0JZeXBtMFF1
V0hrOHV4dF9FOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUF
BwEHAQH/BA8wDTALBAIAATAFAwMAk6IwDQYJKoZIhvcNAQELBQADggEBACDIEY7T
mqpo90QpunPHz9MR3K0KP8hdbt8it+yqUzABBIfnXRUJNhT1cmbWv8VlIn48pRJ0
SmVykcMew9Cf43WKX3cIqPwaAbO1wBSnCIn64BSBtQHTKL9kuxCWrJWPGv898GFX
wvSfMkQOr2YtAohTEAEZIzGGvdIqjCqLbw+SDsU2hmnMhYP2kDAdA31/ujpIs113
1RVhVsYmhhQEsjRYuEdRHfuIW++xr2yBE27GV96z64aXSIgzGZ2fUiNU2NhC/Iy7
sZ0XjLXC8EDbm5EFoLp69noLG7P9I9m8EQVJKRaLxWt/P4Rls1X0Zapl7+su3Veb
l9P6prsI0cmCuiU=
-----END CERTIFICATE-----