Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/I-Ivi97cvhm7M_zhT8HbauOkDpA.cer
File:                     I-Ivi97cvhm7M_zhT8HbauOkDpA.cer (raw, json)
Hash identifier:          pUfqsPhWe6M2ElccLzwLZaOSeSaQr+WC/VQU2JKs5kA=
Subject key identifier:   23:E2:2F:8B:DE:DC:BE:19:BB:33:FC:E1:4F:C1:DB:6A:E3:A4:0E:90
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC64A8916BAC6E49409BC50276ADB324F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d6/e6a0db-c766-4991-b72c-74bd045b2af7/1/I-Ivi97cvhm7M_zhT8HbauOkDpA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d6/e6a0db-c766-4991-b72c-74bd045b2af7/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:30:22 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 213.167.224.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 25 Apr 2024 23:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:89:16:ba:c6:e4:94:09:bc:50:27:6a:db:32:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23e22f8bdedcbe19bb33fce14fc1db6ae3a40e90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:5e:ff:4e:8b:79:85:f0:13:76:e7:9a:da:25:
                    b4:8e:ae:67:0d:7d:8c:4c:80:05:99:6f:c3:ce:2e:
                    b3:a6:d5:3b:b0:7e:a3:19:ff:9a:26:75:e4:54:3e:
                    89:f1:05:da:16:1f:fb:37:16:f0:02:f1:a0:7b:93:
                    92:18:64:d0:c5:32:c5:ca:65:7a:c9:de:0a:27:2b:
                    cf:fa:43:65:b7:70:e2:bb:7a:a8:2b:42:a0:a2:56:
                    61:fb:08:3c:83:e2:18:a3:3f:0d:1b:a9:6c:33:fd:
                    b0:45:e2:45:b0:52:8f:6b:2d:dd:60:14:07:a2:67:
                    92:e2:b5:41:cb:37:57:d2:f3:2a:ca:72:b3:53:63:
                    03:4e:00:80:6e:98:38:35:65:15:5c:be:f4:23:e8:
                    f8:9e:0a:85:c4:bc:03:7f:7a:57:05:f9:fb:17:71:
                    f1:64:68:c4:f5:3d:a5:15:13:1b:19:58:23:fc:fd:
                    f6:fe:9e:9d:5b:ad:d0:4e:f7:42:20:f0:d2:e0:f3:
                    e2:ab:97:b6:c8:5b:f5:a0:02:76:82:25:95:8f:dc:
                    37:00:ae:05:da:c4:16:3b:63:1a:24:58:14:59:65:
                    0d:c3:1e:85:95:56:5c:2b:6f:1b:37:bc:94:70:e8:
                    22:39:4c:1a:a8:9b:59:9b:30:09:e0:e7:91:44:c2:
                    38:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:E2:2F:8B:DE:DC:BE:19:BB:33:FC:E1:4F:C1:DB:6A:E3:A4:0E:90
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/e6a0db-c766-4991-b72c-74bd045b2af7/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/e6a0db-c766-4991-b72c-74bd045b2af7/1/I-Ivi97cvhm7M_zhT8HbauOkDpA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.167.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:fb:d5:5b:0a:16:34:00:a3:1f:2b:1b:6b:14:ba:89:be:e8:
         9f:34:b3:ba:e3:b7:c7:bf:f4:e2:ef:a2:f2:2b:59:f2:b6:ba:
         20:ed:26:f4:d4:42:90:4c:d3:f1:fd:ca:39:65:9f:4b:49:09:
         e7:73:3d:83:b5:8a:b1:1f:ff:d8:28:85:9f:5b:f2:47:fc:9d:
         a7:45:51:7d:4d:c7:fc:de:a2:7b:ba:b0:16:83:b7:83:bf:eb:
         a7:ea:68:2b:80:d5:07:a8:c0:30:fc:2a:ab:8b:aa:7a:74:02:
         cb:09:52:26:cb:cb:c2:13:82:56:0b:76:77:0c:ff:15:99:0e:
         5d:d0:e5:5f:8a:1e:b3:6b:fe:7f:7b:77:48:46:8a:84:42:62:
         e3:3e:d3:78:7b:44:f7:fb:c1:a1:56:32:b5:6c:aa:93:82:b8:
         b1:73:22:ed:82:d3:f6:fa:b6:9c:f2:34:56:70:b9:56:4a:d5:
         50:61:1e:c3:8f:18:4b:aa:da:d3:2e:cb:d5:b0:de:32:60:2f:
         9d:bf:7a:3c:e7:8f:ff:99:2e:db:7e:10:09:76:51:89:70:00:
         27:18:62:95:92:ea:84:bf:5e:44:bb:8b:ed:96:0d:ca:3f:6f:
         96:0d:37:28:b1:1e:76:4c:2d:51:e2:66:a2:0f:0c:a9:d9:3b:
         38:d8:09:de
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzGSokWusbklAm8UCdq2zJPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2UyMmY4YmRlZGNiZTE5YmIzM2ZjZTE0ZmMxZGI2YWUzYTQwZTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7l7/Tot5hfATduea2iW0jq5nDX2M
TIAFmW/Dzi6zptU7sH6jGf+aJnXkVD6J8QXaFh/7NxbwAvGge5OSGGTQxTLFymV6
yd4KJyvP+kNlt3Diu3qoK0KgolZh+wg8g+IYoz8NG6lsM/2wReJFsFKPay3dYBQH
omeS4rVByzdX0vMqynKzU2MDTgCAbpg4NWUVXL70I+j4ngqFxLwDf3pXBfn7F3Hx
ZGjE9T2lFRMbGVgj/P32/p6dW63QTvdCIPDS4PPiq5e2yFv1oAJ2giWVj9w3AK4F
2sQWO2MaJFgUWWUNwx6FlVZcK28bN7yUcOgiOUwaqJtZmzAJ4OeRRMI4gQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFCPiL4ve3L4ZuzP84U/B22rjpA6QMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q2L2U2YTBk
Yi1jNzY2LTQ5OTEtYjcyYy03NGJkMDQ1YjJhZjcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDYvZTZhMGRi
LWM3NjYtNDk5MS1iNzJjLTc0YmQwNDViMmFmNy8xL0ktSXZpOTdjdmhtN01femhU
OEhiYXVPa0RwQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQC1afgMA0GCSqGSIb3DQEBCwUAA4IBAQB6+9Vb
ChY0AKMfKxtrFLqJvuifNLO647fHv/Ti76LyK1nytrog7Sb01EKQTNPx/co5ZZ9L
SQnncz2DtYqxH//YKIWfW/JH/J2nRVF9Tcf83qJ7urAWg7eDv+un6mgrgNUHqMAw
/Cqri6p6dALLCVImy8vCE4JWC3Z3DP8VmQ5d0OVfih6za/5/e3dIRoqEQmLjPtN4
e0T3+8GhVjK1bKqTgrixcyLtgtP2+rac8jRWcLlWStVQYR7DjxhLqtrTLsvVsN4y
YC+dv3o854//mS7bfhAJdlGJcAAnGGKVkuqEv15Eu4vtlg3KP2+WDTcosR52TC1R
4maiDwyp2Ts42Ane
-----END CERTIFICATE-----