Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/I8Aq9PWPETIK8xlpRuH86dBQyQY.cer
File:                     I8Aq9PWPETIK8xlpRuH86dBQyQY.cer (raw, json)
Hash identifier:          sLioAhBJFtu4JTC97h0f6/hjH6jShMb6V3+O8zociFk=
Subject key identifier:   23:C0:2A:F4:F5:8F:11:32:0A:F3:19:69:46:E1:FC:E9:D0:50:C9:06
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC801D389F77CDEAD5209BC2B3793B1FD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b3/81068c-aed7-4127-88e4-62cb8aca9618/1/I8Aq9PWPETIK8xlpRuH86dBQyQY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b3/81068c-aed7-4127-88e4-62cb8aca9618/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:30:12 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.85.144.0/22
                          IP: 2a05:ae80::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:d3:89:f7:7c:de:ad:52:09:bc:2b:37:93:b1:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23c02af4f58f11320af3196946e1fce9d050c906
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e2:3b:94:ee:d2:d7:64:48:dc:7a:43:d4:c5:
                    6f:85:f4:d1:b5:be:d1:67:8d:b8:2a:83:04:88:6f:
                    ca:0d:5a:ae:a7:87:5e:4a:ca:f8:82:20:eb:00:ce:
                    15:76:d0:89:4b:3e:11:6f:2c:8a:a6:b7:73:f9:92:
                    27:3b:ad:4d:16:0f:ad:fa:a7:32:85:ea:77:d6:df:
                    0f:38:67:9f:f4:0d:d5:3d:19:eb:c9:09:1a:db:dd:
                    c8:33:48:ef:bd:96:e7:71:ec:18:3e:19:9c:34:55:
                    89:14:8d:5c:c4:0e:c5:41:a5:0a:5e:3a:35:8c:24:
                    ab:eb:80:7d:01:ed:be:bc:65:e4:0d:40:ed:64:08:
                    d6:19:d1:13:7a:9a:c4:72:c9:c7:fc:3f:ec:1c:3f:
                    4f:1e:24:18:5d:05:87:30:4f:fc:a9:ac:a3:b8:d2:
                    59:17:28:14:c7:78:34:03:99:41:11:f1:22:da:42:
                    f4:1c:c9:cd:01:b6:80:13:7d:52:7e:c1:30:72:7a:
                    4c:73:3c:28:37:74:f2:e6:40:15:4c:4d:85:08:f1:
                    65:6a:b1:27:2d:b8:e8:52:95:17:39:3e:6c:69:ad:
                    d5:18:57:d6:d0:90:33:7c:af:5f:96:2e:82:54:94:
                    97:af:7d:68:89:19:48:e5:ee:c4:81:38:98:3b:28:
                    b2:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:C0:2A:F4:F5:8F:11:32:0A:F3:19:69:46:E1:FC:E9:D0:50:C9:06
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/81068c-aed7-4127-88e4-62cb8aca9618/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/81068c-aed7-4127-88e4-62cb8aca9618/1/I8Aq9PWPETIK8xlpRuH86dBQyQY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.85.144.0/22
                IPv6:
                  2a05:ae80::/29

    Signature Algorithm: sha256WithRSAEncryption
         54:98:48:04:78:45:8c:d1:63:93:b5:ef:16:2a:fd:33:02:d0:
         fb:94:d5:4e:0e:60:6b:c9:92:b5:0a:98:ae:39:09:2f:32:b9:
         1a:b3:19:b3:e5:29:6d:9b:2e:78:cf:d4:22:69:ea:97:e4:e8:
         49:dc:2e:8d:b8:8c:d9:e2:4f:85:50:34:f0:0c:7a:dc:2c:ac:
         0a:c0:82:10:0c:dd:d7:33:40:78:95:89:be:6f:44:f4:0a:b2:
         1a:3f:ba:98:a4:33:95:56:5c:70:77:f7:c0:0f:0c:48:2f:03:
         25:75:76:ed:dd:ad:39:f9:d9:c0:18:1b:69:24:81:ec:99:65:
         76:72:c6:e2:02:9d:7d:00:df:ca:88:ca:ac:8a:69:ab:ba:c9:
         c7:1e:72:12:d2:db:bc:9a:c4:c2:4a:d7:7a:b6:a3:fc:d5:04:
         5b:57:0c:fc:2e:2b:e7:4e:bd:56:b1:47:af:cc:62:26:8b:63:
         24:af:4a:44:7b:9e:79:ec:2b:b7:45:62:83:9d:49:79:f7:0f:
         b6:f1:88:cf:e6:35:41:32:eb:e7:34:c2:1b:eb:e0:13:e8:e1:
         81:51:8a:51:ad:32:f9:c5:e7:4d:ca:70:9d:57:36:9e:73:42:
         9b:3a:7b:9f:8f:55:43:79:47:58:90:c0:09:44:ba:f4:78:c2:
         51:e9:91:0f
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzIAdOJ93zerVIJvCs3k7H9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2MwMmFmNGY1OGYxMTMyMGFmMzE5Njk0NmUxZmNlOWQwNTBjOTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqeI7lO7S12RI3HpD1MVvhfTRtb7R
Z424KoMEiG/KDVqup4deSsr4giDrAM4VdtCJSz4RbyyKprdz+ZInO61NFg+t+qcy
hep31t8POGef9A3VPRnryQka293IM0jvvZbncewYPhmcNFWJFI1cxA7FQaUKXjo1
jCSr64B9Ae2+vGXkDUDtZAjWGdETeprEcsnH/D/sHD9PHiQYXQWHME/8qayjuNJZ
FygUx3g0A5lBEfEi2kL0HMnNAbaAE31SfsEwcnpMczwoN3Ty5kAVTE2FCPFlarEn
LbjoUpUXOT5saa3VGFfW0JAzfK9fli6CVJSXr31oiRlI5e7EgTiYOyiyAQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFCPAKvT1jxEyCvMZaUbh/OnQUMkGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2IzLzgxMDY4
Yy1hZWQ3LTQxMjctODhlNC02MmNiOGFjYTk2MTgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjMvODEwNjhj
LWFlZDctNDEyNy04OGU0LTYyY2I4YWNhOTYxOC8xL0k4QXE5UFdQRVRJSzh4bHBS
dUg4NmRCUXlRWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuVWQMA0EAgACMAcDBQMqBa6AMA0GCSqGSIb3
DQEBCwUAA4IBAQBUmEgEeEWM0WOTte8WKv0zAtD7lNVODmBryZK1CpiuOQkvMrka
sxmz5Sltmy54z9QiaeqX5OhJ3C6NuIzZ4k+FUDTwDHrcLKwKwIIQDN3XM0B4lYm+
b0T0CrIaP7qYpDOVVlxwd/fADwxILwMldXbt3a05+dnAGBtpJIHsmWV2csbiAp19
AN/KiMqsimmrusnHHnIS0tu8msTCStd6tqP81QRbVwz8LivnTr1WsUevzGImi2Mk
r0pEe5557Cu3RWKDnUl59w+28YjP5jVBMuvnNMIb6+AT6OGBUYpRrTL5xedNynCd
Vzaec0KbOnufj1VDeUdYkMAJRLr0eMJR6ZEP
-----END CERTIFICATE-----