Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/J4YXdA7NlbcE2pel-eU8AxFEQms.cer
File:                     J4YXdA7NlbcE2pel-eU8AxFEQms.cer (raw, json)
Hash identifier:          FaJRuyu3lYDbkbTBOpHL0EmNoMC+u9gdg/mydjJqJwA=
Subject key identifier:   27:86:17:74:0E:CD:95:B7:04:DA:97:A5:F9:E5:3C:03:11:44:42:6B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B6FA64C3023919596BCCEC98E930BD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f6/b78ab4-3490-400b-9019-9edd01d0723c/1/J4YXdA7NlbcE2pel-eU8AxFEQms.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f6/b78ab4-3490-400b-9019-9edd01d0723c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:29:57 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.236.128.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:fa:64:c3:02:39:19:59:6b:cc:ec:98:e9:30:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=278617740ecd95b704da97a5f9e53c031144426b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ee:68:ed:ce:fb:06:90:e7:9a:d3:f4:dd:de:
                    6c:5f:83:ed:a4:58:9a:1c:fb:2e:9d:13:5d:d5:67:
                    99:a0:e7:6a:88:5e:3d:1c:ce:5d:93:40:ad:b1:0d:
                    b6:79:04:3e:2b:5e:eb:5b:60:97:8b:02:9e:33:c3:
                    39:a3:95:28:78:70:2b:37:01:39:81:aa:e0:11:4d:
                    b1:db:36:3c:a2:63:33:b9:0f:fe:40:e1:17:5c:b3:
                    43:70:08:41:92:fa:eb:8e:5a:35:8e:4a:41:98:82:
                    fb:8c:2d:4b:0c:ce:22:78:3c:e4:31:93:56:ea:13:
                    2c:96:27:63:f5:46:a7:2e:53:c0:44:85:65:3e:cc:
                    61:eb:fb:39:44:d0:77:7e:51:e5:4d:90:6f:3f:41:
                    15:cb:93:ca:c0:d8:8f:b9:4b:66:b0:cd:f4:b3:b8:
                    43:1c:3c:41:f4:0f:11:80:59:dd:b3:7f:51:aa:96:
                    c8:12:0b:02:d7:86:3f:51:74:97:46:d1:39:47:7d:
                    49:c5:33:e0:d7:5f:5e:54:53:67:d6:18:9a:e7:95:
                    6e:b6:fb:71:00:87:3a:33:a0:5a:83:89:43:50:68:
                    79:6c:01:72:3e:a7:fe:38:6f:6d:a4:7b:3d:16:f3:
                    52:38:82:0d:63:85:fd:f0:aa:ae:2e:af:6f:0d:c9:
                    19:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:86:17:74:0E:CD:95:B7:04:DA:97:A5:F9:E5:3C:03:11:44:42:6B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/b78ab4-3490-400b-9019-9edd01d0723c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/b78ab4-3490-400b-9019-9edd01d0723c/1/J4YXdA7NlbcE2pel-eU8AxFEQms.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:51:78:1a:e6:d1:c1:0f:a7:a8:18:02:bf:8a:1f:d1:96:f4:
         5b:9e:7a:a7:72:74:e1:89:a0:e3:0f:af:91:72:80:30:99:1f:
         48:ec:d1:3f:81:f0:4d:61:91:91:ca:b6:91:87:a4:88:cd:b0:
         ad:59:10:c6:64:9d:5f:e3:bd:b2:42:7e:bb:d9:b9:bb:01:cc:
         26:db:02:56:af:ca:9c:54:44:23:43:e7:eb:e3:33:aa:bb:e2:
         d6:dc:a6:9a:00:63:64:23:f0:4b:31:cf:12:c8:f5:cf:ab:68:
         50:cd:86:4e:d0:ca:09:46:52:a2:5a:ff:47:df:e3:69:9c:1b:
         1c:57:73:51:5c:a3:28:d9:cb:fa:28:ea:c0:1c:30:5e:db:71:
         aa:73:bd:b9:39:5d:12:4d:0c:e4:ac:5f:bd:08:17:13:35:79:
         5f:91:57:7f:24:7d:89:91:4d:29:7a:67:79:cc:32:e5:0a:46:
         a3:21:41:56:ee:04:5c:33:ef:b9:ef:6a:be:b6:19:c9:87:2b:
         b5:64:d2:12:7c:54:0b:70:9c:7c:51:da:83:80:54:23:6e:e5:
         35:59:be:69:73:8f:a0:5a:8b:64:60:65:33:14:fe:45:fb:30:
         f8:df:25:1c:f7:47:49:ec:87:47:8a:05:f9:52:a8:e8:50:8d:
         e9:86:d4:a4
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzDtvpkwwI5GVlrzOyY6TC9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzg2MTc3NDBlY2Q5NWI3MDRkYTk3YTVmOWU1M2MwMzExNDQ0MjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+5o7c77BpDnmtP03d5sX4PtpFia
HPsunRNd1WeZoOdqiF49HM5dk0CtsQ22eQQ+K17rW2CXiwKeM8M5o5UoeHArNwE5
gargEU2x2zY8omMzuQ/+QOEXXLNDcAhBkvrrjlo1jkpBmIL7jC1LDM4ieDzkMZNW
6hMslidj9UanLlPARIVlPsxh6/s5RNB3flHlTZBvP0EVy5PKwNiPuUtmsM30s7hD
HDxB9A8RgFnds39RqpbIEgsC14Y/UXSXRtE5R31JxTPg119eVFNn1hia55Vutvtx
AIc6M6Bag4lDUGh5bAFyPqf+OG9tpHs9FvNSOIINY4X98KquLq9vDckZgwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFCeGF3QOzZW3BNqXpfnlPAMRREJrMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y2L2I3OGFi
NC0zNDkwLTQwMGItOTAxOS05ZWRkMDFkMDcyM2MvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjYvYjc4YWI0
LTM0OTAtNDAwYi05MDE5LTllZGQwMWQwNzIzYy8xL0o0WVhkQTdObGJjRTJwZWwt
ZVU4QXhGRVFtcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAueyAMA0GCSqGSIb3DQEBCwUAA4IBAQAPUXga
5tHBD6eoGAK/ih/RlvRbnnqncnThiaDjD6+RcoAwmR9I7NE/gfBNYZGRyraRh6SI
zbCtWRDGZJ1f472yQn672bm7Acwm2wJWr8qcVEQjQ+fr4zOqu+LW3KaaAGNkI/BL
Mc8SyPXPq2hQzYZO0MoJRlKiWv9H3+NpnBscV3NRXKMo2cv6KOrAHDBe23Gqc725
OV0STQzkrF+9CBcTNXlfkVd/JH2JkU0pemd5zDLlCkajIUFW7gRcM++572q+thnJ
hyu1ZNISfFQLcJx8UdqDgFQjbuU1Wb5pc4+gWotkYGUzFP5F+zD43yUc90dJ7IdH
igX5UqjoUI3phtSk
-----END CERTIFICATE-----