Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/JNuhs13nN_cbfFUN9fS0ToNka40.cer
File:                     JNuhs13nN_cbfFUN9fS0ToNka40.cer (raw, json)
Hash identifier:          4TETK3ST60b1IRkYhSHiZpDwJNB+6LOkz54S/G5/EnU=
Subject key identifier:   24:DB:A1:B3:5D:E7:37:F7:1B:7C:55:0D:F5:F4:B4:4E:83:64:6B:8D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5DCA27380413B83872935879608625B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/41/895e9f-d541-4564-9947-da04e2f39b88/1/JNuhs13nN_cbfFUN9fS0ToNka40.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/41/895e9f-d541-4564-9947-da04e2f39b88/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 16:30:20 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 2a13:d480::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:a2:73:80:41:3b:83:87:29:35:87:96:08:62:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 16:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24dba1b35de737f71b7c550df5f4b44e83646b8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:49:59:cb:00:90:8e:75:da:bd:63:08:60:7d:
                    17:a7:8c:4f:ed:f1:2a:c7:22:66:e7:c1:61:4e:54:
                    86:7b:cc:2d:4f:fd:f2:09:12:50:24:ec:c8:10:59:
                    b0:db:ff:91:b3:27:24:8e:30:35:41:b9:0c:0b:7b:
                    bb:c8:a9:c4:96:33:bd:99:41:50:7e:3c:b8:83:3d:
                    50:98:08:d6:b0:3d:66:3b:2a:ce:ed:3b:f6:14:bf:
                    e3:4b:95:c1:67:7c:c1:45:6f:ec:22:8f:37:71:b0:
                    cc:50:a8:25:be:8f:4b:f4:85:8b:a3:fa:20:dc:79:
                    9d:e9:4e:26:6d:e8:c0:90:2e:b1:16:41:6a:61:9d:
                    03:9e:29:cf:39:75:6d:2a:6b:03:04:da:1b:e4:c2:
                    8f:7d:b7:3a:c2:b9:3c:96:4a:11:5b:9b:7a:65:6e:
                    43:1b:17:f0:c5:a7:4d:fc:9e:b5:f6:a1:fe:a7:65:
                    ec:29:db:a6:88:c5:48:d2:05:5c:1b:45:b7:38:47:
                    00:75:09:9f:f5:e6:42:c9:83:55:f6:79:95:00:66:
                    84:eb:78:01:9c:72:6f:78:b5:39:eb:df:f6:d3:b3:
                    64:7a:3d:3b:fe:5a:45:49:39:46:74:62:e5:2e:fa:
                    b3:9f:15:82:03:20:f7:47:a3:f2:3f:fd:be:30:de:
                    07:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:DB:A1:B3:5D:E7:37:F7:1B:7C:55:0D:F5:F4:B4:4E:83:64:6B:8D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/895e9f-d541-4564-9947-da04e2f39b88/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/895e9f-d541-4564-9947-da04e2f39b88/1/JNuhs13nN_cbfFUN9fS0ToNka40.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:d480::/29

    Signature Algorithm: sha256WithRSAEncryption
         17:df:54:dc:23:06:36:7a:b4:cd:dc:9f:22:ca:73:8a:b0:44:
         57:74:71:31:66:73:41:45:f6:1a:95:6c:96:a1:4c:3f:73:6d:
         a4:62:4a:cc:5a:c0:85:76:58:7b:e6:8d:a4:35:1c:50:7e:e9:
         73:9d:8b:30:54:48:a9:5b:14:44:57:bf:a3:da:0a:75:ae:c6:
         b2:33:cd:e6:a1:1d:1c:e9:87:6a:03:b2:1a:e0:54:7b:36:5e:
         d1:59:c2:43:2b:5a:69:ab:69:50:2f:ab:d5:6d:ba:92:c2:58:
         0e:0a:57:97:80:b7:2a:14:32:79:83:3d:7d:05:0d:c3:67:b2:
         0a:f2:01:7f:25:5f:ea:21:db:31:3f:83:e6:b9:26:b4:bf:fb:
         2a:e9:1e:db:a6:01:37:a8:0b:b2:fa:66:76:03:a3:f8:b4:20:
         93:66:4f:7c:f5:78:9d:68:d4:52:60:19:a0:e4:c1:a2:13:28:
         be:8f:4d:7d:9d:7b:92:7e:3c:57:3c:52:b7:3a:ae:27:1d:42:
         5d:53:4e:72:86:fd:c2:76:3c:b2:95:b0:52:48:d3:6d:36:c4:
         ec:1b:e2:84:59:9a:f5:e4:b4:e8:10:b3:90:49:75:0b:40:8b:
         16:37:e8:bd:c3:96:36:bf:0a:78:0a:e6:66:0b:c5:c8:69:ed:
         bb:a5:03:93
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAYzF3KJzgEE7g4cpNYeWCGJbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTYzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGRiYTFiMzVkZTczN2Y3MWI3YzU1MGRmNWY0YjQ0ZTgzNjQ2YjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArElZywCQjnXavWMIYH0Xp4xP7fEq
xyJm58FhTlSGe8wtT/3yCRJQJOzIEFmw2/+RsyckjjA1QbkMC3u7yKnEljO9mUFQ
fjy4gz1QmAjWsD1mOyrO7Tv2FL/jS5XBZ3zBRW/sIo83cbDMUKglvo9L9IWLo/og
3Hmd6U4mbejAkC6xFkFqYZ0DninPOXVtKmsDBNob5MKPfbc6wrk8lkoRW5t6ZW5D
GxfwxadN/J619qH+p2XsKdumiMVI0gVcG0W3OEcAdQmf9eZCyYNV9nmVAGaE63gB
nHJveLU569/207Nkej07/lpFSTlGdGLlLvqznxWCAyD3R6PyP/2+MN4HtwIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFCTbobNd5zf3G3xVDfX0tE6DZGuNMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQxLzg5NWU5
Zi1kNTQxLTQ1NjQtOTk0Ny1kYTA0ZTJmMzliODgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDEvODk1ZTlm
LWQ1NDEtNDU2NC05OTQ3LWRhMDRlMmYzOWI4OC8xL0pOdWhzMTNuTl9jYmZGVU45
ZlMwVG9Oa2E0MC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUDKhPUgDANBgkqhkiG9w0BAQsFAAOCAQEAF99U
3CMGNnq0zdyfIspzirBEV3RxMWZzQUX2GpVslqFMP3NtpGJKzFrAhXZYe+aNpDUc
UH7pc52LMFRIqVsURFe/o9oKda7GsjPN5qEdHOmHagOyGuBUezZe0VnCQytaaatp
UC+r1W26ksJYDgpXl4C3KhQyeYM9fQUNw2eyCvIBfyVf6iHbMT+D5rkmtL/7Kuke
26YBN6gLsvpmdgOj+LQgk2ZPfPV4nWjUUmAZoOTBohMovo9NfZ17kn48VzxStzqu
Jx1CXVNOcob9wnY8spWwUkjTbTbE7BvihFma9eS06BCzkEl1C0CLFjfovcOWNr8K
eArmZgvFyGntu6UDkw==
-----END CERTIFICATE-----