Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/K33FrWYAWqG23GCT-xHzWBp5UzU.cer
File:                     K33FrWYAWqG23GCT-xHzWBp5UzU.cer (raw, json)
Hash identifier:          RqOCW/NszbssyAfshTHiIVFU4Z/QCOi97MnoC3V4DDY=
Subject key identifier:   2B:7D:C5:AD:66:00:5A:A1:B6:DC:60:93:FB:11:F3:58:1A:79:53:35
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC72757BE46137F830400A35314176D0A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/13/0689ab-d8e4-4a4e-8793-481d075e62c3/1/K33FrWYAWqG23GCT-xHzWBp5UzU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/13/0689ab-d8e4-4a4e-8793-481d075e62c3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 22:31:33 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.46.70.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:57:be:46:13:7f:83:04:00:a3:53:14:17:6d:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b7dc5ad66005aa1b6dc6093fb11f3581a795335
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:9d:a1:3d:b4:52:8f:f0:fb:9f:18:38:58:8b:
                    78:76:3f:75:77:77:04:90:83:0b:80:3f:53:2f:cb:
                    63:6e:9a:f3:f1:39:ba:83:a5:41:08:66:0f:18:db:
                    33:f8:21:72:e4:b1:40:7b:ba:e5:cb:bb:78:f4:6a:
                    14:76:3c:8a:43:d2:46:f5:5a:31:be:cd:56:d3:1e:
                    30:a1:f6:10:14:44:81:e9:61:e5:b3:84:30:a1:fe:
                    c5:56:c5:79:e7:8a:51:73:fa:7e:39:fb:fd:e4:7b:
                    13:8b:55:86:c5:19:29:eb:d8:45:55:64:7a:03:dd:
                    96:f9:26:7b:e6:5d:34:46:69:f7:57:f1:4c:d0:13:
                    ed:39:2e:d6:ef:9d:59:1a:86:26:cc:02:1e:32:2a:
                    99:cb:e3:23:c1:a9:23:87:4f:b1:12:a2:52:43:26:
                    a7:89:e0:e2:39:ac:58:a0:45:bb:d1:38:eb:08:84:
                    6e:c3:b8:33:3d:0b:15:8f:6a:31:e4:27:70:59:e8:
                    1e:02:71:e4:88:b4:e1:a5:e7:f4:78:77:2b:c4:1c:
                    12:b8:bf:ff:2f:26:f0:8e:62:73:d4:22:ee:cb:50:
                    25:57:e0:40:d8:d3:97:d0:3f:6d:4b:84:a1:08:f2:
                    3e:8d:96:28:74:66:7c:2b:fd:5b:e2:0d:f8:aa:1b:
                    de:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:7D:C5:AD:66:00:5A:A1:B6:DC:60:93:FB:11:F3:58:1A:79:53:35
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/0689ab-d8e4-4a4e-8793-481d075e62c3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/0689ab-d8e4-4a4e-8793-481d075e62c3/1/K33FrWYAWqG23GCT-xHzWBp5UzU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:8e:7e:59:28:fe:91:3f:c7:4a:ca:92:ea:0a:7f:40:92:da:
         24:73:51:b6:95:0d:90:7a:74:f9:99:67:68:64:22:b0:b0:f1:
         90:9a:bd:41:b3:08:3b:78:60:06:e3:35:26:dc:10:2c:05:ca:
         ef:15:c5:d5:af:cc:6d:e1:cf:c3:db:f9:3d:91:a3:a0:9a:07:
         15:4b:e6:27:d4:f2:48:01:e5:73:6c:2a:86:8b:3b:e1:c1:65:
         12:81:6a:bb:5b:9d:d3:21:2e:2b:83:06:f8:43:65:cf:f9:e6:
         9a:ad:eb:ab:25:0f:e2:c6:bd:c8:d6:58:d4:32:86:37:eb:12:
         ad:85:82:a4:d5:0c:f3:c8:37:e1:88:96:43:b8:42:50:33:e0:
         69:7e:0e:44:6f:32:d3:62:a4:ca:67:e3:f9:7f:a4:55:eb:c7:
         32:0e:78:cc:23:aa:14:c3:5a:f8:8f:b3:1d:da:56:ad:86:c9:
         f7:5f:00:4d:34:21:84:bb:a4:87:74:e9:8b:92:e8:2c:fd:99:
         ac:a6:91:1f:56:e2:e4:e9:22:e0:98:99:27:84:11:4d:32:c8:
         36:44:67:d5:3a:b9:cc:6c:87:40:5e:07:41:16:1e:81:e6:2c:
         ca:17:7f:b5:34:23:ca:6d:32:af:0a:3f:8a:73:49:5d:9a:2b:
         c3:ef:d4:da
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzHJ1e+RhN/gwQAo1MUF20KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjdkYzVhZDY2MDA1YWExYjZkYzYwOTNmYjExZjM1ODFhNzk1MzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1J2hPbRSj/D7nxg4WIt4dj91d3cE
kIMLgD9TL8tjbprz8Tm6g6VBCGYPGNsz+CFy5LFAe7rly7t49GoUdjyKQ9JG9Vox
vs1W0x4wofYQFESB6WHls4Qwof7FVsV554pRc/p+Ofv95HsTi1WGxRkp69hFVWR6
A92W+SZ75l00Rmn3V/FM0BPtOS7W751ZGoYmzAIeMiqZy+Mjwakjh0+xEqJSQyan
ieDiOaxYoEW70TjrCIRuw7gzPQsVj2ox5CdwWegeAnHkiLThpef0eHcrxBwSuL//
LybwjmJz1CLuy1AlV+BA2NOX0D9tS4ShCPI+jZYodGZ8K/1b4g34qhveCQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFCt9xa1mAFqhttxgk/sR81gaeVM1MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEzLzA2ODlh
Yi1kOGU0LTRhNGUtODc5My00ODFkMDc1ZTYyYzMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTMvMDY4OWFi
LWQ4ZTQtNGE0ZS04NzkzLTQ4MWQwNzVlNjJjMy8xL0szM0ZyV1lBV3FHMjNHQ1Qt
eEh6V0JwNVV6VS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAuS5GMA0GCSqGSIb3DQEBCwUAA4IBAQANjn5Z
KP6RP8dKypLqCn9Aktokc1G2lQ2QenT5mWdoZCKwsPGQmr1Bswg7eGAG4zUm3BAs
BcrvFcXVr8xt4c/D2/k9kaOgmgcVS+Yn1PJIAeVzbCqGizvhwWUSgWq7W53TIS4r
gwb4Q2XP+eaareurJQ/ixr3I1ljUMoY36xKthYKk1QzzyDfhiJZDuEJQM+Bpfg5E
bzLTYqTKZ+P5f6RV68cyDnjMI6oUw1r4j7Md2lathsn3XwBNNCGEu6SHdOmLkugs
/ZmsppEfVuLk6SLgmJknhBFNMsg2RGfVOrnMbIdAXgdBFh6B5izKF3+1NCPKbTKv
Cj+Kc0ldmivD79Ta
-----END CERTIFICATE-----