Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/KJJ3dbRNuHnp85wpd72u1ipP8k0.cer
File:                     KJJ3dbRNuHnp85wpd72u1ipP8k0.cer (raw, json)
Hash identifier:          xF1eTK616i5xdaKv6DDlqeRsEEgJiIIcudDsN67ueD4=
Subject key identifier:   28:92:77:75:B4:4D:B8:79:E9:F3:9C:29:77:BD:AE:D6:2A:4F:F2:4D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B6BC718C611AB659A9B8A2D455941B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6f/7ef3e3-242d-4cb3-a524-c44c6beef382/1/KJJ3dbRNuHnp85wpd72u1ipP8k0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6f/7ef3e3-242d-4cb3-a524-c44c6beef382/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:29:42 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 194.102.101.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:bc:71:8c:61:1a:b6:59:a9:b8:a2:d4:55:94:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28927775b44db879e9f39c2977bdaed62a4ff24d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:73:97:3f:ce:56:24:ef:86:b4:7f:75:2c:c0:
                    ae:02:92:08:cc:54:0b:0c:e1:10:fc:d0:43:d2:12:
                    12:45:db:b8:39:40:a8:e7:c7:d1:34:59:a7:94:97:
                    0a:f0:61:6b:32:3b:d6:c4:dd:ac:c8:5f:bb:81:3d:
                    98:75:ae:ed:b3:ae:4c:c7:45:42:7f:8f:15:4f:c6:
                    cd:3b:f1:b1:6c:95:7e:7b:2c:fd:8f:0b:81:a1:de:
                    3d:30:bb:68:5a:0f:62:0f:d3:7d:84:81:50:fc:2c:
                    b1:37:00:b8:aa:7d:6f:e6:02:27:16:6c:25:5f:f0:
                    5d:59:75:0b:2f:b7:5f:c2:bb:a9:52:96:1a:32:3b:
                    d5:5c:1f:6c:21:d5:77:8a:f7:06:5a:3e:d1:cb:b0:
                    e2:92:7b:f0:36:da:0b:e6:85:e0:96:e1:75:32:22:
                    a6:05:c9:0a:ee:34:0d:ff:d5:de:42:60:dc:a6:c9:
                    fe:80:ed:79:fc:59:b8:50:5c:43:5c:3c:48:38:09:
                    c5:a9:86:a8:d2:7c:88:15:37:c0:cf:16:48:38:d4:
                    62:07:19:39:32:ff:15:fb:ff:99:df:6c:04:e7:a1:
                    b5:b0:8f:6f:34:dd:41:11:ea:d9:fe:59:bb:e3:a8:
                    a0:b0:d6:a9:90:3b:f7:b5:c9:db:9d:47:10:c5:f5:
                    fd:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:92:77:75:B4:4D:B8:79:E9:F3:9C:29:77:BD:AE:D6:2A:4F:F2:4D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/7ef3e3-242d-4cb3-a524-c44c6beef382/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/7ef3e3-242d-4cb3-a524-c44c6beef382/1/KJJ3dbRNuHnp85wpd72u1ipP8k0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.102.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:1c:1f:94:bb:5e:f7:05:31:da:ff:7a:24:37:bc:61:4d:61:
         ce:df:97:96:78:91:1c:5b:97:a6:b2:a2:24:12:fb:83:85:19:
         4f:f6:7a:46:d9:d9:d5:6c:a1:5c:57:c0:e7:2d:bd:c2:14:bf:
         74:13:9c:79:1e:96:22:d9:e0:d1:75:77:8b:69:e0:20:9e:b1:
         e0:5b:66:b0:e5:81:ad:0d:8c:f6:76:17:02:8b:8a:f6:43:a8:
         f8:29:cf:99:64:99:5c:13:08:55:57:b4:48:d9:e6:2b:b7:98:
         e1:ae:b4:f1:2b:ee:42:3c:92:b0:74:f9:2c:f0:af:da:b3:e4:
         1c:ef:bb:21:32:d3:08:e4:33:c0:1e:68:b7:9c:d3:5c:82:61:
         3d:f7:50:38:b3:ab:11:74:60:e7:a0:53:4b:b1:60:c5:d8:ff:
         76:02:ae:94:ee:75:1b:40:86:81:64:eb:94:64:a7:01:1d:0f:
         cb:e8:a5:09:96:91:91:e5:65:7c:f6:74:d5:e8:ba:e3:22:a4:
         78:64:0a:ae:1d:48:dd:f5:b8:d3:45:f1:aa:e1:f0:7f:67:ce:
         26:7f:9f:c9:aa:f0:28:02:cb:a0:b6:3b:3b:f8:44:9f:14:e1:
         29:a7:23:63:77:0a:11:68:fe:fc:3a:74:be:57:d5:51:84:60:
         ea:c1:4e:c0
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzDtrxxjGEatlmpuKLUVZQbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODkyNzc3NWI0NGRiODc5ZTlmMzljMjk3N2JkYWVkNjJhNGZmMjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0HOXP85WJO+GtH91LMCuApIIzFQL
DOEQ/NBD0hISRdu4OUCo58fRNFmnlJcK8GFrMjvWxN2syF+7gT2Yda7ts65Mx0VC
f48VT8bNO/GxbJV+eyz9jwuBod49MLtoWg9iD9N9hIFQ/CyxNwC4qn1v5gInFmwl
X/BdWXULL7dfwrupUpYaMjvVXB9sIdV3ivcGWj7Ry7DiknvwNtoL5oXgluF1MiKm
BckK7jQN/9XeQmDcpsn+gO15/Fm4UFxDXDxIOAnFqYao0nyIFTfAzxZIONRiBxk5
Mv8V+/+Z32wE56G1sI9vNN1BEerZ/lm746igsNapkDv3tcnbnUcQxfX9GwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFCiSd3W0Tbh56fOcKXe9rtYqT/JNMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZmLzdlZjNl
My0yNDJkLTRjYjMtYTUyNC1jNDRjNmJlZWYzODIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmYvN2VmM2Uz
LTI0MmQtNGNiMy1hNTI0LWM0NGM2YmVlZjM4Mi8xL0tKSjNkYlJOdUhucDg1d3Bk
NzJ1MWlwUDhrMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwmZlMA0GCSqGSIb3DQEBCwUAA4IBAQBzHB+U
u173BTHa/3okN7xhTWHO35eWeJEcW5emsqIkEvuDhRlP9npG2dnVbKFcV8DnLb3C
FL90E5x5HpYi2eDRdXeLaeAgnrHgW2aw5YGtDYz2dhcCi4r2Q6j4Kc+ZZJlcEwhV
V7RI2eYrt5jhrrTxK+5CPJKwdPks8K/as+Qc77shMtMI5DPAHmi3nNNcgmE991A4
s6sRdGDnoFNLsWDF2P92Aq6U7nUbQIaBZOuUZKcBHQ/L6KUJlpGR5WV89nTV6Lrj
IqR4ZAquHUjd9bjTRfGq4fB/Z84mf5/JqvAoAsugtjs7+ESfFOEppyNjdwoRaP78
OnS+V9VRhGDqwU7A
-----END CERTIFICATE-----