Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/LjC09SIqRoXFTNJcTLjW-TIzrHs.cer
File:                     LjC09SIqRoXFTNJcTLjW-TIzrHs.cer (raw, json)
Hash identifier:          DdzqoLTrCwWlHUR1bB5faMs+O5Liii7dDKk78AHE7+0=
Subject key identifier:   2E:30:B4:F5:22:2A:46:85:C5:4C:D2:5C:4C:B8:D6:F9:32:33:AC:7B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0191B310DFCBA264218BD78989BBCBD84C33
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/eb/ee4c8a-1eb2-4518-8b5b-8616a310e803/1/LjC09SIqRoXFTNJcTLjW-TIzrHs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/eb/ee4c8a-1eb2-4518-8b5b-8616a310e803/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 02 Sep 2024 14:08:33 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 45.87.64.0/22
                          IP: 2a0e:f480::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b3:10:df:cb:a2:64:21:8b:d7:89:89:bb:cb:d8:4c:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Sep  2 14:08:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e30b4f5222a4685c54cd25c4cb8d6f93233ac7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b8:6e:d2:60:59:6b:fd:a9:ae:10:f4:4b:99:
                    c1:fb:94:06:49:47:91:e8:6d:b6:c7:bd:fe:f1:a8:
                    5b:a9:94:e9:4e:b5:43:7f:6a:bb:d4:e5:90:b6:b3:
                    09:e5:6a:66:21:36:a1:c6:30:c8:6e:6f:d9:06:27:
                    44:10:b0:9a:ff:56:fa:bd:91:51:7b:12:d2:62:7b:
                    4d:57:fb:a8:ef:b3:b4:e9:36:29:6c:22:cc:cd:94:
                    b6:27:c3:5e:7b:5b:a4:f6:6c:88:b3:9f:1b:57:93:
                    95:1c:47:90:c4:31:0a:01:39:27:a4:03:af:88:b7:
                    9e:da:c6:c0:0e:44:17:0b:1e:73:75:96:13:24:e1:
                    3b:5b:ac:6b:e1:de:35:85:8b:d2:39:b9:dd:d9:be:
                    98:15:c1:11:51:20:75:fb:5d:d1:2c:cb:6f:b3:c1:
                    65:9c:95:7d:d9:e3:e8:02:3f:d1:65:1f:10:c0:4a:
                    32:31:eb:63:c7:de:ca:e6:ce:fb:5b:a1:f9:b8:83:
                    47:14:73:c9:22:f2:f3:cd:07:41:fc:8b:da:5c:24:
                    be:a1:a5:5f:1f:86:e7:cf:0a:99:c2:1d:ce:cc:b2:
                    43:a3:df:a6:26:8b:ec:28:75:33:b2:de:8b:64:5e:
                    77:af:57:81:62:af:44:dd:a1:8d:d6:89:02:6d:b5:
                    91:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:30:B4:F5:22:2A:46:85:C5:4C:D2:5C:4C:B8:D6:F9:32:33:AC:7B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/ee4c8a-1eb2-4518-8b5b-8616a310e803/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/ee4c8a-1eb2-4518-8b5b-8616a310e803/1/LjC09SIqRoXFTNJcTLjW-TIzrHs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.64.0/22
                IPv6:
                  2a0e:f480::/29

    Signature Algorithm: sha256WithRSAEncryption
         00:f8:67:e5:d8:75:74:b4:5d:f2:30:86:7a:83:75:9f:4f:d1:
         29:0e:c4:d9:b8:7d:92:c4:6b:27:1a:39:05:13:fc:6c:14:0b:
         04:45:e7:8a:a2:51:cf:da:f1:19:cc:24:f5:c5:72:0a:89:8b:
         42:96:12:c8:79:c5:c0:19:30:43:dd:df:57:67:be:68:a9:8c:
         64:53:a9:30:d7:df:b5:d8:c5:16:a2:be:09:ca:49:31:fb:53:
         69:76:dd:1d:d9:5f:21:8d:83:61:c4:43:43:e0:57:45:ae:67:
         a0:ed:73:9f:14:19:15:ed:52:c7:d9:21:af:0e:26:3e:a8:c1:
         e2:3a:a8:83:7d:b8:33:d9:d6:24:56:d8:3b:83:8b:7b:9f:35:
         08:68:23:3b:24:16:ab:e0:f5:a5:72:e0:06:3b:6f:a8:47:d1:
         75:9b:3f:ad:cb:b8:43:0c:51:72:fa:6e:91:d2:93:f4:b4:38:
         51:e2:7e:24:fc:be:7f:4f:7b:27:4d:7a:0f:eb:fa:fe:61:d1:
         f2:8e:54:68:af:65:4c:eb:00:ef:30:dd:3c:3b:a1:5f:c5:15:
         94:89:81:64:c8:f6:74:8e:8d:53:3a:7b:cb:b8:f5:dc:30:f6:
         e9:d5:75:f5:96:d8:12:cd:46:8e:aa:4b:8b:eb:13:eb:74:7b:
         95:08:53:8d
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZGzEN/LomQhi9eJibvL2EwzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwOTAyMTQwODMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTMwYjRmNTIyMmE0Njg1YzU0Y2QyNWM0Y2I4ZDZmOTMyMzNhYzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbhu0mBZa/2prhD0S5nB+5QGSUeR
6G22x73+8ahbqZTpTrVDf2q71OWQtrMJ5WpmITahxjDIbm/ZBidEELCa/1b6vZFR
exLSYntNV/uo77O06TYpbCLMzZS2J8Nee1uk9myIs58bV5OVHEeQxDEKATknpAOv
iLee2sbADkQXCx5zdZYTJOE7W6xr4d41hYvSObnd2b6YFcERUSB1+13RLMtvs8Fl
nJV92ePoAj/RZR8QwEoyMetjx97K5s77W6H5uINHFHPJIvLzzQdB/IvaXCS+oaVf
H4bnzwqZwh3OzLJDo9+mJovsKHUzst6LZF53r1eBYq9E3aGN1okCbbWREwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFC4wtPUiKkaFxUzSXEy41vkyM6x7MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ViL2VlNGM4
YS0xZWIyLTQ1MTgtOGI1Yi04NjE2YTMxMGU4MDMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWIvZWU0Yzhh
LTFlYjItNDUxOC04YjViLTg2MTZhMzEwZTgwMy8xL0xqQzA5U0lxUm9YRlROSmNU
TGpXLVRJenJIcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCLVdAMA0EAgACMAcDBQMqDvSAMA0GCSqGSIb3
DQEBCwUAA4IBAQAA+Gfl2HV0tF3yMIZ6g3WfT9EpDsTZuH2SxGsnGjkFE/xsFAsE
ReeKolHP2vEZzCT1xXIKiYtClhLIecXAGTBD3d9XZ75oqYxkU6kw19+12MUWor4J
ykkx+1Npdt0d2V8hjYNhxEND4FdFrmeg7XOfFBkV7VLH2SGvDiY+qMHiOqiDfbgz
2dYkVtg7g4t7nzUIaCM7JBar4PWlcuAGO2+oR9F1mz+ty7hDDFFy+m6R0pP0tDhR
4n4k/L5/T3snTXoP6/r+YdHyjlRor2VM6wDvMN08O6FfxRWUiYFkyPZ0jo1TOnvL
uPXcMPbp1XX1ltgSzUaOqkuL6xPrdHuVCFON
-----END CERTIFICATE-----