Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/M-hVC8yfs7FAJgwp1p94mXjcwJo.cer
File:                     M-hVC8yfs7FAJgwp1p94mXjcwJo.cer (raw, json)
Hash identifier:          8iiyG2fnNg78jseuDp4odF0DEKAa254AdHdkykzTx9k=
Subject key identifier:   33:E8:55:0B:CC:9F:B3:B1:40:26:0C:29:D6:9F:78:99:78:DC:C0:9A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC50063ACBF9C030813DDC8C83EE1D4F0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d6/4116b6-f1c9-49ad-8b0f-ad2497f284f5/1/M-hVC8yfs7FAJgwp1p94mXjcwJo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d6/4116b6-f1c9-49ad-8b0f-ad2497f284f5/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:29:46 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.91.188.0/22
                          IP: 2a05:ed00::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:63:ac:bf:9c:03:08:13:dd:c8:c8:3e:e1:d4:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33e8550bcc9fb3b140260c29d69f789978dcc09a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:4d:03:7a:db:f9:6f:a9:02:a5:c1:f2:46:d9:
                    6e:b0:ed:be:fa:d9:12:25:58:8d:26:ff:18:03:81:
                    61:6a:29:a1:74:00:3a:26:4f:28:f0:74:c5:6b:d3:
                    da:cc:aa:e3:e9:6a:9d:a0:ac:4a:45:f0:a8:09:3c:
                    3e:9e:cf:3a:1a:b2:7a:eb:4a:98:1e:50:4d:96:e8:
                    63:13:cb:6f:e9:cf:93:1d:f6:f0:85:72:ec:16:6e:
                    b2:6b:b0:8d:8f:27:b7:e6:72:14:24:e4:81:ec:9c:
                    e6:42:ef:4c:57:de:27:3f:98:b8:d4:5d:e1:62:0a:
                    9a:e1:3f:e6:2e:fb:bf:e3:01:4e:90:40:ef:6b:c9:
                    50:0f:5a:c7:e2:46:56:02:a0:9b:d4:fa:52:76:b4:
                    c8:d2:4b:84:43:cc:3a:be:06:8b:14:ba:de:82:3d:
                    94:e2:92:44:c6:04:1d:48:37:4e:53:95:a0:d9:7a:
                    a0:cf:93:84:4d:31:89:d0:0f:a1:cd:db:a7:d5:95:
                    56:6a:a6:bf:46:8a:b2:7f:8e:cc:d1:41:6f:e4:5f:
                    59:5b:14:46:51:b3:f5:c6:a0:bd:08:ca:d0:c2:68:
                    a1:f0:33:c3:64:91:a5:c6:41:be:56:98:58:21:4f:
                    80:b5:3e:79:7b:d4:b5:7b:6f:75:5b:f4:41:ae:8f:
                    dc:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:E8:55:0B:CC:9F:B3:B1:40:26:0C:29:D6:9F:78:99:78:DC:C0:9A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/4116b6-f1c9-49ad-8b0f-ad2497f284f5/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/4116b6-f1c9-49ad-8b0f-ad2497f284f5/1/M-hVC8yfs7FAJgwp1p94mXjcwJo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.188.0/22
                IPv6:
                  2a05:ed00::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:c7:e5:c5:3b:b3:42:26:19:2b:52:89:84:a2:4c:70:ab:6b:
         ef:61:4e:ae:9a:17:5e:8f:6c:29:b4:3c:0d:60:60:75:07:8e:
         08:40:4d:8f:f1:16:eb:f4:12:05:f9:6f:8e:bf:a8:69:aa:2c:
         c3:c1:57:c8:64:ff:a4:57:df:da:2e:ed:33:3a:fa:11:82:7e:
         ad:38:b7:ec:58:b1:33:50:22:46:b6:13:8c:cf:b1:2a:94:85:
         6e:ad:1e:48:92:75:cc:5f:83:07:45:41:12:3f:ca:42:f1:01:
         c9:74:94:d0:f7:ab:01:91:c4:1b:ac:9c:e4:89:59:ab:f1:37:
         cc:c8:86:4b:59:45:79:19:30:a7:d0:1c:8b:6e:8e:96:46:14:
         04:ae:43:db:f3:07:31:3a:85:1b:fa:56:be:dc:a9:6c:fe:76:
         9a:1c:a8:e5:da:ac:7e:c0:6b:96:8e:7f:27:9e:96:55:19:ee:
         79:c1:40:d3:4a:4f:41:76:63:32:43:33:d3:ed:44:c9:44:2e:
         02:6e:79:d9:e8:e8:59:e4:c4:e5:6d:70:40:e1:44:29:ec:f3:
         96:ad:62:93:31:98:00:97:fb:82:ad:7a:98:a1:c9:d1:a6:98:
         2d:07:06:3e:c1:fa:3e:0d:93:30:b3:00:a7:e5:28:7e:d1:28:
         02:0a:6e:0e
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzFAGOsv5wDCBPdyMg+4dTwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2U4NTUwYmNjOWZiM2IxNDAyNjBjMjlkNjlmNzg5OTc4ZGNjMDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjk0Detv5b6kCpcHyRtlusO2++tkS
JViNJv8YA4FhaimhdAA6Jk8o8HTFa9PazKrj6WqdoKxKRfCoCTw+ns86GrJ660qY
HlBNluhjE8tv6c+THfbwhXLsFm6ya7CNjye35nIUJOSB7JzmQu9MV94nP5i41F3h
Ygqa4T/mLvu/4wFOkEDva8lQD1rH4kZWAqCb1PpSdrTI0kuEQ8w6vgaLFLregj2U
4pJExgQdSDdOU5Wg2Xqgz5OETTGJ0A+hzdun1ZVWaqa/Roqyf47M0UFv5F9ZWxRG
UbP1xqC9CMrQwmih8DPDZJGlxkG+VphYIU+AtT55e9S1e291W/RBro/cuwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFDPoVQvMn7OxQCYMKdafeJl43MCaMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q2LzQxMTZi
Ni1mMWM5LTQ5YWQtOGIwZi1hZDI0OTdmMjg0ZjUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDYvNDExNmI2
LWYxYzktNDlhZC04YjBmLWFkMjQ5N2YyODRmNS8xL00taFZDOHlmczdGQUpnd3Ax
cDk0bVhqY3dKby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuVu8MA0EAgACMAcDBQMqBe0AMA0GCSqGSIb3
DQEBCwUAA4IBAQCJx+XFO7NCJhkrUomEokxwq2vvYU6umhdej2wptDwNYGB1B44I
QE2P8Rbr9BIF+W+Ov6hpqizDwVfIZP+kV9/aLu0zOvoRgn6tOLfsWLEzUCJGthOM
z7EqlIVurR5IknXMX4MHRUESP8pC8QHJdJTQ96sBkcQbrJzkiVmr8TfMyIZLWUV5
GTCn0ByLbo6WRhQErkPb8wcxOoUb+la+3Kls/naaHKjl2qx+wGuWjn8nnpZVGe55
wUDTSk9BdmMyQzPT7UTJRC4CbnnZ6OhZ5MTlbXBA4UQp7POWrWKTMZgAl/uCrXqY
ocnRppgtBwY+wfo+DZMwswCn5Sh+0SgCCm4O
-----END CERTIFICATE-----