Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/M0-fg9LXTAwP0A2nNVePc33X2gM.cer
File:                     M0-fg9LXTAwP0A2nNVePc33X2gM.cer (raw, json)
Hash identifier:          f150LEVAmOVg3/vSESBHHf35rwyMwDrFPeTsCdPtajg=
Subject key identifier:   33:4F:9F:83:D2:D7:4C:0C:0F:D0:0D:A7:35:57:8F:73:7D:D7:DA:03
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01923344AB3822794AE93A7A7DA49DCE67CD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b1/9c5f06-59a7-4588-ac28-efd20f6c2ec3/1/M0-fg9LXTAwP0A2nNVePc33X2gM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b1/9c5f06-59a7-4588-ac28-efd20f6c2ec3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 27 Sep 2024 11:36:31 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 195.54.59.0/24
                          IP: 2a12:5340::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:33:44:ab:38:22:79:4a:e9:3a:7a:7d:a4:9d:ce:67:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Sep 27 11:36:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=334f9f83d2d74c0c0fd00da735578f737dd7da03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:49:4d:68:aa:12:0f:16:b0:0d:26:84:26:0c:
                    86:5d:dd:69:e4:ca:45:b8:8c:83:3f:3f:d6:eb:91:
                    78:f0:ca:b5:29:76:2f:20:b7:99:1e:b2:fc:c4:92:
                    a1:b9:e7:36:8f:74:7d:ff:45:3d:22:e4:56:13:d2:
                    8d:5e:9b:2a:00:20:65:6a:c1:ef:be:55:dc:3f:05:
                    1e:1e:b0:2c:9b:6d:1d:76:2a:5a:69:e6:e2:ec:93:
                    f8:92:6a:96:23:18:a0:b1:d4:46:88:7b:eb:f7:16:
                    b4:8b:fe:19:ce:6d:05:6c:bd:ce:45:e1:eb:60:7b:
                    5b:d5:fd:39:ea:a0:f5:c0:d7:1a:85:33:73:e8:67:
                    70:91:b5:b7:2a:c1:0b:cf:12:42:dd:2e:7d:3d:f3:
                    26:22:ad:b0:4f:1e:fe:9b:6b:48:d5:60:6a:b4:78:
                    b0:bf:10:34:9a:36:44:e3:9a:9f:bd:0b:b2:ab:b0:
                    14:3b:23:11:b0:d2:e9:23:d6:a0:4f:9f:7a:b2:a4:
                    bd:09:3c:0e:7a:71:c8:c4:82:0c:bb:c8:f5:96:90:
                    6a:54:65:b2:53:d3:ad:8e:4a:b7:d8:0f:25:8f:04:
                    06:d3:e1:9f:d1:cc:29:19:9b:05:d9:e0:0a:3b:e7:
                    11:ac:2f:19:e9:79:40:49:29:b5:ee:9f:52:a3:79:
                    63:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:4F:9F:83:D2:D7:4C:0C:0F:D0:0D:A7:35:57:8F:73:7D:D7:DA:03
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/9c5f06-59a7-4588-ac28-efd20f6c2ec3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/9c5f06-59a7-4588-ac28-efd20f6c2ec3/1/M0-fg9LXTAwP0A2nNVePc33X2gM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.54.59.0/24
                IPv6:
                  2a12:5340::/29

    Signature Algorithm: sha256WithRSAEncryption
         81:49:92:2c:45:4f:4f:0e:75:ee:aa:70:10:50:a9:89:9f:b0:
         5c:e1:3c:d8:d2:50:e1:27:87:fe:68:df:4b:23:5e:91:c2:01:
         88:0d:0b:c4:72:43:4e:89:7d:ac:8c:6a:16:91:58:10:14:3a:
         5c:f2:5f:e3:50:7f:00:a2:a6:d7:83:73:11:24:ea:02:f1:03:
         67:15:92:fa:ce:20:cb:10:90:73:02:18:bf:ee:d3:53:c7:23:
         b8:fe:e8:a5:7a:48:f5:04:76:5c:c7:53:02:48:38:6f:2b:99:
         ae:78:b3:f7:8f:fc:9e:8f:f6:72:6d:bf:ee:52:ef:f0:9f:e0:
         a1:98:c8:35:f9:b2:cd:5b:0f:e7:21:c9:71:fb:98:3e:12:22:
         90:7a:8a:55:5b:db:58:74:1b:b9:0a:dc:4f:0e:36:ee:ec:64:
         4b:1a:44:71:42:41:29:26:b8:85:34:02:79:8d:99:89:71:8a:
         e0:bc:7f:28:e7:e3:da:93:43:36:7b:5a:8f:50:ab:b9:a3:0a:
         3c:0c:d3:6f:f5:09:86:94:aa:98:13:02:db:d6:97:00:9e:33:
         c3:71:47:69:96:e5:0a:58:24:7f:88:29:e4:a6:ab:9c:cd:41:
         b9:8f:8d:51:fe:a9:43:c8:eb:34:ac:67:cf:c3:f5:f0:2e:87:
         f9:7e:01:f7
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZIzRKs4InlK6Tp6faSdzmfNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwOTI3MTEzNjMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzRmOWY4M2QyZDc0YzBjMGZkMDBkYTczNTU3OGY3MzdkZDdkYTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArElNaKoSDxawDSaEJgyGXd1p5MpF
uIyDPz/W65F48Mq1KXYvILeZHrL8xJKhuec2j3R9/0U9IuRWE9KNXpsqACBlasHv
vlXcPwUeHrAsm20ddipaaebi7JP4kmqWIxigsdRGiHvr9xa0i/4Zzm0FbL3OReHr
YHtb1f056qD1wNcahTNz6GdwkbW3KsELzxJC3S59PfMmIq2wTx7+m2tI1WBqtHiw
vxA0mjZE45qfvQuyq7AUOyMRsNLpI9agT596sqS9CTwOenHIxIIMu8j1lpBqVGWy
U9Otjkq32A8ljwQG0+Gf0cwpGZsF2eAKO+cRrC8Z6XlASSm17p9So3ljEwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFDNPn4PS10wMD9ANpzVXj3N919oDMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2IxLzljNWYw
Ni01OWE3LTQ1ODgtYWMyOC1lZmQyMGY2YzJlYzMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEvOWM1ZjA2
LTU5YTctNDU4OC1hYzI4LWVmZDIwZjZjMmVjMy8xL00wLWZnOUxYVEF3UDBBMm5O
VmVQYzMzWDJnTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAwzY7MA0EAgACMAcDBQMqElNAMA0GCSqGSIb3
DQEBCwUAA4IBAQCBSZIsRU9PDnXuqnAQUKmJn7Bc4TzY0lDhJ4f+aN9LI16RwgGI
DQvEckNOiX2sjGoWkVgQFDpc8l/jUH8AoqbXg3MRJOoC8QNnFZL6ziDLEJBzAhi/
7tNTxyO4/uilekj1BHZcx1MCSDhvK5mueLP3j/yej/Zybb/uUu/wn+ChmMg1+bLN
Ww/nIclx+5g+EiKQeopVW9tYdBu5CtxPDjbu7GRLGkRxQkEpJriFNAJ5jZmJcYrg
vH8o5+Pak0M2e1qPUKu5owo8DNNv9QmGlKqYEwLb1pcAnjPDcUdpluUKWCR/iCnk
pquczUG5j41R/qlDyOs0rGfPw/XwLof5fgH3
-----END CERTIFICATE-----