Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/MAVTeLXXzAy3lDvIAzeQFbNIUpY.cer
File:                     MAVTeLXXzAy3lDvIAzeQFbNIUpY.cer (raw, json)
Hash identifier:          kDfyx51mIQf8wUNIrjqqQ3f5o+e31NFG2yERexGBsVY=
Subject key identifier:   30:05:53:78:B5:D7:CC:0C:B7:94:3B:C8:03:37:90:15:B3:48:52:96
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA9947F267FFF0020D16A927EFA2BD4A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4a/08cda2-bebe-49a7-b46c-0a50803b0fbc/1/MAVTeLXXzAy3lDvIAzeQFbNIUpY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4a/08cda2-bebe-49a7-b46c-0a50803b0fbc/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 14:34:52 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 45.67.8.0/22
                          IP: 2a09:6f40::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:47:f2:67:ff:f0:02:0d:16:a9:27:ef:a2:bd:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 14:34:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30055378b5d7cc0cb7943bc803379015b3485296
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:be:98:e4:fe:0e:6f:ac:ab:d1:d5:80:33:12:
                    2b:2f:49:53:b2:45:6a:4f:1d:ef:d9:9b:c7:c4:71:
                    cd:39:74:84:e8:31:1d:9b:fe:a7:e1:7d:c3:36:5e:
                    bf:ba:1f:ac:5e:59:fd:de:69:7d:dc:7d:59:02:21:
                    02:f9:d8:1a:c8:24:4a:ac:1e:04:96:e8:a2:bf:b6:
                    fd:44:ea:ec:f7:d9:bc:0f:a6:2b:d0:0a:4a:af:d3:
                    30:52:8c:42:81:80:f0:3c:c4:65:27:6e:81:c6:61:
                    45:ca:a0:82:ab:d2:a9:a3:e0:6c:f9:f3:47:82:cb:
                    7d:f0:5a:4b:50:76:40:78:dd:91:11:20:5e:98:40:
                    26:b0:4a:29:35:0c:0e:40:83:91:55:6b:dc:c1:90:
                    b0:56:3a:b0:80:af:7f:dd:dc:35:ff:f4:ac:49:d0:
                    8b:22:b2:64:03:1a:e2:b6:fa:d1:40:d0:99:5d:e1:
                    c8:32:6d:25:39:b1:87:5d:21:8c:75:d1:e7:cb:2a:
                    10:56:93:a8:a8:c2:b8:a4:be:01:e5:40:a0:df:77:
                    92:c5:a6:22:47:b6:ad:e2:24:94:45:ea:8e:43:83:
                    5d:df:05:b1:17:d9:24:35:d0:11:1d:75:d2:60:e8:
                    81:39:60:e3:da:63:0a:a1:f9:07:e3:d6:df:e8:41:
                    28:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:05:53:78:B5:D7:CC:0C:B7:94:3B:C8:03:37:90:15:B3:48:52:96
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/08cda2-bebe-49a7-b46c-0a50803b0fbc/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/08cda2-bebe-49a7-b46c-0a50803b0fbc/1/MAVTeLXXzAy3lDvIAzeQFbNIUpY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.8.0/22
                IPv6:
                  2a09:6f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         aa:cc:aa:b5:f7:53:1a:44:34:18:d0:a1:91:10:d4:c6:26:67:
         a1:38:ff:64:09:23:e9:34:7e:ac:81:84:70:99:46:d6:65:2d:
         55:c2:6e:83:82:ac:e7:09:2d:66:2c:21:a8:38:7c:40:c4:d5:
         b0:56:f8:f6:8b:35:bd:15:71:af:ec:49:8a:00:42:c6:65:66:
         0e:c4:02:ce:65:ce:02:ca:b3:48:0c:a7:ed:07:8f:04:38:99:
         cb:56:b1:ef:45:27:74:db:97:59:e0:8a:aa:41:a2:2d:d8:df:
         30:15:58:e8:0d:45:cd:66:7b:4a:d7:3b:48:6e:65:d6:dc:19:
         1b:2d:c9:64:e9:21:49:16:f1:cc:cb:1e:94:e9:92:6e:23:01:
         ae:c4:41:f7:ab:fd:34:0a:75:79:27:d6:4a:ce:f7:60:bc:72:
         fe:37:33:8d:e4:d5:32:32:42:a2:7d:71:4d:e4:95:47:09:4e:
         37:de:9a:aa:1f:67:89:c5:10:a7:1e:c7:e9:42:f0:71:5b:69:
         3b:c5:6c:65:60:8d:be:e5:02:d6:82:e6:06:57:9e:87:36:8c:
         3a:d2:84:d5:8e:9c:98:8a:ba:06:eb:d0:c4:3d:46:78:cc:24:
         87:fd:4d:b1:3f:8c:91:7b:ec:98:0a:f4:d4:ca:c0:0d:fb:b1:
         66:39:12:e6
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzKmUfyZ//wAg0WqSfvor1KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTQzNDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDA1NTM3OGI1ZDdjYzBjYjc5NDNiYzgwMzM3OTAxNWIzNDg1Mjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq76Y5P4Ob6yr0dWAMxIrL0lTskVq
Tx3v2ZvHxHHNOXSE6DEdm/6n4X3DNl6/uh+sXln93ml93H1ZAiEC+dgayCRKrB4E
luiiv7b9ROrs99m8D6Yr0ApKr9MwUoxCgYDwPMRlJ26BxmFFyqCCq9Kpo+Bs+fNH
gst98FpLUHZAeN2RESBemEAmsEopNQwOQIORVWvcwZCwVjqwgK9/3dw1//SsSdCL
IrJkAxritvrRQNCZXeHIMm0lObGHXSGMddHnyyoQVpOoqMK4pL4B5UCg33eSxaYi
R7at4iSUReqOQ4Nd3wWxF9kkNdARHXXSYOiBOWDj2mMKofkH49bf6EEoSQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFDAFU3i118wMt5Q7yAM3kBWzSFKWMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRhLzA4Y2Rh
Mi1iZWJlLTQ5YTctYjQ2Yy0wYTUwODAzYjBmYmMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGEvMDhjZGEy
LWJlYmUtNDlhNy1iNDZjLTBhNTA4MDNiMGZiYy8xL01BVlRlTFhYekF5M2xEdklB
emVRRmJOSVVwWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCLUMIMA0EAgACMAcDBQMqCW9AMA0GCSqGSIb3
DQEBCwUAA4IBAQCqzKq191MaRDQY0KGRENTGJmehOP9kCSPpNH6sgYRwmUbWZS1V
wm6DgqznCS1mLCGoOHxAxNWwVvj2izW9FXGv7EmKAELGZWYOxALOZc4CyrNIDKft
B48EOJnLVrHvRSd025dZ4IqqQaIt2N8wFVjoDUXNZntK1ztIbmXW3BkbLclk6SFJ
FvHMyx6U6ZJuIwGuxEH3q/00CnV5J9ZKzvdgvHL+NzON5NUyMkKifXFN5JVHCU43
3pqqH2eJxRCnHsfpQvBxW2k7xWxlYI2+5QLWguYGV56HNow60oTVjpyYiroG69DE
PUZ4zCSH/U2xP4yRe+yYCvTUysAN+7FmORLm
-----END CERTIFICATE-----