Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/MIVZam3hzL6mZbRWxNLM0JZJmx8.cer
File:                     MIVZam3hzL6mZbRWxNLM0JZJmx8.cer (raw, json)
Hash identifier:          vIdxnclHCXu5oXCKa2ohkZWEBFyF/gNPbFURW9BaTbE=
Subject key identifier:   30:85:59:6A:6D:E1:CC:BE:A6:65:B4:56:C4:D2:CC:D0:96:49:9B:1F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA99BFA1955E8FCB13A2EBEAE1FCA6B1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/dc/0f65fe-262f-474d-8cb6-8ccb674a3875/1/MIVZam3hzL6mZbRWxNLM0JZJmx8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/dc/0f65fe-262f-474d-8cb6-8ccb674a3875/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 14:35:22 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 85.12.64.0/18
                          IP: 2a0f:bdc0::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:bf:a1:95:5e:8f:cb:13:a2:eb:ea:e1:fc:a6:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 14:35:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3085596a6de1ccbea665b456c4d2ccd096499b1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:08:fd:8a:ec:d2:74:f4:65:2c:51:73:c6:45:
                    e8:bf:0f:db:3d:c9:66:f4:14:79:1e:da:ea:fa:f9:
                    8a:ac:34:35:6e:30:df:93:71:f0:a7:57:39:bd:b0:
                    d0:c8:33:18:03:99:37:a3:77:7f:85:32:b9:eb:42:
                    4f:c2:76:c8:14:c8:c8:53:76:fc:12:f8:7a:dd:aa:
                    47:d3:87:e5:40:d8:a6:16:42:a7:ad:f3:61:2f:13:
                    b8:33:0c:08:1f:25:05:11:ca:c4:a1:32:84:da:35:
                    14:00:86:6b:8f:0e:1f:0e:7d:36:6a:68:5c:b1:f6:
                    f2:a8:97:2d:4e:78:32:5e:bb:9d:b3:a8:1b:27:e7:
                    b8:09:3b:28:54:34:ce:5d:f3:79:49:2c:bd:23:47:
                    9a:76:21:0a:f7:10:8c:61:b5:57:9c:d0:81:73:ea:
                    6a:83:e1:a9:65:c4:48:5d:a0:b5:88:7e:2e:c3:33:
                    8b:c4:e5:85:05:10:6e:17:d6:3b:da:19:65:18:fe:
                    7a:0b:80:df:ed:14:10:af:fb:23:c0:3a:54:84:92:
                    1d:fc:7a:7a:54:8f:76:64:59:99:f9:8d:bd:42:5f:
                    9d:23:25:ae:bd:cb:92:48:9e:7c:13:8a:87:7a:64:
                    d7:a9:aa:14:20:34:6b:4e:89:1c:81:37:9e:86:22:
                    a3:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:85:59:6A:6D:E1:CC:BE:A6:65:B4:56:C4:D2:CC:D0:96:49:9B:1F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/0f65fe-262f-474d-8cb6-8ccb674a3875/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/0f65fe-262f-474d-8cb6-8ccb674a3875/1/MIVZam3hzL6mZbRWxNLM0JZJmx8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.12.64.0/18
                IPv6:
                  2a0f:bdc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         21:ff:d7:06:46:32:05:a3:76:80:a1:25:1b:37:28:02:c4:67:
         88:aa:93:1e:a9:f5:b5:d7:50:09:aa:65:76:8a:3c:df:23:db:
         7e:23:33:f0:1d:aa:85:ec:94:b4:ce:b4:17:cd:12:cf:19:69:
         43:22:51:51:a6:35:9e:ee:42:20:b0:54:4d:74:67:1d:0c:0e:
         75:ad:08:02:f8:85:0f:26:50:ba:65:f9:c1:4d:c1:64:e3:8e:
         e8:3e:f6:b9:1a:71:c0:10:96:7e:75:d7:f9:c2:7c:cb:12:63:
         5f:4e:2a:01:45:f7:0e:b5:f0:82:9d:cb:9d:72:2d:87:c4:56:
         80:04:2d:cd:b8:11:7c:04:a2:8f:fd:5e:02:8f:38:1a:0b:ce:
         72:5a:5b:40:d8:c2:6c:55:0b:80:7a:46:b6:14:96:4f:7b:2e:
         5b:f5:82:1d:35:7e:83:47:d4:d3:7e:d1:29:06:72:ea:8d:54:
         5c:dc:ae:13:66:1f:76:ca:37:d8:33:53:a3:a6:c8:73:ac:0c:
         3d:98:4e:41:f9:aa:5e:35:ab:c1:ae:84:66:a9:de:92:48:34:
         e6:f3:a6:a5:c4:cb:66:33:22:b4:96:5e:7a:71:c0:8a:39:e3:
         85:a1:d8:a7:11:24:f6:21:7a:c8:4e:d7:ff:0a:73:08:0b:34:
         8c:52:8d:fb
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzKmb+hlV6PyxOi6+rh/KaxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTQzNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDg1NTk2YTZkZTFjY2JlYTY2NWI0NTZjNGQyY2NkMDk2NDk5YjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Aj9iuzSdPRlLFFzxkXovw/bPclm
9BR5Htrq+vmKrDQ1bjDfk3Hwp1c5vbDQyDMYA5k3o3d/hTK560JPwnbIFMjIU3b8
Evh63apH04flQNimFkKnrfNhLxO4MwwIHyUFEcrEoTKE2jUUAIZrjw4fDn02amhc
sfbyqJctTngyXruds6gbJ+e4CTsoVDTOXfN5SSy9I0eadiEK9xCMYbVXnNCBc+pq
g+GpZcRIXaC1iH4uwzOLxOWFBRBuF9Y72hllGP56C4Df7RQQr/sjwDpUhJId/Hp6
VI92ZFmZ+Y29Ql+dIyWuvcuSSJ58E4qHemTXqaoUIDRrTokcgTeehiKjEQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFDCFWWpt4cy+pmW0VsTSzNCWSZsfMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2RjLzBmNjVm
ZS0yNjJmLTQ3NGQtOGNiNi04Y2NiNjc0YTM4NzUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGMvMGY2NWZl
LTI2MmYtNDc0ZC04Y2I2LThjY2I2NzRhMzg3NS8xL01JVlphbTNoekw2bVpiUld4
TkxNMEpaSm14OC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQGVQxAMA0EAgACMAcDBQMqD73AMA0GCSqGSIb3
DQEBCwUAA4IBAQAh/9cGRjIFo3aAoSUbNygCxGeIqpMeqfW111AJqmV2ijzfI9t+
IzPwHaqF7JS0zrQXzRLPGWlDIlFRpjWe7kIgsFRNdGcdDA51rQgC+IUPJlC6ZfnB
TcFk447oPva5GnHAEJZ+ddf5wnzLEmNfTioBRfcOtfCCncudci2HxFaABC3NuBF8
BKKP/V4CjzgaC85yWltA2MJsVQuAeka2FJZPey5b9YIdNX6DR9TTftEpBnLqjVRc
3K4TZh92yjfYM1OjpshzrAw9mE5B+apeNavBroRmqd6SSDTm86alxMtmMyK0ll56
ccCKOeOFodinEST2IXrITtf/CnMICzSMUo37
-----END CERTIFICATE-----