Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/MYNgEO7e8V92reup9ymoKL8r6Ms.cer
File:                     MYNgEO7e8V92reup9ymoKL8r6Ms.cer (raw, json)
Hash identifier:          BBElVqqesALxtgFTqwVlfGz0tehI/4gHxa4oLrkzUU4=
Subject key identifier:   31:83:60:10:EE:DE:F1:5F:76:AD:EB:A9:F7:29:A8:28:BF:2B:E8:CB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DB302D5971AD7D254FFFF773EC91BC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/05/1912e8-0d6b-4ed6-8ae4-7d482aa48c68/1/MYNgEO7e8V92reup9ymoKL8r6Ms.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/05/1912e8-0d6b-4ed6-8ae4-7d482aa48c68/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:53 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.239.211.0/24
                          IP: 2a12:5ec0::/30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:30:2d:59:71:ad:7d:25:4f:ff:f7:73:ec:91:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31836010eedef15f76adeba9f729a828bf2be8cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ca:da:3e:6b:d8:bc:e9:44:b2:ac:3e:34:b8:
                    81:45:f1:2d:54:66:42:c5:a0:8c:dc:2a:5a:9c:13:
                    1d:47:e6:d8:eb:90:37:a4:4c:cf:d2:df:00:07:4d:
                    ef:5f:f2:c8:11:33:1b:1c:ad:6e:c2:cf:d0:e5:4c:
                    54:27:dd:88:ae:65:54:99:aa:79:a7:fd:63:99:c8:
                    01:cd:07:ee:b1:59:7d:6a:09:87:85:47:ef:56:da:
                    ca:01:93:45:c3:d9:c1:3c:5f:31:e6:c5:89:a3:2f:
                    75:91:d0:4b:73:41:2f:df:75:7f:65:b0:00:ce:1f:
                    9e:02:39:0d:21:4a:05:39:b6:f8:96:bf:9b:66:90:
                    f0:84:e2:e2:c4:c7:9f:d9:f9:fb:c6:9e:95:5d:ed:
                    84:11:96:03:2f:38:87:e0:27:7f:c9:1e:60:77:20:
                    b5:2f:f1:a1:c2:73:66:6f:d7:85:72:e4:3f:03:a9:
                    9e:f2:be:43:0b:c2:79:cd:89:22:36:3d:95:fd:fd:
                    09:86:42:f3:40:3e:3e:3c:ac:d9:ef:be:49:08:f5:
                    15:15:4a:38:13:d9:16:6c:69:98:2a:e1:f8:dc:d5:
                    60:4f:34:43:69:ae:1b:8f:a4:49:d0:34:6f:d3:b3:
                    9d:f3:51:81:27:2c:14:21:56:6c:73:6c:0e:7a:1c:
                    62:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:83:60:10:EE:DE:F1:5F:76:AD:EB:A9:F7:29:A8:28:BF:2B:E8:CB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/1912e8-0d6b-4ed6-8ae4-7d482aa48c68/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/1912e8-0d6b-4ed6-8ae4-7d482aa48c68/1/MYNgEO7e8V92reup9ymoKL8r6Ms.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.211.0/24
                IPv6:
                  2a12:5ec0::/30

    Signature Algorithm: sha256WithRSAEncryption
         34:bb:56:fb:ab:54:27:3a:51:e1:f5:c7:43:f5:51:cb:fd:1c:
         de:2d:62:74:de:99:56:45:68:72:6b:66:2c:a1:93:2b:74:d3:
         89:64:10:e5:90:25:2f:d7:d6:d1:e0:b3:f0:58:5f:10:ec:b5:
         76:ba:63:18:42:dc:4b:cc:e8:ad:9f:9e:0c:be:97:c5:c9:f6:
         1a:18:7c:a3:5f:bd:ef:11:44:32:55:4c:97:a5:df:0b:e2:77:
         10:59:ee:f0:53:68:b4:d8:b0:e5:97:83:07:22:c9:b9:65:a1:
         15:cc:cf:3b:2e:2b:a8:1e:fb:7d:08:4e:cc:cc:1b:58:1c:e1:
         0c:16:ed:d6:c0:61:1a:23:cc:a7:f5:67:78:45:0c:31:b6:44:
         05:45:3e:15:0b:1b:36:5a:96:78:e9:90:eb:7a:cf:19:c2:87:
         74:1a:89:d5:bf:b9:97:89:91:fb:aa:d0:e9:09:80:6d:03:5d:
         b5:d2:78:c9:7a:33:8d:97:21:23:ba:0e:0d:54:36:0c:16:ab:
         63:17:74:d5:c7:ba:24:72:b9:0a:bc:7e:0a:1e:0f:a1:1c:ed:
         c0:f8:89:2d:27:c1:c2:c6:cd:14:19:f0:c1:b8:d5:45:4f:8e:
         6f:1f:3c:33:f4:34:b5:7d:f4:de:27:83:6e:50:d9:e1:f0:6e:
         1f:b8:7a:4b
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzC2zAtWXGtfSVP//dz7JG8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTgzNjAxMGVlZGVmMTVmNzZhZGViYTlmNzI5YTgyOGJmMmJlOGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8raPmvYvOlEsqw+NLiBRfEtVGZC
xaCM3CpanBMdR+bY65A3pEzP0t8AB03vX/LIETMbHK1uws/Q5UxUJ92IrmVUmap5
p/1jmcgBzQfusVl9agmHhUfvVtrKAZNFw9nBPF8x5sWJoy91kdBLc0Ev33V/ZbAA
zh+eAjkNIUoFObb4lr+bZpDwhOLixMef2fn7xp6VXe2EEZYDLziH4Cd/yR5gdyC1
L/GhwnNmb9eFcuQ/A6me8r5DC8J5zYkiNj2V/f0JhkLzQD4+PKzZ775JCPUVFUo4
E9kWbGmYKuH43NVgTzRDaa4bj6RJ0DRv07Od81GBJywUIVZsc2wOehxiOQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFDGDYBDu3vFfdq3rqfcpqCi/K+jLMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzA1LzE5MTJl
OC0wZDZiLTRlZDYtOGFlNC03ZDQ4MmFhNDhjNjgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDUvMTkxMmU4
LTBkNmItNGVkNi04YWU0LTdkNDgyYWE0OGM2OC8xL01ZTmdFTzdlOFY5MnJldXA5
eW1vS0w4cjZNcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAW+/TMA0EAgACMAcDBQIqEl7AMA0GCSqGSIb3
DQEBCwUAA4IBAQA0u1b7q1QnOlHh9cdD9VHL/RzeLWJ03plWRWhya2YsoZMrdNOJ
ZBDlkCUv19bR4LPwWF8Q7LV2umMYQtxLzOitn54MvpfFyfYaGHyjX73vEUQyVUyX
pd8L4ncQWe7wU2i02LDll4MHIsm5ZaEVzM87LiuoHvt9CE7MzBtYHOEMFu3WwGEa
I8yn9Wd4RQwxtkQFRT4VCxs2WpZ46ZDres8Zwod0GonVv7mXiZH7qtDpCYBtA121
0njJejONlyEjug4NVDYMFqtjF3TVx7okcrkKvH4KHg+hHO3A+IktJ8HCxs0UGfDB
uNVFT45vHzwz9DS1ffTeJ4NuUNnh8G4fuHpL
-----END CERTIFICATE-----