Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/N-dRoRwaeIj6WNv8MsiVm8lGMD4.cer
File:                     N-dRoRwaeIj6WNv8MsiVm8lGMD4.cer (raw, json)
Hash identifier:          cBGCkAo53nND2iq6njci6Yezi7TZWRi6SUk2ja2eFwg=
Subject key identifier:   37:E7:51:A1:1C:1A:78:88:FA:58:DB:FC:32:C8:95:9B:C9:46:30:3E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56E30B3CC91416655AE78A4CE7F2725
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/45/6b0344-8229-4d25-b498-8ce7c4fc5e0b/1/N-dRoRwaeIj6WNv8MsiVm8lGMD4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/45/6b0344-8229-4d25-b498-8ce7c4fc5e0b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:29:42 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.205.70.0/24
                          IP: 2a10:9000::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:30:b3:cc:91:41:66:55:ae:78:a4:ce:7f:27:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37e751a11c1a7888fa58dbfc32c8959bc946303e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:46:44:b3:5b:c1:b7:91:e1:7e:4b:76:6e:10:
                    f8:bb:69:11:0d:85:13:57:2e:b4:6f:2b:9e:cb:42:
                    a1:fc:3a:f5:6d:8a:a2:5d:45:8f:bb:89:63:9f:04:
                    1a:97:65:fe:83:a4:b8:c9:1e:e7:e4:f5:d1:6b:66:
                    83:3f:6d:89:c3:d5:b0:de:ef:9d:b9:52:d3:29:91:
                    8c:f2:f4:1f:14:da:ee:b1:da:a4:8a:78:25:f1:8c:
                    47:f2:99:49:5b:16:ae:e5:9f:61:c3:50:34:0a:25:
                    e5:97:96:2e:ad:1e:6a:93:42:de:50:bc:62:bc:90:
                    ab:31:61:0c:be:fa:a0:7f:fd:1c:7a:d8:ce:70:eb:
                    35:01:83:dc:db:38:a7:b8:80:91:90:56:93:ab:24:
                    41:5b:6b:c8:0d:12:03:42:f2:9c:5a:62:45:5e:56:
                    87:35:08:50:d4:9f:7a:1e:15:72:fd:04:52:1d:fd:
                    ec:4f:81:69:39:54:a0:b9:48:d3:2b:8b:4a:33:64:
                    b1:76:73:9d:0b:da:e1:6b:ca:56:dc:88:5d:8a:e6:
                    41:b3:6c:29:97:0e:e7:5b:d3:76:8f:a6:95:95:3b:
                    be:27:88:6a:84:a6:b6:79:89:c2:50:ee:ce:7d:f0:
                    7f:e7:6d:94:01:ba:62:09:d9:df:52:29:13:ca:3f:
                    ae:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:E7:51:A1:1C:1A:78:88:FA:58:DB:FC:32:C8:95:9B:C9:46:30:3E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/6b0344-8229-4d25-b498-8ce7c4fc5e0b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/6b0344-8229-4d25-b498-8ce7c4fc5e0b/1/N-dRoRwaeIj6WNv8MsiVm8lGMD4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.70.0/24
                IPv6:
                  2a10:9000::/29

    Signature Algorithm: sha256WithRSAEncryption
         7c:2e:40:08:d1:46:90:e9:68:7e:13:e9:58:1d:9f:48:6a:ad:
         55:e2:4a:87:e2:9c:af:f1:ec:b3:2e:c9:91:18:c1:f5:7c:73:
         f9:5f:77:ae:de:2d:cd:a0:b1:e6:01:6a:93:2a:5c:28:c2:a4:
         9b:4f:4b:d0:e8:d8:a2:f8:11:93:5c:4d:b1:b1:9b:b6:ae:c6:
         34:76:f4:3b:2b:cb:24:d8:2b:93:ff:8d:4f:ed:76:70:5a:be:
         12:d5:9a:3c:99:6c:dd:9f:99:24:9b:04:53:0d:3c:08:e4:86:
         da:ed:72:7e:d6:f4:42:a9:8c:95:32:66:e0:62:18:80:10:aa:
         f5:e8:bd:81:c5:78:9e:ba:d2:e5:81:e9:e1:7b:5b:fb:e7:3f:
         50:1a:0e:ed:7c:64:ea:ea:03:d5:b7:db:4c:6a:23:40:48:41:
         ba:82:f0:a3:16:cb:b1:2a:4f:51:1f:71:ef:e9:e8:0a:30:48:
         0a:2e:ac:91:c4:7c:af:48:59:6d:90:bf:36:4e:82:20:13:99:
         96:69:03:45:84:ac:8d:e2:c6:b1:6e:7a:e3:3c:34:2c:bf:b9:
         51:42:18:a5:7e:a9:ac:38:50:75:75:6a:32:be:ef:4c:1b:e9:
         7d:1f:ba:5a:96:d7:ea:79:86:ab:17:c7:76:2e:ab:17:88:5b:
         35:10:6b:62
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzFbjCzzJFBZlWueKTOfyclMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2U3NTFhMTFjMWE3ODg4ZmE1OGRiZmMzMmM4OTU5YmM5NDYzMDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhEZEs1vBt5Hhfkt2bhD4u2kRDYUT
Vy60byuey0Kh/Dr1bYqiXUWPu4ljnwQal2X+g6S4yR7n5PXRa2aDP22Jw9Ww3u+d
uVLTKZGM8vQfFNrusdqkingl8YxH8plJWxau5Z9hw1A0CiXll5YurR5qk0LeULxi
vJCrMWEMvvqgf/0cetjOcOs1AYPc2zinuICRkFaTqyRBW2vIDRIDQvKcWmJFXlaH
NQhQ1J96HhVy/QRSHf3sT4FpOVSguUjTK4tKM2SxdnOdC9rha8pW3IhdiuZBs2wp
lw7nW9N2j6aVlTu+J4hqhKa2eYnCUO7OffB/522UAbpiCdnfUikTyj+u6QIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFDfnUaEcGniI+ljb/DLIlZvJRjA+MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ1LzZiMDM0
NC04MjI5LTRkMjUtYjQ5OC04Y2U3YzRmYzVlMGIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDUvNmIwMzQ0
LTgyMjktNGQyNS1iNDk4LThjZTdjNGZjNWUwYi8xL04tZFJvUndhZUlqNldOdjhN
c2lWbThsR01ENC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAuc1GMA0EAgACMAcDBQMqEJAAMA0GCSqGSIb3
DQEBCwUAA4IBAQB8LkAI0UaQ6Wh+E+lYHZ9Iaq1V4kqH4pyv8eyzLsmRGMH1fHP5
X3eu3i3NoLHmAWqTKlwowqSbT0vQ6Nii+BGTXE2xsZu2rsY0dvQ7K8sk2CuT/41P
7XZwWr4S1Zo8mWzdn5kkmwRTDTwI5Iba7XJ+1vRCqYyVMmbgYhiAEKr16L2BxXie
utLlgenhe1v75z9QGg7tfGTq6gPVt9tMaiNASEG6gvCjFsuxKk9RH3Hv6egKMEgK
LqyRxHyvSFltkL82ToIgE5mWaQNFhKyN4saxbnrjPDQsv7lRQhilfqmsOFB1dWoy
vu9MG+l9H7paltfqeYarF8d2LqsXiFs1EGti
-----END CERTIFICATE-----