Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/PTJXpMwtmJsxJtiyz9u8IBXgi7Q.cer
File:                     PTJXpMwtmJsxJtiyz9u8IBXgi7Q.cer (raw, json)
Hash identifier:          w7R9WDx1YSjD4P4HssrbrTxybTOdNsfQWQ35vD1RaaI=
Subject key identifier:   3D:32:57:A4:CC:2D:98:9B:31:26:D8:B2:CF:DB:BC:20:15:E0:8B:B4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC348F135AC701998C02B19E135526E89
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/02/f5b954-65b9-437a-b499-9c28e1cd197e/1/PTJXpMwtmJsxJtiyz9u8IBXgi7Q.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/02/f5b954-65b9-437a-b499-9c28e1cd197e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:29:46 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.230.237.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f1:35:ac:70:19:98:c0:2b:19:e1:35:52:6e:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d3257a4cc2d989b3126d8b2cfdbbc2015e08bb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:8c:a7:c1:b3:15:15:fe:21:64:70:c4:13:53:
                    28:c9:8a:f7:ae:43:76:ee:41:f9:3f:36:b5:e7:21:
                    25:d4:a5:6b:ba:ce:2b:7e:58:83:8f:5d:9b:9a:db:
                    54:2c:eb:d8:aa:db:af:4b:a5:39:86:26:ea:3c:7c:
                    0a:d3:fc:42:8c:14:a2:53:1d:4a:71:ad:1b:a6:d3:
                    7f:c1:01:6d:24:39:3b:c1:90:15:74:8d:36:76:87:
                    bd:a9:2e:01:83:66:3c:0b:39:61:3b:15:e0:a1:e6:
                    53:ce:b0:22:98:e1:2a:8f:75:24:5e:51:59:4e:22:
                    90:38:62:28:2c:8b:cf:94:a7:61:ec:89:fa:e9:c5:
                    70:fd:9c:fe:9d:c7:e2:a7:fc:da:ca:25:f4:eb:b0:
                    31:aa:f1:3c:be:a6:6f:22:9a:a3:04:f0:ff:8e:ea:
                    cd:b2:d2:f3:89:23:b8:09:d5:2a:42:31:67:1c:51:
                    61:1c:1e:af:c8:fe:ca:c6:00:ef:17:9a:35:b5:d0:
                    38:39:eb:87:d5:b7:87:84:ff:fe:45:27:ca:ce:9e:
                    6b:29:c0:c2:84:12:b5:ac:f8:a8:18:1d:10:85:50:
                    70:46:c9:38:7e:64:2e:26:09:9e:0f:64:5d:b5:36:
                    63:a4:24:e1:61:b2:bd:56:c6:3a:f2:9d:e5:97:f4:
                    1b:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:32:57:A4:CC:2D:98:9B:31:26:D8:B2:CF:DB:BC:20:15:E0:8B:B4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f5b954-65b9-437a-b499-9c28e1cd197e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f5b954-65b9-437a-b499-9c28e1cd197e/1/PTJXpMwtmJsxJtiyz9u8IBXgi7Q.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:33:f7:17:46:93:95:fe:67:84:65:3d:73:42:41:de:e6:5b:
         2f:bc:b7:c0:b0:a7:39:0a:40:7c:bd:17:a8:c8:e0:63:28:06:
         6f:07:af:9c:da:20:7b:4a:c7:4c:e1:44:ff:db:1f:3c:89:db:
         43:04:9d:98:5b:12:89:d7:29:0d:bd:4a:07:66:93:91:92:d3:
         54:89:d0:46:c4:aa:b9:6d:62:d6:a3:d2:f8:c6:39:3c:17:c0:
         93:1c:fc:b6:af:3d:38:a4:33:02:cd:60:bf:b3:4f:4c:e6:75:
         1a:17:ba:00:af:eb:8b:cf:92:fa:aa:73:b0:3d:60:00:5c:01:
         da:74:52:f1:5f:2d:17:c7:33:a7:5c:29:01:14:30:0c:11:f4:
         58:b8:9f:52:cd:cd:b1:d0:c8:85:d1:a9:f8:1b:5a:c6:77:61:
         f4:bd:e2:9a:48:4c:2b:9a:5a:dc:87:ca:7b:93:84:79:11:70:
         83:9f:78:77:a7:53:1c:9a:ba:38:42:88:40:be:9f:79:f0:0e:
         64:0a:0c:3a:47:fc:80:4d:76:6b:16:70:c2:a8:34:80:d9:4c:
         8f:96:6c:87:42:02:39:02:9c:50:9f:70:75:fc:55:51:8b:d0:
         4d:a5:1c:1a:ba:ea:54:d1:20:1b:8e:52:56:5a:4a:30:07:fb:
         8d:b5:0e:34
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzDSPE1rHAZmMArGeE1Um6JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDMyNTdhNGNjMmQ5ODliMzEyNmQ4YjJjZmRiYmMyMDE1ZTA4YmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1oynwbMVFf4hZHDEE1MoyYr3rkN2
7kH5Pza15yEl1KVrus4rfliDj12bmttULOvYqtuvS6U5hibqPHwK0/xCjBSiUx1K
ca0bptN/wQFtJDk7wZAVdI02doe9qS4Bg2Y8CzlhOxXgoeZTzrAimOEqj3UkXlFZ
TiKQOGIoLIvPlKdh7In66cVw/Zz+ncfip/zayiX067AxqvE8vqZvIpqjBPD/jurN
stLziSO4CdUqQjFnHFFhHB6vyP7KxgDvF5o1tdA4OeuH1beHhP/+RSfKzp5rKcDC
hBK1rPioGB0QhVBwRsk4fmQuJgmeD2RdtTZjpCThYbK9VsY68p3ll/QbkQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFD0yV6TMLZibMSbYss/bvCAV4Iu0MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzAyL2Y1Yjk1
NC02NWI5LTQzN2EtYjQ5OS05YzI4ZTFjZDE5N2UvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDIvZjViOTU0
LTY1YjktNDM3YS1iNDk5LTljMjhlMWNkMTk3ZS8xL1BUSlhwTXd0bUpzeEp0aXl6
OXU4SUJYZ2k3US5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW+btMA0GCSqGSIb3DQEBCwUAA4IBAQAQM/cX
RpOV/meEZT1zQkHe5lsvvLfAsKc5CkB8vReoyOBjKAZvB6+c2iB7SsdM4UT/2x88
idtDBJ2YWxKJ1ykNvUoHZpORktNUidBGxKq5bWLWo9L4xjk8F8CTHPy2rz04pDMC
zWC/s09M5nUaF7oAr+uLz5L6qnOwPWAAXAHadFLxXy0XxzOnXCkBFDAMEfRYuJ9S
zc2x0MiF0an4G1rGd2H0veKaSEwrmlrch8p7k4R5EXCDn3h3p1Mcmro4QohAvp95
8A5kCgw6R/yATXZrFnDCqDSA2UyPlmyHQgI5ApxQn3B1/FVRi9BNpRwauupU0SAb
jlJWWkowB/uNtQ40
-----END CERTIFICATE-----