Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/PUPPQPaR8Us1ymVwMpNIAgBc-og.cer
File:                     PUPPQPaR8Us1ymVwMpNIAgBc-og.cer (raw, json)
Hash identifier:          +OLMD1w3pWZLL/mrPodWwd/pl4Xqd2IkxYmZsaQEniI=
Subject key identifier:   3D:43:CF:40:F6:91:F1:4B:35:CA:65:70:32:93:48:02:00:5C:FA:88
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC424726001ED51CFE610A412DBB2F953
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/28/43f7ac-6788-490b-9b3b-07fb6171f18f/1/PUPPQPaR8Us1ymVwMpNIAgBc-og.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/28/43f7ac-6788-490b-9b3b-07fb6171f18f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 08:29:32 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.200.61.0/24
                          IP: 2001:67c:1270::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:72:60:01:ed:51:cf:e6:10:a4:12:db:b2:f9:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 08:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d43cf40f691f14b35ca657032934802005cfa88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:de:2e:ab:ee:0a:4b:c0:96:4a:f0:48:12:66:
                    52:b9:9d:5b:40:3c:1c:95:61:03:0f:c1:3e:54:d7:
                    ed:be:65:24:38:59:62:7a:c7:8b:16:57:7d:3f:81:
                    40:4f:2a:f0:13:b1:f3:2b:26:ea:7a:02:1a:6b:8b:
                    98:85:c1:f7:f1:82:c6:4c:68:67:c7:13:2d:46:d1:
                    0b:ae:b4:69:c2:6f:6e:ed:13:31:1f:da:32:7e:93:
                    73:62:99:b6:82:4c:b0:7f:22:78:2c:2d:fe:df:77:
                    97:89:44:4f:2a:00:75:28:38:44:5e:f9:f7:e1:bc:
                    47:3a:82:bd:e2:6b:39:56:b8:64:a6:9b:90:b0:50:
                    1f:9a:5f:f7:e6:c6:f9:ae:05:2b:07:19:a9:0b:da:
                    b8:74:9d:c2:c2:d4:be:50:14:0a:5d:60:b8:84:95:
                    9a:7b:8e:08:18:bc:52:7b:45:20:43:ed:72:8d:2f:
                    4d:33:ab:1e:09:a9:d3:ff:53:c7:8c:bc:48:89:f5:
                    d4:ed:bf:ab:cd:9c:84:a3:1f:66:4c:2c:0f:c8:60:
                    5e:1c:af:43:43:f2:ae:ad:d4:0f:c9:e5:7e:e4:e9:
                    09:a6:51:a4:05:d1:40:52:25:e5:80:95:db:36:ed:
                    f5:24:6a:f0:77:77:8e:9d:99:d8:48:31:17:ef:9d:
                    88:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:43:CF:40:F6:91:F1:4B:35:CA:65:70:32:93:48:02:00:5C:FA:88
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/43f7ac-6788-490b-9b3b-07fb6171f18f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/43f7ac-6788-490b-9b3b-07fb6171f18f/1/PUPPQPaR8Us1ymVwMpNIAgBc-og.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.61.0/24
                IPv6:
                  2001:67c:1270::/48

    Signature Algorithm: sha256WithRSAEncryption
         45:3d:6b:7d:63:e1:2d:4d:16:c0:cb:66:47:57:dc:60:8e:65:
         5e:7a:ec:75:9b:5f:b3:0f:d0:eb:1d:16:db:60:7d:f6:08:d5:
         ff:c1:a3:4e:32:0b:0b:a4:f2:56:8b:d3:96:04:7e:b9:ab:01:
         e6:a9:8c:0c:95:0c:8a:92:50:33:5c:45:e8:90:5c:7d:b7:0e:
         ad:c8:1f:2b:54:13:7b:a0:8d:64:76:0f:95:47:8c:0f:e2:c7:
         9b:84:a6:d2:3d:17:ac:3d:f0:b3:8f:d3:04:56:c7:96:b6:a1:
         ab:c7:5b:30:20:c3:af:53:f2:b8:a6:7e:cd:af:22:21:a8:fd:
         04:5b:ff:66:6e:53:bb:f7:2b:40:4e:27:0b:8f:ba:d5:a1:12:
         cb:b3:a5:a0:41:da:e3:25:9d:e4:ed:0c:8e:ec:b7:ad:85:15:
         75:0e:18:5e:66:a6:49:c0:dd:e1:b8:a7:20:e4:c0:86:15:1d:
         6f:8f:f8:2f:5a:96:d9:23:f1:5c:2c:18:bf:c1:b0:9a:00:77:
         86:cd:bb:10:0f:6b:1c:03:d1:3c:cf:57:cf:85:8e:87:88:73:
         07:1e:03:1d:ba:fc:97:58:e5:2e:05:d1:bd:59:36:34:27:54:
         a8:f4:d9:ae:99:39:61:9b:d4:7a:0f:65:ab:92:6b:2f:5f:b4:
         25:99:fa:d1
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgISAYzEJHJgAe1Rz+YQpBLbsvlTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDgyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDQzY2Y0MGY2OTFmMTRiMzVjYTY1NzAzMjkzNDgwMjAwNWNmYTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8t4uq+4KS8CWSvBIEmZSuZ1bQDwc
lWEDD8E+VNftvmUkOFlieseLFld9P4FATyrwE7HzKybqegIaa4uYhcH38YLGTGhn
xxMtRtELrrRpwm9u7RMxH9oyfpNzYpm2gkywfyJ4LC3+33eXiURPKgB1KDhEXvn3
4bxHOoK94ms5VrhkppuQsFAfml/35sb5rgUrBxmpC9q4dJ3CwtS+UBQKXWC4hJWa
e44IGLxSe0UgQ+1yjS9NM6seCanT/1PHjLxIifXU7b+rzZyEox9mTCwPyGBeHK9D
Q/KurdQPyeV+5OkJplGkBdFAUiXlgJXbNu31JGrwd3eOnZnYSDEX752IJwIDAQAB
o4IClTCCApEwHQYDVR0OBBYEFD1Dz0D2kfFLNcplcDKTSAIAXPqIMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzI4LzQzZjdh
Yy02Nzg4LTQ5MGItOWIzYi0wN2ZiNjE3MWYxOGYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjgvNDNmN2Fj
LTY3ODgtNDkwYi05YjNiLTA3ZmI2MTcxZjE4Zi8xL1BVUFBRUGFSOFVzMXltVndN
cE5JQWdCYy1vZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUF
BwEHAQH/BCEwHzAMBAIAATAGAwQAW8g9MA8EAgACMAkDBwAgAQZ8EnAwDQYJKoZI
hvcNAQELBQADggEBAEU9a31j4S1NFsDLZkdX3GCOZV567HWbX7MP0OsdFttgffYI
1f/Bo04yCwuk8laL05YEfrmrAeapjAyVDIqSUDNcReiQXH23Dq3IHytUE3ugjWR2
D5VHjA/ix5uEptI9F6w98LOP0wRWx5a2oavHWzAgw69T8rimfs2vIiGo/QRb/2Zu
U7v3K0BOJwuPutWhEsuzpaBB2uMlneTtDI7st62FFXUOGF5mpknA3eG4pyDkwIYV
HW+P+C9altkj8VwsGL/BsJoAd4bNuxAPaxwD0TzPV8+FjoeIcwceAx26/JdY5S4F
0b1ZNjQnVKj02a6ZOWGb1HoPZauSay9ftCWZ+tE=
-----END CERTIFICATE-----