Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/PZquhEPMof7teX2aiS-DMhA4wPc.cer
File:                     PZquhEPMof7teX2aiS-DMhA4wPc.cer (raw, json)
Hash identifier:          56Z0dh5K8UQaSCIMgQ7uyjhpAatTAxBswgTNM1+HlT8=
Subject key identifier:   3D:9A:AE:84:43:CC:A1:FE:ED:79:7D:9A:89:2F:83:32:10:38:C0:F7
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC500C0AF428A2ACA7C76ADA8A6141C67
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a8/b35797-8134-4bb7-90dd-287d36dbf5ee/1/PZquhEPMof7teX2aiS-DMhA4wPc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a8/b35797-8134-4bb7-90dd-287d36dbf5ee/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:30:10 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.247.254.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:c0:af:42:8a:2a:ca:7c:76:ad:a8:a6:14:1c:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d9aae8443cca1feed797d9a892f83321038c0f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:18:58:85:a2:85:3d:69:9b:76:c5:ea:af:ca:
                    76:48:8c:b5:68:39:40:3a:3f:a1:67:b4:02:be:ac:
                    b5:cc:23:70:6f:02:5c:a1:1d:9f:b0:1e:58:1e:b1:
                    06:5e:f5:b8:0e:cd:7a:db:e2:39:2d:53:34:1e:dd:
                    bc:b6:1d:87:12:6f:4f:76:21:0a:ca:ec:a3:39:bc:
                    98:be:ff:81:87:27:24:7b:64:7f:22:90:55:f4:c2:
                    55:d9:90:bb:e3:b1:73:51:7a:48:82:13:53:e0:50:
                    c6:73:56:d4:d2:17:1e:98:62:ed:df:39:91:a3:09:
                    4c:13:cc:39:02:3a:34:d5:78:b6:da:0c:b0:c0:de:
                    b1:56:ab:1f:3a:96:52:e6:74:ca:ef:25:08:93:f8:
                    70:03:36:c7:35:b4:ef:7d:2f:c5:50:bd:c3:44:12:
                    7f:0b:c3:69:94:ab:48:94:fd:d7:56:93:dd:c3:36:
                    ea:e3:cf:9d:57:43:e9:c2:0a:91:65:fe:df:2a:07:
                    f8:45:80:42:01:80:9e:52:c6:55:48:18:3e:46:89:
                    10:ea:9e:e9:df:e8:da:96:d0:1e:c1:3f:65:fc:62:
                    35:4c:e6:b7:4a:00:b0:63:a8:50:6f:c5:69:ee:ce:
                    05:04:fd:ce:90:60:d8:f9:e1:10:43:2a:b7:7b:9d:
                    94:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:9A:AE:84:43:CC:A1:FE:ED:79:7D:9A:89:2F:83:32:10:38:C0:F7
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/b35797-8134-4bb7-90dd-287d36dbf5ee/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/b35797-8134-4bb7-90dd-287d36dbf5ee/1/PZquhEPMof7teX2aiS-DMhA4wPc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.247.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:86:4c:59:9f:38:57:de:16:2e:65:fc:61:0e:bd:6c:8b:35:
         87:5a:f2:6c:e6:8b:12:ab:58:f7:b1:6a:69:27:c0:0c:64:8b:
         e5:a0:ff:a5:8b:d5:fc:3c:e1:ef:ec:16:88:18:0f:9b:17:bb:
         98:12:64:ef:af:45:73:8f:1e:fa:bd:29:dd:e9:79:c1:71:66:
         65:25:e1:6a:5e:d8:6e:33:21:c8:4f:2c:f3:0e:12:3f:0f:8a:
         8c:e8:cc:3a:35:6a:7d:d8:58:bd:4f:35:f4:f3:90:57:66:07:
         8a:17:93:87:38:10:59:39:d9:8f:13:27:ca:c5:e0:db:ab:69:
         5a:66:e6:7f:9b:7c:b6:b2:12:db:78:14:4b:b5:20:5c:78:3a:
         ba:97:88:04:25:f7:10:bd:8c:73:f2:33:0d:45:2d:ff:27:93:
         ce:37:00:ee:01:74:4f:30:44:e8:12:d0:7e:6b:83:e9:ab:6a:
         60:a4:6d:8e:70:f5:94:b0:e2:f3:ad:c6:29:d4:1f:01:32:a0:
         ce:06:86:92:b2:9f:5e:39:73:2c:7f:e4:b9:7a:49:0b:79:32:
         09:b3:86:cb:21:62:53:ef:5c:d5:c3:c3:37:9c:ab:3c:8c:d7:
         6f:c0:59:8a:0b:37:e8:e0:c9:51:98:db:30:e4:e1:05:dd:6e:
         b8:ed:ee:04
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzFAMCvQooqynx2raimFBxnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDlhYWU4NDQzY2NhMWZlZWQ3OTdkOWE4OTJmODMzMjEwMzhjMGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxhYhaKFPWmbdsXqr8p2SIy1aDlA
Oj+hZ7QCvqy1zCNwbwJcoR2fsB5YHrEGXvW4Ds162+I5LVM0Ht28th2HEm9PdiEK
yuyjObyYvv+Bhycke2R/IpBV9MJV2ZC747FzUXpIghNT4FDGc1bU0hcemGLt3zmR
owlME8w5Ajo01Xi22gywwN6xVqsfOpZS5nTK7yUIk/hwAzbHNbTvfS/FUL3DRBJ/
C8NplKtIlP3XVpPdwzbq48+dV0PpwgqRZf7fKgf4RYBCAYCeUsZVSBg+RokQ6p7p
3+jaltAewT9l/GI1TOa3SgCwY6hQb8Vp7s4FBP3OkGDY+eEQQyq3e52UWwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFD2aroRDzKH+7Xl9mokvgzIQOMD3MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2E4L2IzNTc5
Ny04MTM0LTRiYjctOTBkZC0yODdkMzZkYmY1ZWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTgvYjM1Nzk3
LTgxMzQtNGJiNy05MGRkLTI4N2QzNmRiZjVlZS8xL1BacXVoRVBNb2Y3dGVYMmFp
Uy1ETWhBNHdQYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwff+MA0GCSqGSIb3DQEBCwUAA4IBAQBohkxZ
nzhX3hYuZfxhDr1sizWHWvJs5osSq1j3sWppJ8AMZIvloP+li9X8POHv7BaIGA+b
F7uYEmTvr0Vzjx76vSnd6XnBcWZlJeFqXthuMyHITyzzDhI/D4qM6Mw6NWp92Fi9
TzX085BXZgeKF5OHOBBZOdmPEyfKxeDbq2laZuZ/m3y2shLbeBRLtSBceDq6l4gE
JfcQvYxz8jMNRS3/J5PONwDuAXRPMEToEtB+a4Ppq2pgpG2OcPWUsOLzrcYp1B8B
MqDOBoaSsp9eOXMsf+S5ekkLeTIJs4bLIWJT71zVw8M3nKs8jNdvwFmKCzfo4MlR
mNsw5OEF3W647e4E
-----END CERTIFICATE-----