Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Pq0ZCWsO4ID-Q4EFALcYqUf-0ik.cer
File:                     Pq0ZCWsO4ID-Q4EFALcYqUf-0ik.cer (raw, json)
Hash identifier:          gw+ScAHFxqf4B9v8okXQCnAqHJ3e4Q4Dfct1Z6O8098=
Subject key identifier:   3E:AD:19:09:6B:0E:E0:80:FE:43:81:05:00:B7:18:A9:47:FE:D2:29
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC94E2AF6566B6A27D0563D4B1ADA4FFD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/13/63bb79-93b0-499f-978d-10fe44726908/1/Pq0ZCWsO4ID-Q4EFALcYqUf-0ik.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/13/63bb79-93b0-499f-978d-10fe44726908/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 08:33:12 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.108.136.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:2a:f6:56:6b:6a:27:d0:56:3d:4b:1a:da:4f:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ead19096b0ee080fe43810500b718a947fed229
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:8f:c5:49:1f:b1:c9:e8:2a:66:43:14:68:01:
                    f8:24:c2:d2:d6:51:a6:7d:7b:6f:1c:0b:3b:a7:00:
                    7b:1b:f1:5a:9d:96:f0:9b:90:d3:ac:90:85:08:9b:
                    0b:b4:a5:de:a5:24:e7:fd:21:cc:cf:02:52:81:79:
                    ce:fa:ec:ef:30:f2:2f:f4:93:8f:67:b7:c2:f2:e7:
                    77:0c:2d:6a:f4:14:cd:78:3e:a7:95:83:e1:9d:cb:
                    5f:87:eb:5b:d3:2d:a6:05:a6:7b:ed:b9:9b:82:13:
                    3d:f6:8f:46:5b:bd:b4:e6:b7:1f:06:63:6b:5b:7c:
                    8f:06:99:ed:bc:e6:c5:ba:46:0d:5e:98:d8:9b:ea:
                    b5:8f:f7:30:0b:d8:99:cd:99:cf:bc:f2:07:17:e6:
                    a7:5a:fc:c0:57:96:c9:0b:99:e7:fa:d7:c3:95:e0:
                    0c:f6:3e:b9:3f:c7:6b:7d:f8:1d:70:88:e2:be:27:
                    bb:d2:21:19:8d:e1:13:cf:2c:16:d1:52:b9:ad:b1:
                    89:ec:81:fb:7c:f4:39:37:76:ac:88:5a:96:34:e2:
                    81:74:08:0f:18:98:bc:95:53:5c:a0:91:ff:30:c1:
                    a9:5d:16:f7:79:d8:22:f0:23:2a:ff:79:fd:cc:a5:
                    2d:f8:8b:3c:60:2e:e4:f6:88:66:15:f7:07:8b:f7:
                    1a:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:AD:19:09:6B:0E:E0:80:FE:43:81:05:00:B7:18:A9:47:FE:D2:29
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/63bb79-93b0-499f-978d-10fe44726908/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/63bb79-93b0-499f-978d-10fe44726908/1/Pq0ZCWsO4ID-Q4EFALcYqUf-0ik.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:0b:aa:0d:8f:08:03:c4:1e:89:83:76:4e:5f:41:bb:66:2a:
         5c:5c:75:b1:47:71:61:93:b4:06:f3:a8:44:87:51:16:14:36:
         3c:a0:1d:e2:f3:42:90:c3:46:77:8c:31:7a:9e:77:68:9c:18:
         47:53:2e:b3:bc:7f:49:1e:8f:c8:41:31:f2:c4:76:aa:1c:b0:
         b3:cf:58:08:1d:e6:2c:9b:db:b6:b6:8f:32:a7:58:2b:31:d1:
         8c:2e:17:ec:ad:39:00:9c:ee:9f:6e:5e:d7:ab:f7:a6:f1:79:
         30:2e:61:1e:2d:b8:e0:1d:9e:d8:13:2a:5b:dc:72:4f:2d:36:
         d0:a9:05:b0:10:0b:3a:16:27:70:be:73:55:78:64:ef:c0:a5:
         2f:b1:74:b7:a1:50:cd:05:a3:18:d6:26:2b:a3:e6:e4:84:ff:
         13:ef:3e:3e:61:e1:ca:98:4b:a3:1d:9b:89:34:72:d9:01:79:
         81:3a:8d:9b:54:31:7d:ee:f4:1b:16:f0:d3:01:1d:3f:9b:cd:
         08:7c:6a:a2:56:25:73:4d:2c:f1:00:9a:a8:ae:b4:8c:3a:b0:
         43:61:42:b9:f1:b6:89:1d:5b:db:9b:17:29:54:a3:0c:1d:36:
         b1:f7:a8:c7:80:7a:89:4e:b7:31:9d:10:ef:ac:4d:a2:ed:c2:
         1d:23:6e:a4
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzJTir2VmtqJ9BWPUsa2k/9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDgzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWFkMTkwOTZiMGVlMDgwZmU0MzgxMDUwMGI3MThhOTQ3ZmVkMjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Y/FSR+xyegqZkMUaAH4JMLS1lGm
fXtvHAs7pwB7G/FanZbwm5DTrJCFCJsLtKXepSTn/SHMzwJSgXnO+uzvMPIv9JOP
Z7fC8ud3DC1q9BTNeD6nlYPhnctfh+tb0y2mBaZ77bmbghM99o9GW7205rcfBmNr
W3yPBpntvObFukYNXpjYm+q1j/cwC9iZzZnPvPIHF+anWvzAV5bJC5nn+tfDleAM
9j65P8drffgdcIjivie70iEZjeETzywW0VK5rbGJ7IH7fPQ5N3asiFqWNOKBdAgP
GJi8lVNcoJH/MMGpXRb3edgi8CMq/3n9zKUt+Is8YC7k9ohmFfcHi/caDwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFD6tGQlrDuCA/kOBBQC3GKlH/tIpMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEzLzYzYmI3
OS05M2IwLTQ5OWYtOTc4ZC0xMGZlNDQ3MjY5MDgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTMvNjNiYjc5
LTkzYjAtNDk5Zi05NzhkLTEwZmU0NDcyNjkwOC8xL1BxMFpDV3NPNElELVE0RUZB
TGNZcVVmLTBpay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBwWyIMA0GCSqGSIb3DQEBCwUAA4IBAQBuC6oN
jwgDxB6Jg3ZOX0G7ZipcXHWxR3Fhk7QG86hEh1EWFDY8oB3i80KQw0Z3jDF6nndo
nBhHUy6zvH9JHo/IQTHyxHaqHLCzz1gIHeYsm9u2to8yp1grMdGMLhfsrTkAnO6f
bl7Xq/em8XkwLmEeLbjgHZ7YEypb3HJPLTbQqQWwEAs6FidwvnNVeGTvwKUvsXS3
oVDNBaMY1iYro+bkhP8T7z4+YeHKmEujHZuJNHLZAXmBOo2bVDF97vQbFvDTAR0/
m80IfGqiViVzTSzxAJqorrSMOrBDYUK58baJHVvbmxcpVKMMHTax96jHgHqJTrcx
nRDvrE2i7cIdI26k
-----END CERTIFICATE-----