Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/PsLCDWs6z4SALCt8oHIt63LGcLs.cer
File:                     PsLCDWs6z4SALCt8oHIt63LGcLs.cer (raw, json)
Hash identifier:          Xl8iWQNSh7419W1PB+/MlGT1lS7C/Qaer9kXWH9DbXM=
Subject key identifier:   3E:C2:C2:0D:6B:3A:CF:84:80:2C:2B:7C:A0:72:2D:EB:72:C6:70:BB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5002D0CCBAF6D1D85D3D9FA8809A265
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/10/2710b0-6c4a-4a94-b92a-b1cefc995379/1/PsLCDWs6z4SALCt8oHIt63LGcLs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/10/2710b0-6c4a-4a94-b92a-b1cefc995379/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:29:32 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 195.211.167.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:2d:0c:cb:af:6d:1d:85:d3:d9:fa:88:09:a2:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ec2c20d6b3acf84802c2b7ca0722deb72c670bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:68:8b:a6:9e:de:86:8a:d2:ab:97:86:ce:68:
                    ca:f7:b0:40:25:99:d1:8e:db:ba:78:3d:e9:b3:12:
                    87:83:dc:57:50:4c:d0:19:b5:e6:77:2c:82:10:1e:
                    66:b1:2e:fe:5d:a7:51:b0:1b:ee:b8:5d:84:46:bb:
                    bc:16:76:c6:96:45:13:fe:67:33:79:10:ac:8d:98:
                    3c:1f:63:9b:99:6d:8e:99:17:c1:e7:f9:e6:f9:0b:
                    f1:86:6d:8f:9f:50:30:54:cc:e9:7a:9d:49:14:0b:
                    aa:4a:86:f0:2d:42:66:7f:9a:b6:8b:02:d9:b4:00:
                    54:2e:02:0c:9d:c6:69:47:28:37:58:68:b7:87:06:
                    72:09:40:98:ab:14:e7:97:9b:60:22:1a:30:ff:8b:
                    aa:65:72:2a:88:d9:7e:00:97:91:fe:a7:e1:8c:77:
                    ee:a2:c1:fd:73:9a:e3:7e:1e:08:e3:c9:4e:0f:4f:
                    21:37:d6:65:5e:48:b9:b6:db:72:86:a1:6f:f0:d1:
                    ab:48:09:07:81:ef:a5:df:f5:92:6b:03:e8:40:60:
                    67:de:1c:9a:de:e8:d0:c9:59:46:78:d8:86:88:99:
                    5d:73:2a:41:8b:5c:43:a1:6c:87:a6:c2:a7:92:34:
                    2b:0b:a6:3c:d8:a1:21:4f:16:57:e1:c6:0c:a1:1a:
                    63:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:C2:C2:0D:6B:3A:CF:84:80:2C:2B:7C:A0:72:2D:EB:72:C6:70:BB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/2710b0-6c4a-4a94-b92a-b1cefc995379/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/2710b0-6c4a-4a94-b92a-b1cefc995379/1/PsLCDWs6z4SALCt8oHIt63LGcLs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.211.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:2b:e6:db:77:ef:6d:41:55:d5:df:a3:15:b9:a7:a1:98:21:
         db:5d:92:ea:fa:0b:30:2b:d7:ed:13:b4:69:2e:a4:e3:b1:b2:
         9a:67:91:99:02:4c:63:1e:ad:0b:e1:f4:73:b3:5d:25:b9:78:
         e7:bc:28:f8:28:21:27:99:9c:8e:53:c2:27:90:96:f7:c5:f7:
         28:bd:3c:68:ce:50:13:72:61:5f:fb:5e:27:2f:80:8c:7c:38:
         d7:3e:8d:9f:38:da:2b:ef:08:7e:71:08:ce:87:de:69:b0:fc:
         d5:04:db:60:f2:35:c2:65:cc:09:73:13:0c:5e:00:93:ac:ef:
         59:4e:fa:55:16:2e:cb:1e:91:4b:2f:79:29:6c:9b:e0:1f:ad:
         f3:87:97:1b:e4:15:85:78:32:9a:43:fa:c1:c0:e5:7b:5d:62:
         bb:8f:99:6b:c1:13:2e:76:d1:77:a3:cf:97:1f:c8:58:53:b5:
         ea:c7:cb:4f:0b:04:a2:93:6a:69:1e:bd:5e:66:4a:68:50:01:
         81:54:04:be:31:3e:ac:01:9a:95:3d:32:e2:b4:3a:18:d3:e0:
         2b:27:66:c5:7b:d0:94:d8:82:78:2f:5a:38:13:72:24:02:ee:
         e7:01:59:70:9e:b5:ca:0a:cd:bd:41:0f:70:a1:f0:5d:26:39:
         35:fa:d6:05
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzFAC0My69tHYXT2fqICaJlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWMyYzIwZDZiM2FjZjg0ODAyYzJiN2NhMDcyMmRlYjcyYzY3MGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2iLpp7ehorSq5eGzmjK97BAJZnR
jtu6eD3psxKHg9xXUEzQGbXmdyyCEB5msS7+XadRsBvuuF2ERru8FnbGlkUT/mcz
eRCsjZg8H2ObmW2OmRfB5/nm+Qvxhm2Pn1AwVMzpep1JFAuqSobwLUJmf5q2iwLZ
tABULgIMncZpRyg3WGi3hwZyCUCYqxTnl5tgIhow/4uqZXIqiNl+AJeR/qfhjHfu
osH9c5rjfh4I48lOD08hN9ZlXki5tttyhqFv8NGrSAkHge+l3/WSawPoQGBn3hya
3ujQyVlGeNiGiJldcypBi1xDoWyHpsKnkjQrC6Y82KEhTxZX4cYMoRpj/wIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFD7Cwg1rOs+EgCwrfKByLetyxnC7MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEwLzI3MTBi
MC02YzRhLTRhOTQtYjkyYS1iMWNlZmM5OTUzNzkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTAvMjcxMGIw
LTZjNGEtNGE5NC1iOTJhLWIxY2VmYzk5NTM3OS8xL1BzTENEV3M2ejRTQUxDdDhv
SEl0NjNMR2NMcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAw9OnMA0GCSqGSIb3DQEBCwUAA4IBAQAzK+bb
d+9tQVXV36MVuaehmCHbXZLq+gswK9ftE7RpLqTjsbKaZ5GZAkxjHq0L4fRzs10l
uXjnvCj4KCEnmZyOU8InkJb3xfcovTxozlATcmFf+14nL4CMfDjXPo2fONor7wh+
cQjOh95psPzVBNtg8jXCZcwJcxMMXgCTrO9ZTvpVFi7LHpFLL3kpbJvgH63zh5cb
5BWFeDKaQ/rBwOV7XWK7j5lrwRMudtF3o8+XH8hYU7Xqx8tPCwSik2ppHr1eZkpo
UAGBVAS+MT6sAZqVPTLitDoY0+ArJ2bFe9CU2IJ4L1o4E3IkAu7nAVlwnrXKCs29
QQ9wofBdJjk1+tYF
-----END CERTIFICATE-----