Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Q2x6o1AoJaaLN0W7PWBycx_lhyw.cer
File:                     Q2x6o1AoJaaLN0W7PWBycx_lhyw.cer (raw, json)
Hash identifier:          +lRJy34WVyX8Y7c94PJF39mwobolYlWHGnpYCfyrJ/A=
Subject key identifier:   43:6C:7A:A3:50:28:25:A6:8B:37:45:BB:3D:60:72:73:1F:E5:87:2C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018D360FEAA1A6EFDD1F0F5D76A8CBBEBAC1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/86/48a620-d0b7-4bb7-848d-d6bfccaa2034/1/Q2x6o1AoJaaLN0W7PWBycx_lhyw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/86/48a620-d0b7-4bb7-848d-d6bfccaa2034/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 23 Jan 2024 11:23:49 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.167.208.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:36:0f:ea:a1:a6:ef:dd:1f:0f:5d:76:a8:cb:be:ba:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 23 11:23:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=436c7aa3502825a68b3745bb3d6072731fe5872c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:cb:33:ab:f0:df:d6:88:df:27:32:5f:e8:da:
                    6b:05:0e:66:bc:e7:a2:57:a6:ae:ac:ec:13:6d:ea:
                    f0:d2:2e:7d:c7:82:a9:34:af:d2:89:46:4b:0e:10:
                    c9:59:d9:f6:a7:0a:ff:09:6e:c6:8d:5f:c2:b1:49:
                    e2:43:ed:70:5f:8c:ca:22:9c:a6:ed:25:10:a8:c9:
                    39:58:d9:77:e2:be:5f:d5:b3:a9:ca:86:94:3b:c3:
                    c1:3f:b2:c7:a0:bf:5c:e9:b3:56:ac:6e:08:d6:7a:
                    08:85:10:5f:e9:19:71:bf:b4:39:7f:8f:ca:da:99:
                    9d:20:01:e9:cf:e4:58:f9:0d:d9:4d:b8:5c:2c:77:
                    58:ce:9b:0d:7c:5f:b2:09:be:3b:2c:b2:02:38:1f:
                    18:24:2f:46:f6:83:46:9a:68:ba:29:6c:af:01:59:
                    df:6d:10:17:6c:e9:ac:43:be:89:3d:70:cd:6a:62:
                    65:2a:19:42:8e:7a:d8:d7:29:44:7e:eb:de:8b:ee:
                    ad:e7:3c:81:c7:c2:e0:f6:77:a5:c3:18:a8:fe:7c:
                    3f:c9:54:3e:17:c6:16:b5:1c:99:4f:06:ac:41:26:
                    2f:6a:27:23:c8:32:0c:65:55:33:9a:7f:5a:3b:4c:
                    25:0f:2a:b4:7b:89:05:08:46:a1:36:59:8e:47:dc:
                    ee:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:6C:7A:A3:50:28:25:A6:8B:37:45:BB:3D:60:72:73:1F:E5:87:2C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/48a620-d0b7-4bb7-848d-d6bfccaa2034/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/48a620-d0b7-4bb7-848d-d6bfccaa2034/1/Q2x6o1AoJaaLN0W7PWBycx_lhyw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:e6:72:15:9a:60:67:15:a1:89:b9:48:b9:70:44:ce:98:15:
         a3:c2:c1:9d:ba:05:f1:0c:9b:40:7c:16:8e:24:82:5d:2e:5a:
         99:6a:1d:3c:e9:58:a9:87:ac:14:a5:21:a0:d3:05:39:6e:b1:
         fe:61:3a:34:fa:b0:de:db:c5:cc:2d:3a:c7:ed:1a:0c:3c:fe:
         83:ae:90:96:d7:60:2b:80:30:61:51:b4:39:03:be:0d:50:af:
         15:9b:aa:16:ad:b4:6f:a9:42:5b:52:aa:33:c2:92:0b:86:9f:
         49:60:ab:98:94:a2:84:a0:b9:77:46:4b:1a:01:66:79:fe:4a:
         40:56:5e:0b:03:28:c0:ef:d2:1a:56:6c:58:ff:77:99:73:dc:
         83:c0:cf:95:6c:4c:5f:37:57:8a:ab:db:79:d1:54:94:e9:9a:
         5e:5a:a3:b7:8e:74:e9:fe:9a:46:77:5e:e5:19:38:cd:fa:93:
         67:82:10:f0:60:a4:ec:2b:86:b3:d2:09:f1:9c:0a:8c:29:97:
         b6:f3:53:6f:82:1e:28:e1:e3:7d:14:bd:9b:be:62:14:4d:19:
         f9:dc:31:d6:8f:1f:80:c4:20:fa:27:42:7a:82:b0:c0:0c:6c:
         18:9e:79:0e:de:41:1d:2c:c1:43:9a:b2:dd:e3:0b:99:bd:32:
         6b:f2:f0:94
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAY02D+qhpu/dHw9ddqjLvrrBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTIzMTEyMzQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzZjN2FhMzUwMjgyNWE2OGIzNzQ1YmIzZDYwNzI3MzFmZTU4NzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Mszq/Df1ojfJzJf6NprBQ5mvOei
V6aurOwTberw0i59x4KpNK/SiUZLDhDJWdn2pwr/CW7GjV/CsUniQ+1wX4zKIpym
7SUQqMk5WNl34r5f1bOpyoaUO8PBP7LHoL9c6bNWrG4I1noIhRBf6Rlxv7Q5f4/K
2pmdIAHpz+RY+Q3ZTbhcLHdYzpsNfF+yCb47LLICOB8YJC9G9oNGmmi6KWyvAVnf
bRAXbOmsQ76JPXDNamJlKhlCjnrY1ylEfuvei+6t5zyBx8Lg9nelwxio/nw/yVQ+
F8YWtRyZTwasQSYvaicjyDIMZVUzmn9aO0wlDyq0e4kFCEahNlmOR9zukQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFENseqNQKCWmizdFuz1gcnMf5YcsMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg2LzQ4YTYy
MC1kMGI3LTRiYjctODQ4ZC1kNmJmY2NhYTIwMzQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODYvNDhhNjIw
LWQwYjctNGJiNy04NDhkLWQ2YmZjY2FhMjAzNC8xL1EyeDZvMUFvSmFhTE4wVzdQ
V0J5Y3hfbGh5dy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCuafQMA0GCSqGSIb3DQEBCwUAA4IBAQAf5nIV
mmBnFaGJuUi5cETOmBWjwsGdugXxDJtAfBaOJIJdLlqZah086Viph6wUpSGg0wU5
brH+YTo0+rDe28XMLTrH7RoMPP6DrpCW12ArgDBhUbQ5A74NUK8Vm6oWrbRvqUJb
UqozwpILhp9JYKuYlKKEoLl3RksaAWZ5/kpAVl4LAyjA79IaVmxY/3eZc9yDwM+V
bExfN1eKq9t50VSU6ZpeWqO3jnTp/ppGd17lGTjN+pNnghDwYKTsK4az0gnxnAqM
KZe281Nvgh4o4eN9FL2bvmIUTRn53DHWjx+AxCD6J0J6grDADGwYnnkO3kEdLMFD
mrLd4wuZvTJr8vCU
-----END CERTIFICATE-----