Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/R-Bd8kcXTNNQsa83gzMnx3Arj_8.cer
File:                     R-Bd8kcXTNNQsa83gzMnx3Arj_8.cer (raw, json)
Hash identifier:          P39bpxO3eOBnr0Cs5jgBKq4y38hDniOqCJq23GGhoD0=
Subject key identifier:   47:E0:5D:F2:47:17:4C:D3:50:B1:AF:37:83:33:27:C7:70:2B:8F:FF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018D59763CD42E0D55FC66E23C750ED4AA68
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e5/38c2e1-8a3f-40b1-8353-aec96f431018/1/R-Bd8kcXTNNQsa83gzMnx3Arj_8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e5/38c2e1-8a3f-40b1-8353-aec96f431018/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 30 Jan 2024 08:22:17 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 194.59.178.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:59:76:3c:d4:2e:0d:55:fc:66:e2:3c:75:0e:d4:aa:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 30 08:22:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47e05df247174cd350b1af37833327c7702b8fff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:2d:94:9f:c5:8e:7b:0d:02:22:ff:4a:ec:c3:
                    0d:4c:a5:97:a6:30:02:7c:05:3b:23:66:b3:e2:fc:
                    2e:b8:3e:80:f3:64:81:a2:9b:4d:63:0c:67:25:e0:
                    4f:f5:7b:00:e7:95:7b:d2:d0:73:02:76:43:9d:c0:
                    34:29:de:46:e8:c4:ff:e4:b7:59:68:f2:f2:5b:e9:
                    01:7c:6e:12:14:93:3b:3e:3b:20:eb:65:f6:c0:fe:
                    e5:f7:bf:71:39:49:ef:38:af:9d:8c:78:49:79:a0:
                    9b:b1:4a:cd:46:0f:27:75:df:5d:0d:21:4b:e0:72:
                    3e:1d:aa:9e:af:01:05:27:b3:ed:ae:74:09:00:aa:
                    c5:03:71:e2:73:aa:76:c3:cf:2a:f0:a2:78:e9:5b:
                    11:3c:46:48:68:fa:de:92:46:d2:40:23:e4:37:21:
                    ff:63:29:9c:c6:b8:f2:07:d6:f3:88:0e:b2:e9:ea:
                    08:7d:60:1e:8a:74:b4:77:69:46:6f:92:3c:31:09:
                    4d:36:f7:1a:b9:bb:da:ae:f7:52:22:b2:4c:b6:28:
                    60:b1:f7:3d:96:e4:c9:5f:25:cc:57:fe:6c:c7:e2:
                    29:de:bd:e4:78:63:c2:70:0f:ef:e3:90:43:7d:d7:
                    ac:79:ba:97:e4:68:8f:8f:d8:07:ce:fc:e0:d4:a5:
                    77:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:E0:5D:F2:47:17:4C:D3:50:B1:AF:37:83:33:27:C7:70:2B:8F:FF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/38c2e1-8a3f-40b1-8353-aec96f431018/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/38c2e1-8a3f-40b1-8353-aec96f431018/1/R-Bd8kcXTNNQsa83gzMnx3Arj_8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:b4:98:41:47:94:9a:34:89:19:06:b6:84:95:2b:45:eb:63:
         f0:eb:e1:21:21:ac:a9:9b:e9:bb:87:2e:44:54:20:67:bc:83:
         6f:ea:3d:24:15:bf:70:71:58:b7:78:71:64:65:52:26:8f:e9:
         cb:56:32:51:d0:f1:3b:7a:24:84:8f:8e:18:da:67:58:4f:32:
         6f:24:1a:c8:15:1a:4a:7f:cd:4d:0d:ce:68:49:6d:6a:4d:24:
         a7:c6:c7:3b:e8:8c:77:2c:12:68:7b:42:f1:83:15:56:53:5b:
         ae:53:39:45:c4:37:29:73:5f:f2:f0:f1:47:94:c4:eb:ac:cf:
         b4:c1:4b:98:59:aa:21:56:13:0d:4c:68:b5:66:81:1a:a6:cb:
         a2:d3:d8:67:d7:58:d5:28:ad:cb:d7:7a:a2:d4:d7:f6:11:bd:
         e5:6f:f5:48:e5:1a:95:3b:a1:47:8c:1f:1c:15:c0:ab:10:4e:
         93:89:17:71:96:0e:5a:e2:43:76:54:76:37:0e:72:66:6d:6a:
         2e:39:1c:33:09:60:fd:ad:00:de:0e:5a:b0:2d:5a:68:5f:fd:
         26:05:c5:54:39:a3:f8:d4:c7:9b:02:f0:df:74:e1:2e:ba:45:
         b0:51:3f:ae:45:d8:ad:f5:7e:4c:cf:1e:e7:66:cc:05:12:66:
         1b:cc:a1:54
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAY1ZdjzULg1V/GbiPHUO1KpoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTMwMDgyMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2UwNWRmMjQ3MTc0Y2QzNTBiMWFmMzc4MzMzMjdjNzcwMmI4ZmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzi2Un8WOew0CIv9K7MMNTKWXpjAC
fAU7I2az4vwuuD6A82SBoptNYwxnJeBP9XsA55V70tBzAnZDncA0Kd5G6MT/5LdZ
aPLyW+kBfG4SFJM7Pjsg62X2wP7l979xOUnvOK+djHhJeaCbsUrNRg8ndd9dDSFL
4HI+HaqerwEFJ7PtrnQJAKrFA3Hic6p2w88q8KJ46VsRPEZIaPrekkbSQCPkNyH/
YymcxrjyB9bziA6y6eoIfWAeinS0d2lGb5I8MQlNNvcaubvarvdSIrJMtihgsfc9
luTJXyXMV/5sx+Ip3r3keGPCcA/v45BDfdesebqX5GiPj9gHzvzg1KV3AwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFEfgXfJHF0zTULGvN4MzJ8dwK4//MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U1LzM4YzJl
MS04YTNmLTQwYjEtODM1My1hZWM5NmY0MzEwMTgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTUvMzhjMmUx
LThhM2YtNDBiMS04MzUzLWFlYzk2ZjQzMTAxOC8xL1ItQmQ4a2NYVE5OUXNhODNn
ek1ueDNBcmpfOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwjuyMA0GCSqGSIb3DQEBCwUAA4IBAQCGtJhB
R5SaNIkZBraElStF62Pw6+EhIaypm+m7hy5EVCBnvINv6j0kFb9wcVi3eHFkZVIm
j+nLVjJR0PE7eiSEj44Y2mdYTzJvJBrIFRpKf81NDc5oSW1qTSSnxsc76Ix3LBJo
e0LxgxVWU1uuUzlFxDcpc1/y8PFHlMTrrM+0wUuYWaohVhMNTGi1ZoEapsui09hn
11jVKK3L13qi1Nf2Eb3lb/VI5RqVO6FHjB8cFcCrEE6TiRdxlg5a4kN2VHY3DnJm
bWouORwzCWD9rQDeDlqwLVpoX/0mBcVUOaP41MebAvDfdOEuukWwUT+uRdit9X5M
zx7nZswFEmYbzKFU
-----END CERTIFICATE-----