Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/R7lNsbPetIBa0mFVS65rpfp0CMs.cer
File:                     R7lNsbPetIBa0mFVS65rpfp0CMs.cer (raw, json)
Hash identifier:          rDZuBenf73ndoI7uPJyGgru5rnpNkckQoj2IAh1TS7I=
Subject key identifier:   47:B9:4D:B1:B3:DE:B4:80:5A:D2:61:55:4B:AE:6B:A5:FA:74:08:CB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC726C284A39FC522C3EE9D899202EC0D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f4/871f8e-e7c0-4264-baea-2c294ec81297/1/R7lNsbPetIBa0mFVS65rpfp0CMs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f4/871f8e-e7c0-4264-baea-2c294ec81297/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 22:30:55 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.194.132.0/22
                          IP: 2a00:7780::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:c2:84:a3:9f:c5:22:c3:ee:9d:89:92:02:ec:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47b94db1b3deb4805ad261554bae6ba5fa7408cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:de:60:a3:3b:39:d4:99:e8:f7:a8:08:84:73:
                    a8:9e:49:21:82:94:8b:c5:71:56:40:3a:3e:01:5c:
                    d6:02:47:50:f5:65:79:08:c5:97:9c:3c:08:00:0a:
                    a0:45:d0:44:a2:52:29:9a:9d:58:39:10:bf:bd:bd:
                    9d:97:e6:ff:0b:01:3d:59:c5:60:9f:ab:eb:c0:fb:
                    20:d1:3a:eb:99:94:74:fb:30:86:3b:f7:1e:ac:94:
                    e3:25:77:47:84:36:d4:de:8a:09:c0:82:6d:8e:55:
                    46:8d:65:a2:88:df:40:fc:fc:7f:e5:90:4e:4a:97:
                    e2:f7:fb:74:46:c3:99:ed:91:26:e3:eb:44:e4:03:
                    b9:21:7b:5a:76:f4:68:93:47:e9:30:3d:3c:89:9e:
                    3e:de:26:2e:50:8f:aa:72:f0:73:37:d9:e4:0c:67:
                    01:dd:28:83:99:e0:16:86:e4:2c:da:99:56:ee:85:
                    c8:aa:96:39:86:e6:f7:c9:59:aa:ab:0a:47:3a:ca:
                    f4:93:2d:fa:86:50:6c:8c:d4:fa:c4:3a:5b:e3:b8:
                    89:67:0d:dd:57:1a:be:0b:c8:03:c5:9f:bd:a7:f7:
                    75:30:31:d6:a5:3b:8c:d6:f2:57:15:9e:52:a7:ce:
                    f5:25:5e:48:63:9f:1e:2c:c1:7e:0a:a5:b2:f7:99:
                    3b:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:B9:4D:B1:B3:DE:B4:80:5A:D2:61:55:4B:AE:6B:A5:FA:74:08:CB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/871f8e-e7c0-4264-baea-2c294ec81297/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/871f8e-e7c0-4264-baea-2c294ec81297/1/R7lNsbPetIBa0mFVS65rpfp0CMs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.132.0/22
                IPv6:
                  2a00:7780::/32

    Signature Algorithm: sha256WithRSAEncryption
         60:cf:01:e5:c6:c7:e3:39:31:ef:3d:41:33:c5:4e:65:43:75:
         e3:2c:79:13:c2:08:29:6a:4b:2f:a0:d3:92:1e:fe:20:3c:04:
         92:bb:76:db:54:48:66:1f:38:b2:a7:7f:8b:37:95:a7:99:8c:
         35:b1:27:fa:d8:a9:d2:8d:e2:e5:86:6b:1a:df:b1:99:15:67:
         01:44:9f:0c:14:55:6a:e3:34:6a:c5:46:cb:cf:58:98:1e:73:
         31:4f:22:1d:85:e4:f6:ed:55:83:55:22:9d:23:bf:89:b7:93:
         28:e7:78:f2:fd:bf:ba:7e:54:29:01:10:3b:03:b3:ec:37:a6:
         f0:b9:2a:b8:a2:02:c5:7f:0d:61:0c:43:26:d8:66:67:71:e8:
         68:c6:46:37:bd:00:b3:f8:26:32:30:8c:7a:df:95:9a:b1:71:
         2f:19:da:15:a9:f3:d4:1b:b9:06:12:7e:8e:b9:cc:79:13:d0:
         ca:dc:9e:0e:f5:d0:b6:d3:c9:7a:f4:04:65:10:d2:12:2b:dc:
         4b:79:b1:2f:c8:92:43:af:aa:ce:89:3c:ad:b5:1c:07:b9:78:
         6e:68:e8:a6:9a:44:86:2c:0b:99:05:8e:b0:a2:7d:26:ab:c3:
         0b:25:4a:dd:8e:01:e3:9b:2f:7d:05:3f:b5:16:48:81:63:ed:
         45:ab:e0:dc
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzHJsKEo5/FIsPunYmSAuwNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjIzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2I5NGRiMWIzZGViNDgwNWFkMjYxNTU0YmFlNmJhNWZhNzQwOGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArt5gozs51Jno96gIhHOonkkhgpSL
xXFWQDo+AVzWAkdQ9WV5CMWXnDwIAAqgRdBEolIpmp1YORC/vb2dl+b/CwE9WcVg
n6vrwPsg0TrrmZR0+zCGO/cerJTjJXdHhDbU3ooJwIJtjlVGjWWiiN9A/Px/5ZBO
Spfi9/t0RsOZ7ZEm4+tE5AO5IXtadvRok0fpMD08iZ4+3iYuUI+qcvBzN9nkDGcB
3SiDmeAWhuQs2plW7oXIqpY5hub3yVmqqwpHOsr0ky36hlBsjNT6xDpb47iJZw3d
Vxq+C8gDxZ+9p/d1MDHWpTuM1vJXFZ5Sp871JV5IY58eLMF+CqWy95k7kQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFEe5TbGz3rSAWtJhVUuua6X6dAjLMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y0Lzg3MWY4
ZS1lN2MwLTQyNjQtYmFlYS0yYzI5NGVjODEyOTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjQvODcxZjhl
LWU3YzAtNDI2NC1iYWVhLTJjMjk0ZWM4MTI5Ny8xL1I3bE5zYlBldElCYTBtRlZT
NjVycGZwMENNcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCucKEMA0EAgACMAcDBQAqAHeAMA0GCSqGSIb3
DQEBCwUAA4IBAQBgzwHlxsfjOTHvPUEzxU5lQ3XjLHkTwggpaksvoNOSHv4gPASS
u3bbVEhmHziyp3+LN5WnmYw1sSf62KnSjeLlhmsa37GZFWcBRJ8MFFVq4zRqxUbL
z1iYHnMxTyIdheT27VWDVSKdI7+Jt5Mo53jy/b+6flQpARA7A7PsN6bwuSq4ogLF
fw1hDEMm2GZncehoxkY3vQCz+CYyMIx635WasXEvGdoVqfPUG7kGEn6Oucx5E9DK
3J4O9dC208l69ARlENISK9xLebEvyJJDr6rOiTyttRwHuXhuaOimmkSGLAuZBY6w
on0mq8MLJUrdjgHjmy99BT+1FkiBY+1Fq+Dc
-----END CERTIFICATE-----