Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Rmz6T4hH8VYbVZcWcBZcDmi2J5k.cer
File:                     Rmz6T4hH8VYbVZcWcBZcDmi2J5k.cer (raw, json)
Hash identifier:          Vi06w/3PpADIimrhfLBKNCXUocnbxRNQbj6sDurqXxs=
Subject key identifier:   46:6C:FA:4F:88:47:F1:56:1B:55:97:16:70:16:5C:0E:68:B6:27:99
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC94E5008A4EF6A08F41114E88EEEBF2A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7d/504ffa-2905-4785-9291-5b11bb179a8b/1/Rmz6T4hH8VYbVZcWcBZcDmi2J5k.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7d/504ffa-2905-4785-9291-5b11bb179a8b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 08:33:21 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 2001:67c:14b4::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:50:08:a4:ef:6a:08:f4:11:14:e8:8e:ee:bf:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:33:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=466cfa4f8847f1561b55971670165c0e68b62799
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:80:cc:58:26:db:6f:f8:17:b9:1c:eb:ca:48:
                    dd:19:d4:6b:71:81:49:78:a6:2d:a1:8c:39:35:7e:
                    96:09:eb:a7:15:6f:1f:95:af:64:2e:f8:58:27:50:
                    b8:22:93:1c:9f:b9:a6:b5:e6:18:cf:5d:32:5b:72:
                    91:37:35:a9:55:e5:26:bd:e7:8b:d7:9e:4f:59:cb:
                    62:43:3e:0c:a2:84:f8:e6:9f:e5:3d:be:79:93:cd:
                    3a:a3:a8:e5:5e:f3:2d:bb:ee:45:0b:a2:6b:62:ad:
                    77:4e:b2:57:02:1b:2a:e0:7a:71:40:97:00:2c:74:
                    04:30:02:2c:18:9b:5b:8b:f4:59:07:82:96:17:ee:
                    62:fb:28:b7:4a:12:a6:38:50:26:98:ab:66:aa:a5:
                    ea:7a:65:fe:10:1e:f8:26:76:ba:62:b0:ef:14:5c:
                    59:2c:c4:06:80:4d:2f:b7:54:2c:f3:46:b4:b6:f5:
                    19:a3:2f:26:05:c7:ff:69:32:97:3a:32:b3:a4:90:
                    2b:1e:71:f7:6a:c2:2d:60:06:52:cc:3c:dc:42:34:
                    4e:38:59:27:ab:ea:6e:88:fa:9e:82:c5:ac:f1:a2:
                    ec:70:d9:78:5d:ec:50:11:70:0e:e5:1c:20:72:c4:
                    05:95:a0:09:e9:1f:80:2a:c2:91:d2:e2:6c:8d:c2:
                    87:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:6C:FA:4F:88:47:F1:56:1B:55:97:16:70:16:5C:0E:68:B6:27:99
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/504ffa-2905-4785-9291-5b11bb179a8b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/504ffa-2905-4785-9291-5b11bb179a8b/1/Rmz6T4hH8VYbVZcWcBZcDmi2J5k.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:14b4::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:2d:6c:f6:1c:28:67:5e:c1:fa:a3:2b:d4:9d:65:94:34:31:
         aa:87:d2:47:c4:fe:04:22:c8:89:71:2b:c7:0e:86:be:9f:05:
         73:0d:dc:c0:c5:8f:99:f0:00:d2:36:f9:25:46:5b:ae:a7:49:
         ae:b0:e7:79:5d:c6:09:27:44:bf:c4:13:84:ac:0b:73:b9:e6:
         dc:d6:a2:ac:9f:93:d3:ed:53:fd:ee:a7:5b:44:0e:f8:0f:6b:
         ce:55:47:c5:7a:4a:bd:72:6d:23:4a:e9:35:31:77:b2:d3:a9:
         c7:d6:4c:c8:58:9f:8e:bd:3d:9e:f2:f4:11:52:69:74:1f:4f:
         9c:a2:f5:4f:c4:fb:4e:f1:70:5b:a7:3e:fb:db:c1:15:6d:7d:
         94:4e:32:a0:b4:54:a0:a8:fd:e2:1d:0e:2a:df:c1:c9:ea:3c:
         59:d2:79:dd:f3:23:d6:74:0c:3f:e9:a5:53:40:f9:ac:97:d7:
         fc:ce:26:bd:44:c3:a3:d7:f2:60:53:47:a3:49:41:6a:a9:37:
         b3:62:40:51:82:b7:39:10:96:db:8d:3e:42:87:11:1c:44:79:
         f4:79:dc:c4:f1:2e:51:83:45:c5:c3:63:14:52:e8:d3:51:e3:
         15:1b:62:78:9b:a7:7b:29:bb:dc:16:a0:1a:bc:21:86:26:8c:
         6c:7a:67:4d
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgISAYzJTlAIpO9qCPQRFOiO7r8qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDgzMzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjZjZmE0Zjg4NDdmMTU2MWI1NTk3MTY3MDE2NWMwZTY4YjYyNzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvIDMWCbbb/gXuRzrykjdGdRrcYFJ
eKYtoYw5NX6WCeunFW8fla9kLvhYJ1C4IpMcn7mmteYYz10yW3KRNzWpVeUmveeL
155PWctiQz4MooT45p/lPb55k806o6jlXvMtu+5FC6JrYq13TrJXAhsq4HpxQJcA
LHQEMAIsGJtbi/RZB4KWF+5i+yi3ShKmOFAmmKtmqqXqemX+EB74Jna6YrDvFFxZ
LMQGgE0vt1Qs80a0tvUZoy8mBcf/aTKXOjKzpJArHnH3asItYAZSzDzcQjROOFkn
q+puiPqegsWs8aLscNl4XexQEXAO5RwgcsQFlaAJ6R+AKsKR0uJsjcKH9wIDAQAB
o4IChzCCAoMwHQYDVR0OBBYEFEZs+k+IR/FWG1WXFnAWXA5otieZMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdkLzUwNGZm
YS0yOTA1LTQ3ODUtOTI5MS01YjExYmIxNzlhOGIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2QvNTA0ZmZh
LTI5MDUtNDc4NS05MjkxLTViMTFiYjE3OWE4Yi8xL1JtejZUNGhIOFZZYlZaY1dj
QlpjRG1pMko1ay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBS0MA0GCSqGSIb3DQEBCwUAA4IBAQAV
LWz2HChnXsH6oyvUnWWUNDGqh9JHxP4EIsiJcSvHDoa+nwVzDdzAxY+Z8ADSNvkl
Rluup0musOd5XcYJJ0S/xBOErAtzuebc1qKsn5PT7VP97qdbRA74D2vOVUfFekq9
cm0jSuk1MXey06nH1kzIWJ+OvT2e8vQRUml0H0+covVPxPtO8XBbpz7728EVbX2U
TjKgtFSgqP3iHQ4q38HJ6jxZ0nnd8yPWdAw/6aVTQPmsl9f8zia9RMOj1/JgU0ej
SUFqqTezYkBRgrc5EJbbjT5ChxEcRHn0edzE8S5Rg0XFw2MUUujTUeMVG2J4m6d7
KbvcFqAavCGGJoxsemdN
-----END CERTIFICATE-----