Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/S3IGbX5sqK0v-mKmmwZ5I6Qt-W8.cer
File:                     S3IGbX5sqK0v-mKmmwZ5I6Qt-W8.cer (raw, json)
Hash identifier:          RJa3L4lJJXLF7qXc0hIRCrvlIWFyhn3d3Vm7YPN9uLA=
Subject key identifier:   4B:72:06:6D:7E:6C:A8:AD:2F:FA:62:A6:9B:06:79:23:A4:2D:F9:6F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8DE756CE9F0D17FA46711C9103DCFF0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/45/a64b09-64df-470c-a64d-1f6991877b26/1/S3IGbX5sqK0v-mKmmwZ5I6Qt-W8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/45/a64b09-64df-470c-a64d-1f6991877b26/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 06:31:11 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 212138
                          IP: 192.145.104.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:75:6c:e9:f0:d1:7f:a4:67:11:c9:10:3d:cf:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b72066d7e6ca8ad2ffa62a69b067923a42df96f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d8:44:00:9d:26:c4:75:89:bc:13:a2:83:f7:
                    33:b0:ac:3c:6c:0e:00:a1:8d:99:b4:a4:7c:f6:b6:
                    a4:17:3a:10:9e:38:8d:38:02:10:ca:1b:7c:bc:53:
                    94:6c:81:25:2a:35:81:66:4e:6d:a5:86:af:91:ec:
                    c9:70:f9:d6:f1:fd:f3:93:9a:fd:51:7a:79:ba:5f:
                    85:8f:45:c0:b7:8f:62:cf:be:15:74:68:e2:2b:b9:
                    8c:4d:38:49:87:02:79:fa:be:6f:a5:83:93:35:e6:
                    4a:2b:3c:e0:2d:7f:f0:6d:08:ee:ad:80:6e:50:16:
                    68:33:bc:a5:73:60:9b:7d:e8:da:a8:fa:bb:b4:d1:
                    81:9d:91:54:c6:f9:20:a6:97:e8:da:da:16:4b:ef:
                    8e:53:d6:72:93:a6:82:58:1e:81:e4:9d:53:bc:07:
                    d8:07:ec:2c:c8:13:d4:77:66:55:6f:e3:21:d7:8a:
                    d1:b7:35:cb:3e:1f:9b:0c:52:7c:e1:b8:f7:0b:92:
                    e4:8c:4d:45:b5:12:a6:97:3f:74:c5:25:46:04:e6:
                    9b:41:dc:a3:30:1e:cf:be:1e:91:04:1c:51:19:6a:
                    90:eb:49:51:cd:4c:7c:fe:78:5f:12:2d:d5:98:19:
                    b6:75:3c:01:c9:49:ba:f3:37:71:65:2c:9a:78:4a:
                    d4:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:72:06:6D:7E:6C:A8:AD:2F:FA:62:A6:9B:06:79:23:A4:2D:F9:6F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/a64b09-64df-470c-a64d-1f6991877b26/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/a64b09-64df-470c-a64d-1f6991877b26/1/S3IGbX5sqK0v-mKmmwZ5I6Qt-W8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.145.104.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  212138

    Signature Algorithm: sha256WithRSAEncryption
         46:cb:4c:46:68:d4:d7:e7:e6:ec:98:94:da:a4:0a:50:cb:82:
         16:18:99:0e:a7:a2:f1:46:8b:e6:3a:08:05:92:47:02:db:62:
         ee:f0:8a:4e:e1:51:b5:b6:c1:04:32:ed:7b:e3:7c:ef:44:d0:
         1b:b7:0d:8a:6b:97:73:11:40:97:0f:ea:4a:ad:8c:f8:5c:03:
         fb:b1:5e:f7:51:c6:d6:75:d7:1f:02:b8:e2:f5:5c:02:ff:d4:
         af:7b:0f:ed:e0:94:21:16:5d:76:2a:85:f8:c1:0d:ec:9c:80:
         2c:54:6d:b3:89:c3:f3:ef:d0:e1:01:58:2c:77:4c:78:61:9a:
         86:cf:26:e0:dc:5e:ac:c2:7d:a2:45:88:1f:9f:72:79:5e:ef:
         c7:53:ee:03:8b:c6:e2:4d:b3:fc:e3:f9:d3:78:78:ff:bd:93:
         31:59:1e:9f:70:3f:fd:4b:00:9b:ba:ee:aa:56:cc:53:ab:bd:
         c6:0e:44:7d:85:65:62:4d:58:87:6e:c9:70:9f:13:b6:9f:be:
         77:81:9a:6f:c5:41:14:50:75:61:9d:c3:f9:a2:ba:26:74:45:
         6e:86:28:14:60:2a:99:bd:53:27:ab:ff:25:e9:fd:1f:87:8c:
         68:a2:f6:93:8a:19:9d:11:da:5d:81:98:e9:58:91:a5:aa:47:
         98:fb:2e:f2
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzI3nVs6fDRf6RnEckQPc/wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDYzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjcyMDY2ZDdlNmNhOGFkMmZmYTYyYTY5YjA2NzkyM2E0MmRmOTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNhEAJ0mxHWJvBOig/czsKw8bA4A
oY2ZtKR89rakFzoQnjiNOAIQyht8vFOUbIElKjWBZk5tpYavkezJcPnW8f3zk5r9
UXp5ul+Fj0XAt49iz74VdGjiK7mMTThJhwJ5+r5vpYOTNeZKKzzgLX/wbQjurYBu
UBZoM7ylc2CbfejaqPq7tNGBnZFUxvkgppfo2toWS++OU9Zyk6aCWB6B5J1TvAfY
B+wsyBPUd2ZVb+Mh14rRtzXLPh+bDFJ84bj3C5LkjE1FtRKmlz90xSVGBOabQdyj
MB7Pvh6RBBxRGWqQ60lRzUx8/nhfEi3VmBm2dTwByUm68zdxZSyaeErU2wIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFEtyBm1+bKitL/pippsGeSOkLflvMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ1L2E2NGIw
OS02NGRmLTQ3MGMtYTY0ZC0xZjY5OTE4NzdiMjYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDUvYTY0YjA5
LTY0ZGYtNDcwYy1hNjRkLTFmNjk5MTg3N2IyNi8xL1MzSUdiWDVzcUswdi1tS21t
d1o1STZRdC1XOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwJFoMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwM8qjANBgkqhkiG9w0BAQsFAAOCAQEARstMRmjU1+fm7JiU2qQKUMuCFhiZDqei
8UaL5joIBZJHAtti7vCKTuFRtbbBBDLte+N870TQG7cNimuXcxFAlw/qSq2M+FwD
+7Fe91HG1nXXHwK44vVcAv/Ur3sP7eCUIRZddiqF+MEN7JyALFRts4nD8+/Q4QFY
LHdMeGGahs8m4NxerMJ9okWIH59yeV7vx1PuA4vG4k2z/OP503h4/72TMVken3A/
/UsAm7ruqlbMU6u9xg5EfYVlYk1Yh27JcJ8Ttp++d4Gab8VBFFB1YZ3D+aK6JnRF
boYoFGAqmb1TJ6v/Jen9H4eMaKL2k4oZnRHaXYGY6ViRpapHmPsu8g==
-----END CERTIFICATE-----