Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/S91CzNE9f4p8PtpbVQLY1ty7vhE.cer
File:                     S91CzNE9f4p8PtpbVQLY1ty7vhE.cer (raw, json)
Hash identifier:          SjVE2xGYtjVPK0+gcbsiwvqsKjKDfqJrHa6rOsTy3C0=
Subject key identifier:   4B:DD:42:CC:D1:3D:7F:8A:7C:3E:DA:5B:55:02:D8:D6:DC:BB:BE:11
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC6B921C3E6F1A5BAF7AE68F6025EF321
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9b/fc8e22-9a3b-4646-babe-1ca2120ee436/1/S91CzNE9f4p8PtpbVQLY1ty7vhE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9b/fc8e22-9a3b-4646-babe-1ca2120ee436/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 20:31:10 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.168.149.0/24
                          IP: 2a12:b7c0::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:21:c3:e6:f1:a5:ba:f7:ae:68:f6:02:5e:f3:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4bdd42ccd13d7f8a7c3eda5b5502d8d6dcbbbe11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:33:33:54:08:ca:d0:71:13:46:9c:30:f3:f3:
                    84:b3:a8:74:54:e2:ab:b6:f7:8f:1a:05:57:d2:ca:
                    39:43:be:d2:87:c1:49:e8:90:72:1b:6b:54:97:8c:
                    7b:4d:ae:fc:6a:f5:65:c6:eb:67:81:80:a7:c5:d5:
                    02:30:ac:de:e6:54:e1:0c:63:ed:11:83:17:26:67:
                    17:27:0a:ca:eb:6f:ba:71:a2:53:16:58:37:19:f6:
                    97:f4:cd:3c:d4:f3:43:5b:66:d8:90:ab:0b:ba:42:
                    4b:37:91:2a:93:44:fb:33:cf:01:ed:8c:1d:80:45:
                    07:d7:6b:58:8d:77:44:1d:6b:1a:56:45:5f:e4:c0:
                    79:1d:c9:12:8a:eb:2e:bc:6e:94:31:e8:79:59:7e:
                    ae:59:58:c2:98:b4:82:d9:d9:e9:a7:64:d1:eb:1b:
                    ce:22:59:5d:e2:bd:62:e4:0f:57:d5:c4:de:b7:f2:
                    24:df:42:89:20:6e:0c:d2:7e:ae:ff:f6:e4:b2:95:
                    78:56:8e:6e:f4:ae:9b:89:70:e6:7b:b7:04:8e:58:
                    cf:86:ee:8e:a9:bb:7d:6c:c8:29:4d:a4:4d:80:40:
                    7c:db:05:85:da:ef:dc:a6:64:da:5b:96:18:89:4d:
                    4d:99:39:dd:c8:cc:83:33:ef:7d:71:62:06:00:ea:
                    1d:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:DD:42:CC:D1:3D:7F:8A:7C:3E:DA:5B:55:02:D8:D6:DC:BB:BE:11
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/fc8e22-9a3b-4646-babe-1ca2120ee436/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/fc8e22-9a3b-4646-babe-1ca2120ee436/1/S91CzNE9f4p8PtpbVQLY1ty7vhE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.149.0/24
                IPv6:
                  2a12:b7c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         38:35:a2:2d:34:9a:ba:42:2b:3c:71:8d:3b:5d:39:30:02:af:
         3e:9c:b1:60:bf:88:c3:c4:c3:a7:b6:59:ec:a4:24:0d:83:f5:
         cd:27:f5:b0:ec:07:37:e3:ee:fa:81:5c:11:ff:3d:ef:23:9d:
         26:80:3e:37:2a:c2:76:59:54:bd:b3:c1:20:72:f4:5d:5e:53:
         5b:1d:7f:ea:7e:bd:1e:cc:10:26:58:68:73:1a:d3:bd:0d:13:
         75:88:cc:58:48:fb:85:e1:fa:02:b8:84:d9:67:54:25:f8:1d:
         5f:ab:cc:5a:6a:59:cf:5e:b4:8a:f8:96:f7:a7:54:52:42:d8:
         0a:e1:9c:12:22:f5:55:8e:fb:59:18:8c:e2:37:be:f2:ff:52:
         6c:50:0a:05:05:23:00:41:47:ec:84:88:8c:08:84:53:2d:79:
         d8:22:e1:cb:d1:26:cd:01:26:f5:c0:41:1b:ed:ab:56:d1:e1:
         4c:f6:eb:29:e4:92:62:9c:2b:2b:a0:73:33:b7:e8:d0:b5:65:
         93:55:b8:96:1b:ca:9d:74:4d:33:dd:6d:dd:83:c5:08:be:3f:
         43:2f:24:76:1d:04:3e:0a:89:25:cd:18:5a:36:fe:8b:88:9e:
         e5:65:64:a9:d9:b7:7f:9a:28:8a:1b:25:7c:f5:97:92:fb:6f:
         53:f2:dc:7d
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzGuSHD5vGluveuaPYCXvMhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjAzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmRkNDJjY2QxM2Q3ZjhhN2MzZWRhNWI1NTAyZDhkNmRjYmJiZTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDMzVAjK0HETRpww8/OEs6h0VOKr
tvePGgVX0so5Q77Sh8FJ6JByG2tUl4x7Ta78avVlxutngYCnxdUCMKze5lThDGPt
EYMXJmcXJwrK62+6caJTFlg3GfaX9M081PNDW2bYkKsLukJLN5Eqk0T7M88B7Ywd
gEUH12tYjXdEHWsaVkVf5MB5HckSiusuvG6UMeh5WX6uWVjCmLSC2dnpp2TR6xvO
Illd4r1i5A9X1cTet/Ik30KJIG4M0n6u//bkspV4Vo5u9K6biXDme7cEjljPhu6O
qbt9bMgpTaRNgEB82wWF2u/cpmTaW5YYiU1NmTndyMyDM+99cWIGAOodcQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFEvdQszRPX+KfD7aW1UC2Nbcu74RMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzliL2ZjOGUy
Mi05YTNiLTQ2NDYtYmFiZS0xY2EyMTIwZWU0MzYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWIvZmM4ZTIy
LTlhM2ItNDY0Ni1iYWJlLTFjYTIxMjBlZTQzNi8xL1M5MUN6TkU5ZjRwOFB0cGJW
UUxZMXR5N3ZoRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAuaiVMA0EAgACMAcDBQMqErfAMA0GCSqGSIb3
DQEBCwUAA4IBAQA4NaItNJq6Qis8cY07XTkwAq8+nLFgv4jDxMOntlnspCQNg/XN
J/Ww7Ac34+76gVwR/z3vI50mgD43KsJ2WVS9s8EgcvRdXlNbHX/qfr0ezBAmWGhz
GtO9DRN1iMxYSPuF4foCuITZZ1Ql+B1fq8xaalnPXrSK+Jb3p1RSQtgK4ZwSIvVV
jvtZGIziN77y/1JsUAoFBSMAQUfshIiMCIRTLXnYIuHL0SbNASb1wEEb7atW0eFM
9usp5JJinCsroHMzt+jQtWWTVbiWG8qddE0z3W3dg8UIvj9DLyR2HQQ+CoklzRha
Nv6LiJ7lZWSp2bd/miiKGyV89ZeS+29T8tx9
-----END CERTIFICATE-----