Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ShO3dYZ23i7xJ8x3UO52xag0HXg.cer
File:                     ShO3dYZ23i7xJ8x3UO52xag0HXg.cer (raw, json)
Hash identifier:          2t9ZGp2mzkjGLCIiuUzHHSHCB1Y2HM/4zT0qEqer6uY=
Subject key identifier:   4A:13:B7:75:86:76:DE:2E:F1:27:CC:77:50:EE:76:C5:A8:34:1D:78
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC79554B90228B8841BD9E8836CB9A2B5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f8/e6b238-5355-40f0-be87-497fd6506ae5/1/ShO3dYZ23i7xJ8x3UO52xag0HXg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f8/e6b238-5355-40f0-be87-497fd6506ae5/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:31:41 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 194.26.0.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:54:b9:02:28:b8:84:1b:d9:e8:83:6c:b9:a2:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a13b7758676de2ef127cc7750ee76c5a8341d78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:67:92:1f:e2:fc:b6:aa:ff:06:56:1f:a4:9e:
                    71:51:d6:8f:af:14:27:7c:79:67:c6:84:da:65:ea:
                    28:45:20:44:23:f1:91:97:1b:bf:2b:94:52:3f:c9:
                    75:72:c8:7d:ab:36:e3:0b:b0:79:99:32:5e:41:8e:
                    56:27:3b:79:b3:56:24:00:66:f5:ac:7a:86:4f:46:
                    e1:06:16:0c:6d:14:91:04:95:1f:3a:56:9d:73:a7:
                    dc:8f:c6:c1:73:ca:19:0d:74:e7:67:a0:d0:ac:9f:
                    c2:2d:45:87:84:44:9f:7f:99:60:72:58:68:eb:92:
                    36:6f:9f:52:e2:e4:e6:69:73:89:80:89:bc:e3:2c:
                    cd:97:ea:3f:03:bc:cc:fc:d1:cb:f7:ae:ef:81:90:
                    65:31:e8:0e:00:d4:90:35:1d:46:50:83:36:04:f9:
                    4c:82:cf:c3:ea:09:4c:2b:3c:10:32:68:57:f2:ec:
                    ab:cd:04:75:d2:08:6a:27:d2:6e:b6:75:d7:6b:82:
                    76:d7:c8:4d:c4:12:5e:ae:77:ed:d8:23:fe:d5:1e:
                    ce:4e:3c:90:4a:89:83:07:e1:f8:2e:3e:12:72:08:
                    30:f6:dc:65:c2:df:2d:b1:79:d7:1e:21:cc:7c:df:
                    2f:65:ae:af:92:82:7e:24:32:a5:ba:ad:33:59:29:
                    b3:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:13:B7:75:86:76:DE:2E:F1:27:CC:77:50:EE:76:C5:A8:34:1D:78
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/e6b238-5355-40f0-be87-497fd6506ae5/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/e6b238-5355-40f0-be87-497fd6506ae5/1/ShO3dYZ23i7xJ8x3UO52xag0HXg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:2f:09:78:58:f1:62:3a:44:a2:2c:45:cd:88:27:e5:1b:a6:
         96:4f:aa:cd:32:35:48:5d:fa:08:ac:7e:e6:13:29:7f:d8:56:
         5b:23:99:5b:16:21:06:95:3b:cc:cc:26:b7:dc:be:fe:fe:fd:
         e2:1f:37:9b:1b:0a:02:3c:75:31:df:a3:bd:ef:54:cf:89:5c:
         5f:26:b9:ff:bf:3c:df:0f:69:9c:82:d0:f6:a9:7c:ab:b0:b3:
         89:5d:9c:5d:b0:72:61:2d:8e:9a:93:bb:c2:92:fa:12:ba:54:
         13:22:55:f0:9f:22:22:05:15:a2:5a:07:4f:ad:24:53:a7:6d:
         c2:76:b0:18:26:16:84:53:7d:8d:f3:06:0c:52:93:76:48:b7:
         c8:b8:47:6f:e3:f2:1e:20:27:61:ce:13:3f:fe:9f:d2:6c:68:
         de:42:4f:7b:f3:47:8d:f0:bb:89:c5:a5:e2:2e:97:46:f9:60:
         2d:49:b9:0e:22:64:85:a3:d8:29:c3:71:38:ed:74:9c:5b:3c:
         8a:25:f4:9a:2f:94:0b:85:14:24:e8:29:61:82:41:5b:d8:b3:
         35:ea:76:95:61:14:1c:3e:bc:fa:8d:3e:ee:a9:53:02:a3:c5:
         5d:78:c0:3a:7d:c7:1f:d2:c7:f7:fe:a4:19:d7:b7:87:20:eb:
         aa:a2:f3:c4
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzHlVS5Aii4hBvZ6INsuaK1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTEzYjc3NTg2NzZkZTJlZjEyN2NjNzc1MGVlNzZjNWE4MzQxZDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGeSH+L8tqr/BlYfpJ5xUdaPrxQn
fHlnxoTaZeooRSBEI/GRlxu/K5RSP8l1csh9qzbjC7B5mTJeQY5WJzt5s1YkAGb1
rHqGT0bhBhYMbRSRBJUfOladc6fcj8bBc8oZDXTnZ6DQrJ/CLUWHhESff5lgclho
65I2b59S4uTmaXOJgIm84yzNl+o/A7zM/NHL967vgZBlMegOANSQNR1GUIM2BPlM
gs/D6glMKzwQMmhX8uyrzQR10ghqJ9JutnXXa4J218hNxBJernft2CP+1R7OTjyQ
SomDB+H4Lj4Scggw9txlwt8tsXnXHiHMfN8vZa6vkoJ+JDKluq0zWSmzXwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFEoTt3WGdt4u8SfMd1DudsWoNB14MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y4L2U2YjIz
OC01MzU1LTQwZjAtYmU4Ny00OTdmZDY1MDZhZTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjgvZTZiMjM4
LTUzNTUtNDBmMC1iZTg3LTQ5N2ZkNjUwNmFlNS8xL1NoTzNkWVoyM2k3eEo4eDNV
TzUyeGFnMEhYZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwhoAMA0GCSqGSIb3DQEBCwUAA4IBAQCYLwl4
WPFiOkSiLEXNiCflG6aWT6rNMjVIXfoIrH7mEyl/2FZbI5lbFiEGlTvMzCa33L7+
/v3iHzebGwoCPHUx36O971TPiVxfJrn/vzzfD2mcgtD2qXyrsLOJXZxdsHJhLY6a
k7vCkvoSulQTIlXwnyIiBRWiWgdPrSRTp23CdrAYJhaEU32N8wYMUpN2SLfIuEdv
4/IeICdhzhM//p/SbGjeQk9780eN8LuJxaXiLpdG+WAtSbkOImSFo9gpw3E47XSc
WzyKJfSaL5QLhRQk6ClhgkFb2LM16naVYRQcPrz6jT7uqVMCo8VdeMA6fccf0sf3
/qQZ17eHIOuqovPE
-----END CERTIFICATE-----