Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/TC9Y05SvcD-57w_FN77Q6X23Wo8.cer
File:                     TC9Y05SvcD-57w_FN77Q6X23Wo8.cer (raw, json)
Hash identifier:          8ez3T/popSeKKAgwbrDqsD8BpkIuuvbhSpMqdJyNNTU=
Subject key identifier:   4C:2F:58:D3:94:AF:70:3F:B9:EF:0F:C5:37:BE:D0:E9:7D:B7:5A:8F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC64B2C4010C9B5D7449EAD7A81FCCC08
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e6/246769-d876-4f22-9a1c-45c5f456d4bb/1/TC9Y05SvcD-57w_FN77Q6X23Wo8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e6/246769-d876-4f22-9a1c-45c5f456d4bb/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:31:04 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 146.136.0.0/16
                          IP: 152.96.0.0/16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:2c:40:10:c9:b5:d7:44:9e:ad:7a:81:fc:cc:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c2f58d394af703fb9ef0fc537bed0e97db75a8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a2:59:25:63:07:69:68:5e:a7:83:23:b9:28:
                    f6:54:8c:af:b4:ab:32:37:a3:2d:0a:da:2b:6f:3d:
                    26:b0:4b:66:9a:e0:01:35:be:dd:6d:a7:f4:fc:25:
                    8d:32:c2:45:0c:45:ee:29:28:5c:42:76:d4:cc:91:
                    d4:c3:2b:57:cf:7e:16:4d:29:3e:59:84:57:14:ab:
                    59:e8:3f:41:f5:04:ca:dc:04:64:ca:45:9d:1d:b6:
                    3d:76:ee:d5:82:a9:47:40:f1:a4:93:3b:43:53:82:
                    b9:55:b0:ae:7a:e8:0b:b4:46:e6:71:05:b7:49:f7:
                    77:5e:fa:cb:8e:94:b1:1e:bc:a3:fa:65:be:4c:63:
                    94:0a:ce:cf:d9:2c:c4:52:ea:07:65:70:5e:e4:c0:
                    ce:1e:13:e4:8e:bb:17:fa:02:b2:a4:df:00:0b:57:
                    d1:29:49:87:d4:e6:8d:53:0f:5c:fc:ac:d8:ac:2d:
                    38:6c:0d:4d:56:a8:f2:e6:6b:00:88:7f:75:7b:e4:
                    d9:81:08:8f:7b:da:95:7f:5e:60:bb:a8:bb:02:5a:
                    b0:5a:db:5a:57:f1:e2:cc:78:91:9b:ae:84:a2:d0:
                    9c:b5:a5:04:27:6e:86:79:a8:3d:64:e6:dd:51:c2:
                    ed:1d:1a:e4:e3:fb:3f:f0:d4:02:92:0a:a6:46:6a:
                    6c:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:2F:58:D3:94:AF:70:3F:B9:EF:0F:C5:37:BE:D0:E9:7D:B7:5A:8F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/246769-d876-4f22-9a1c-45c5f456d4bb/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/246769-d876-4f22-9a1c-45c5f456d4bb/1/TC9Y05SvcD-57w_FN77Q6X23Wo8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.136.0.0/16
                  152.96.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2f:33:96:f5:c2:9c:a2:9d:8f:14:2a:f1:6a:9a:30:a4:ef:7e:
         26:7d:11:f2:66:43:57:f2:d6:81:f9:39:e6:28:69:03:6c:ee:
         11:fe:fa:e9:25:01:0c:18:e0:a7:ef:23:ed:cb:1a:a2:a7:1c:
         01:00:d1:49:83:92:d7:88:8d:ca:42:a4:05:67:b4:94:fd:0b:
         92:d9:c0:b8:5e:7f:74:05:39:21:30:01:65:99:a0:b9:1e:20:
         44:92:92:3b:44:3e:c1:91:2b:9c:1c:a2:a5:e1:39:fc:c4:df:
         04:28:1d:9a:d2:a5:23:f7:21:be:d1:5e:29:f4:c6:9b:d4:a7:
         aa:0d:2d:0e:b6:4a:d0:77:1e:0b:dd:aa:66:48:3a:a5:e2:f3:
         64:f5:9e:dd:33:c3:92:41:52:3c:1f:36:9b:62:44:cc:18:36:
         11:e0:6b:8b:f2:7e:f3:e0:2a:43:21:55:45:0d:b6:ee:aa:82:
         90:ae:3b:42:02:e2:32:41:f1:3f:6d:7b:27:c4:87:44:7d:20:
         ee:35:6d:a9:90:be:6e:17:b9:53:bc:8e:3c:92:5a:08:6b:e1:
         21:ce:fe:c8:5f:cd:43:09:67:a3:21:c2:c8:0e:28:91:b3:d8:
         28:3d:a5:79:39:2f:1f:4f:e0:60:e1:94:ba:be:50:8e:ad:73:
         cc:80:7a:1b
-----BEGIN CERTIFICATE-----
MIIFfDCCBGSgAwIBAgISAYzGSyxAEMm110SerXqB/MwIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzJmNThkMzk0YWY3MDNmYjllZjBmYzUzN2JlZDBlOTdkYjc1YThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaJZJWMHaWhep4MjuSj2VIyvtKsy
N6MtCtorbz0msEtmmuABNb7dbaf0/CWNMsJFDEXuKShcQnbUzJHUwytXz34WTSk+
WYRXFKtZ6D9B9QTK3ARkykWdHbY9du7VgqlHQPGkkztDU4K5VbCueugLtEbmcQW3
Sfd3XvrLjpSxHryj+mW+TGOUCs7P2SzEUuoHZXBe5MDOHhPkjrsX+gKypN8AC1fR
KUmH1OaNUw9c/KzYrC04bA1NVqjy5msAiH91e+TZgQiPe9qVf15gu6i7AlqwWtta
V/HizHiRm66EotCctaUEJ26Geag9ZObdUcLtHRrk4/s/8NQCkgqmRmpsiwIDAQAB
o4ICiDCCAoQwHQYDVR0OBBYEFEwvWNOUr3A/ue8PxTe+0Ol9t1qPMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U2LzI0Njc2
OS1kODc2LTRmMjItOWExYy00NWM1ZjQ1NmQ0YmIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTYvMjQ2NzY5
LWQ4NzYtNGYyMi05YTFjLTQ1YzVmNDU2ZDRiYi8xL1RDOVkwNVN2Y0QtNTd3X0ZO
NzdRNlgyM1dvOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCMGCCsGAQUF
BwEHAQH/BBQwEjAQBAIAATAKAwMAkogDAwCYYDANBgkqhkiG9w0BAQsFAAOCAQEA
LzOW9cKcop2PFCrxapowpO9+Jn0R8mZDV/LWgfk55ihpA2zuEf766SUBDBjgp+8j
7csaoqccAQDRSYOS14iNykKkBWe0lP0LktnAuF5/dAU5ITABZZmguR4gRJKSO0Q+
wZErnByipeE5/MTfBCgdmtKlI/chvtFeKfTGm9Snqg0tDrZK0HceC92qZkg6peLz
ZPWe3TPDkkFSPB82m2JEzBg2EeBri/J+8+AqQyFVRQ227qqCkK47QgLiMkHxP217
J8SHRH0g7jVtqZC+bhe5U7yOPJJaCGvhIc7+yF/NQwlnoyHCyA4okbPYKD2leTkv
H0/gYOGUur5Qjq1zzIB6Gw==
-----END CERTIFICATE-----