Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/TaPOLU33MQNH0xou2fFBjpBmXls.cer
File:                     TaPOLU33MQNH0xou2fFBjpBmXls.cer (raw, json)
Hash identifier:          n0I7nEo2pi/yRhMx2W6ME6azvlgMYHeW1McWGORsTfs=
Subject key identifier:   4D:A3:CE:2D:4D:F7:31:03:47:D3:1A:2E:D9:F1:41:8E:90:66:5E:5B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018F386E0FF8435D612CED1A7E20A5AF0FB6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7c/068394-dd5a-419e-bb08-f12e2831414d/1/TaPOLU33MQNH0xou2fFBjpBmXls.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7c/068394-dd5a-419e-bb08-f12e2831414d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 May 2024 08:31:28 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.209.220.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:38:6e:0f:f8:43:5d:61:2c:ed:1a:7e:20:a5:af:0f:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: May  2 08:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4da3ce2d4df7310347d31a2ed9f1418e90665e5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:52:cb:5a:5a:67:ab:68:5c:96:6b:6d:9e:3e:
                    6e:86:bc:3d:74:f4:65:3a:f4:10:1f:f8:13:1a:f7:
                    b9:16:c5:82:89:2d:c5:50:2b:68:cf:74:b8:f5:38:
                    2d:2c:d9:6c:66:f7:85:4c:8b:1a:3f:d8:eb:f8:73:
                    cb:58:2a:6e:e3:94:69:64:b9:0d:67:c8:9e:0c:0d:
                    9d:d3:cb:a5:4a:a9:ab:f8:5a:e7:e3:fe:a6:8e:21:
                    29:79:5d:3b:23:26:da:40:1d:c5:3a:e5:91:a7:0d:
                    3e:f6:8e:8b:14:2f:fa:7d:4b:8f:18:06:5a:ee:94:
                    d8:1e:fd:d7:47:19:1e:71:02:0d:ef:16:f2:11:da:
                    1d:9a:9f:7f:1f:61:e1:c1:ec:13:8b:45:75:17:e4:
                    6c:ba:52:cf:d8:ca:af:70:c6:96:b5:70:6c:6f:2f:
                    da:5f:66:96:06:1f:fb:84:2e:48:d7:d3:e8:a3:99:
                    24:da:d0:47:ed:80:bb:f4:a7:02:42:31:c2:14:2f:
                    49:e7:8a:cc:28:c0:13:ca:35:ee:57:a8:dc:5e:d6:
                    cb:22:aa:15:ed:d4:86:29:f2:91:b3:92:22:2b:36:
                    4d:db:73:44:b1:30:e4:16:e2:77:56:50:b8:8a:52:
                    15:00:1f:a8:00:0f:02:73:2f:bd:0c:87:20:70:12:
                    18:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:A3:CE:2D:4D:F7:31:03:47:D3:1A:2E:D9:F1:41:8E:90:66:5E:5B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/068394-dd5a-419e-bb08-f12e2831414d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/068394-dd5a-419e-bb08-f12e2831414d/1/TaPOLU33MQNH0xou2fFBjpBmXls.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:18:f9:0c:c5:6a:fe:5f:d7:93:54:d5:a4:91:99:e9:00:05:
         82:e3:df:44:a7:72:25:bb:b1:31:25:6b:1f:a9:e9:49:2e:4d:
         b0:46:1d:bc:dc:51:a2:89:2f:a8:3d:02:6c:01:d7:d1:5d:3c:
         20:18:55:94:2f:0d:ad:f0:b8:ae:34:86:2f:38:59:90:1a:bb:
         da:21:2d:63:6c:5f:29:54:e1:87:b9:1c:47:f2:01:9a:29:10:
         67:f6:cd:69:80:3e:e6:b4:88:74:6e:03:db:43:12:e6:b8:78:
         20:2c:d6:d5:4b:6a:82:03:af:e5:e1:e4:b5:c4:38:5c:f5:b1:
         fb:f0:4f:3a:84:c2:fd:13:29:06:5a:6d:10:a1:c2:14:5e:61:
         c4:a6:8f:5b:b2:07:61:02:41:98:a3:e5:88:78:df:1d:2c:44:
         b8:92:5d:88:1c:fc:5e:31:eb:bf:15:aa:89:5f:64:31:fa:fc:
         11:02:89:95:79:62:c9:fd:bf:be:7f:91:e0:38:a5:b2:64:91:
         09:3c:f1:ea:27:57:3e:5a:39:9f:5c:b1:9a:55:d4:16:5b:66:
         64:f1:0b:3b:26:8b:80:bc:04:5a:5b:80:54:cd:57:dc:09:49:
         2f:ed:91:24:7d:1a:85:66:d0:b8:c2:0c:c4:e5:34:64:e5:e6:
         fb:16:b0:31
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAY84bg/4Q11hLO0afiClrw+2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNTAyMDgzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGEzY2UyZDRkZjczMTAzNDdkMzFhMmVkOWYxNDE4ZTkwNjY1ZTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiVLLWlpnq2hclmttnj5uhrw9dPRl
OvQQH/gTGve5FsWCiS3FUCtoz3S49TgtLNlsZveFTIsaP9jr+HPLWCpu45RpZLkN
Z8ieDA2d08ulSqmr+Frn4/6mjiEpeV07IybaQB3FOuWRpw0+9o6LFC/6fUuPGAZa
7pTYHv3XRxkecQIN7xbyEdodmp9/H2HhwewTi0V1F+RsulLP2MqvcMaWtXBsby/a
X2aWBh/7hC5I19Poo5kk2tBH7YC79KcCQjHCFC9J54rMKMATyjXuV6jcXtbLIqoV
7dSGKfKRs5IiKzZN23NEsTDkFuJ3VlC4ilIVAB+oAA8Ccy+9DIcgcBIYvQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFE2jzi1N9zEDR9MaLtnxQY6QZl5bMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdjLzA2ODM5
NC1kZDVhLTQxOWUtYmIwOC1mMTJlMjgzMTQxNGQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2MvMDY4Mzk0
LWRkNWEtNDE5ZS1iYjA4LWYxMmUyODMxNDE0ZC8xL1RhUE9MVTMzTVFOSDB4b3Uy
ZkZCanBCbVhscy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9HcMA0GCSqGSIb3DQEBCwUAA4IBAQAEGPkM
xWr+X9eTVNWkkZnpAAWC499Ep3Ilu7ExJWsfqelJLk2wRh283FGiiS+oPQJsAdfR
XTwgGFWULw2t8LiuNIYvOFmQGrvaIS1jbF8pVOGHuRxH8gGaKRBn9s1pgD7mtIh0
bgPbQxLmuHggLNbVS2qCA6/l4eS1xDhc9bH78E86hML9EykGWm0QocIUXmHEpo9b
sgdhAkGYo+WIeN8dLES4kl2IHPxeMeu/FaqJX2Qx+vwRAomVeWLJ/b++f5HgOKWy
ZJEJPPHqJ1c+WjmfXLGaVdQWW2Zk8Qs7JouAvARaW4BUzVfcCUkv7ZEkfRqFZtC4
wgzE5TRk5eb7FrAx
-----END CERTIFICATE-----