Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/TzLUClO7YLhnWebsClIHMAtBr3A.cer
File:                     TzLUClO7YLhnWebsClIHMAtBr3A.cer (raw, json)
Hash identifier:          V8S/d3aqlZLTg3XzwnY57c2y7z5HM5xembJ6vJ9bxRA=
Subject key identifier:   4F:32:D4:0A:53:BB:60:B8:67:59:E6:EC:0A:52:07:30:0B:41:AF:70
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA9A04F347BA97B8B0B30C61393FF40D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f3/a75e63-8149-49c6-939f-c6bf2ffb7253/1/TzLUClO7YLhnWebsClIHMAtBr3A.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f3/a75e63-8149-49c6-939f-c6bf2ffb7253/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 14:35:40 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.50.176.0/22
                          IP: 2a01:aba0::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:9a:04:f3:47:ba:97:b8:b0:b3:0c:61:39:3f:f4:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 14:35:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f32d40a53bb60b86759e6ec0a5207300b41af70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:74:19:8c:bf:2e:da:8d:a5:a0:cb:fd:2c:63:
                    54:a2:75:89:3b:ff:4b:1e:bb:1c:8a:cb:2d:c6:88:
                    44:84:b3:22:3b:ef:6c:42:7d:43:ea:9e:6e:b6:40:
                    98:bd:ee:6a:71:fb:cc:3f:ac:de:fb:c4:a5:e1:c5:
                    a4:af:74:6b:bb:49:4f:47:15:df:97:dd:28:bf:fb:
                    67:70:3a:d7:7a:ac:f9:75:89:5c:2e:d3:4d:90:9e:
                    8c:71:99:54:1a:16:78:f4:85:9b:89:d6:f8:08:91:
                    2f:0c:8f:82:7c:72:06:3e:2e:5f:72:09:3e:60:f6:
                    8b:6b:06:77:44:99:91:08:0f:73:03:86:d6:50:0e:
                    91:9f:46:9a:b9:05:4c:0c:6c:60:cb:fb:8f:e7:a0:
                    05:70:a2:b7:e8:6e:16:3f:1c:00:8c:6f:0c:85:37:
                    e0:69:7a:9e:8a:75:dd:fd:5e:ca:48:e3:62:fc:de:
                    dd:62:1b:52:e3:82:d9:02:b1:f3:03:1e:10:9a:cd:
                    0c:da:77:37:11:93:38:90:ac:93:d8:a3:83:48:dc:
                    6d:71:bd:6c:80:2b:29:59:24:6b:03:c1:2c:ff:ed:
                    c2:54:51:4c:fb:0d:19:02:18:18:47:6a:d5:96:ea:
                    eb:71:02:e7:e1:01:ac:d0:c0:c1:f1:ba:62:d3:e4:
                    ad:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:32:D4:0A:53:BB:60:B8:67:59:E6:EC:0A:52:07:30:0B:41:AF:70
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/a75e63-8149-49c6-939f-c6bf2ffb7253/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/a75e63-8149-49c6-939f-c6bf2ffb7253/1/TzLUClO7YLhnWebsClIHMAtBr3A.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.50.176.0/22
                IPv6:
                  2a01:aba0::/32

    Signature Algorithm: sha256WithRSAEncryption
         23:32:af:d2:72:4e:ab:6d:70:0d:80:9a:42:b2:21:77:15:6a:
         a0:d4:5c:b8:7b:9e:b7:fe:1b:4f:1c:10:64:7b:1c:1e:0a:24:
         58:5f:af:b7:83:66:66:cc:7c:a9:ba:e7:a9:36:c3:34:0d:70:
         b2:45:d1:08:05:01:a0:f9:81:7d:3e:c2:cf:72:91:5d:67:eb:
         19:3c:ea:42:c3:1e:54:ac:fb:89:c9:24:db:3e:b3:97:ba:7e:
         25:6a:f7:c2:f3:98:a5:af:f1:dc:85:33:52:13:97:c8:d0:3d:
         3f:d7:1b:f8:2c:0c:ea:de:a5:5a:dc:4b:ea:80:c0:9a:e1:1c:
         50:79:05:26:21:20:72:69:94:89:7f:23:67:48:d2:cb:cc:3d:
         e8:92:1e:74:9b:38:67:56:73:ca:95:a0:f4:fe:23:3c:eb:0a:
         90:7c:c9:f3:74:c2:d3:1c:f1:96:f2:64:79:76:08:0b:33:c2:
         79:c6:87:de:65:5f:31:e5:99:d5:aa:e6:f2:ab:52:5f:46:28:
         73:72:b7:1b:7b:84:78:6a:d3:83:85:d7:9e:0b:fa:05:c3:25:
         78:99:e5:2d:35:2b:4e:1b:c5:ca:c7:aa:31:b6:13:45:e8:6f:
         a1:2d:93:b8:49:cc:98:70:87:50:95:9c:7b:94:02:8b:ba:7c:
         5f:4c:81:ed
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzKmgTzR7qXuLCzDGE5P/QNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTQzNTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjMyZDQwYTUzYmI2MGI4Njc1OWU2ZWMwYTUyMDczMDBiNDFhZjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHQZjL8u2o2loMv9LGNUonWJO/9L
HrscisstxohEhLMiO+9sQn1D6p5utkCYve5qcfvMP6ze+8Sl4cWkr3Rru0lPRxXf
l90ov/tncDrXeqz5dYlcLtNNkJ6McZlUGhZ49IWbidb4CJEvDI+CfHIGPi5fcgk+
YPaLawZ3RJmRCA9zA4bWUA6Rn0aauQVMDGxgy/uP56AFcKK36G4WPxwAjG8MhTfg
aXqeinXd/V7KSONi/N7dYhtS44LZArHzAx4Qms0M2nc3EZM4kKyT2KODSNxtcb1s
gCspWSRrA8Es/+3CVFFM+w0ZAhgYR2rVlurrcQLn4QGs0MDB8bpi0+StzwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFE8y1ApTu2C4Z1nm7ApSBzALQa9wMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YzL2E3NWU2
My04MTQ5LTQ5YzYtOTM5Zi1jNmJmMmZmYjcyNTMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjMvYTc1ZTYz
LTgxNDktNDljNi05MzlmLWM2YmYyZmZiNzI1My8xL1R6TFVDbE83WUxobldlYnND
bElITUF0QnIzQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuTKwMA0EAgACMAcDBQAqAaugMA0GCSqGSIb3
DQEBCwUAA4IBAQAjMq/Sck6rbXANgJpCsiF3FWqg1Fy4e563/htPHBBkexweCiRY
X6+3g2ZmzHypuuepNsM0DXCyRdEIBQGg+YF9PsLPcpFdZ+sZPOpCwx5UrPuJySTb
PrOXun4lavfC85ilr/HchTNSE5fI0D0/1xv4LAzq3qVa3EvqgMCa4RxQeQUmISBy
aZSJfyNnSNLLzD3okh50mzhnVnPKlaD0/iM86wqQfMnzdMLTHPGW8mR5dggLM8J5
xofeZV8x5ZnVqubyq1JfRihzcrcbe4R4atODhdeeC/oFwyV4meUtNStOG8XKx6ox
thNF6G+hLZO4ScyYcIdQlZx7lAKLunxfTIHt
-----END CERTIFICATE-----