Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/UeFdozln1BRwqW1hQcg0DyJAWBw.cer
File:                     UeFdozln1BRwqW1hQcg0DyJAWBw.cer (raw, json)
Hash identifier:          ZgAqZinehlMOuYtYskrZU/FjhO/3yACYv1dYwa7KqGc=
Subject key identifier:   51:E1:5D:A3:39:67:D4:14:70:A9:6D:61:41:C8:34:0F:22:40:58:1C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8016613D6366687A1E5F3E6B72C4CFE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/02/23d5c1-ac66-461f-900f-380885740d4a/1/UeFdozln1BRwqW1hQcg0DyJAWBw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/02/23d5c1-ac66-461f-900f-380885740d4a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:29:44 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.255.80.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:66:13:d6:36:66:87:a1:e5:f3:e6:b7:2c:4c:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51e15da33967d41470a96d6141c8340f2240581c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:67:69:e2:95:73:ad:e9:5b:e4:34:b0:c7:4b:
                    a6:5a:af:05:ff:e6:ca:67:f4:78:72:ea:d3:b2:0c:
                    b9:89:57:e5:47:6a:6c:94:3b:d5:3a:f4:9f:71:40:
                    ab:40:a8:5b:1a:18:f6:af:b2:64:27:e8:2f:87:29:
                    58:19:11:d6:0b:de:47:25:b4:71:28:3f:63:f4:57:
                    7b:e8:8f:7e:8f:0c:5d:29:33:63:54:c1:c1:ca:72:
                    80:ae:0e:62:2d:7b:07:3c:2e:0a:f2:f4:73:16:96:
                    a0:d0:de:ed:2c:a4:33:9c:54:14:28:0e:df:c0:8f:
                    00:e5:eb:0e:2c:7a:a3:21:18:fa:ba:16:80:2d:be:
                    0b:3a:51:10:0b:61:8b:bf:05:77:e7:f1:3d:04:33:
                    25:b0:88:6a:c8:8f:7e:ec:ab:12:fb:0b:a0:57:d0:
                    2f:14:24:dc:ef:ca:58:95:a6:c0:a8:23:ec:52:f7:
                    03:46:b6:aa:43:20:a1:d7:0e:6a:a4:ef:b3:b8:16:
                    b0:d9:e6:79:a2:b7:d5:39:bc:ea:c7:f9:50:76:bd:
                    aa:72:42:18:c2:3b:8b:77:22:6c:b9:50:26:98:6c:
                    39:b5:c1:06:19:56:88:9d:3b:56:66:98:46:2a:31:
                    e0:d0:11:f8:d4:76:3d:9f:7c:ad:bd:c0:6e:3c:9b:
                    d1:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:E1:5D:A3:39:67:D4:14:70:A9:6D:61:41:C8:34:0F:22:40:58:1C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/23d5c1-ac66-461f-900f-380885740d4a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/23d5c1-ac66-461f-900f-380885740d4a/1/UeFdozln1BRwqW1hQcg0DyJAWBw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         49:09:b6:d2:a0:53:ff:85:a8:ab:6c:6d:c3:ee:1a:cd:7b:82:
         a2:8a:c5:85:5e:e2:90:95:23:11:3e:33:9d:5d:61:5a:21:55:
         7a:9b:88:10:44:0a:3d:1b:2c:36:64:d8:d7:28:92:0d:ef:b5:
         a1:96:21:f1:b5:ea:9d:8f:0d:82:43:55:8c:2b:9c:e5:e3:e4:
         b0:58:68:14:66:f6:90:49:a4:dc:cf:3c:10:e5:78:82:ca:e3:
         9a:85:fd:40:4d:61:36:15:72:b7:1d:a9:ab:f7:9d:10:6d:42:
         57:0b:e2:cc:84:ef:2b:bf:d2:7b:a1:60:b0:69:2d:37:93:f2:
         7e:b1:3a:e7:07:8c:be:52:89:f3:d6:2c:4b:38:2f:7d:41:30:
         9c:de:c3:c8:1e:c4:5e:89:3f:fa:e9:9d:5d:0c:d1:db:1a:75:
         cb:90:19:e9:d5:ef:68:dc:89:47:de:39:6b:a4:8e:96:6d:e9:
         8a:03:1f:b2:87:d2:8f:e0:5b:a4:f1:07:c5:48:b9:c9:54:da:
         61:26:e3:98:72:9d:7a:c3:cc:de:07:05:01:98:e6:51:5a:a0:
         68:cd:d3:42:23:5c:f4:8a:ed:3e:e8:f1:1d:a8:4a:d7:5e:68:
         1a:a4:e6:0c:8c:1f:16:2d:f8:99:1a:02:c7:50:51:8a:9f:d8:
         ba:cf:19:8f
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzIAWYT1jZmh6Hl8+a3LEz+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWUxNWRhMzM5NjdkNDE0NzBhOTZkNjE0MWM4MzQwZjIyNDA1ODFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjGdp4pVzrelb5DSwx0umWq8F/+bK
Z/R4curTsgy5iVflR2pslDvVOvSfcUCrQKhbGhj2r7JkJ+gvhylYGRHWC95HJbRx
KD9j9Fd76I9+jwxdKTNjVMHBynKArg5iLXsHPC4K8vRzFpag0N7tLKQznFQUKA7f
wI8A5esOLHqjIRj6uhaALb4LOlEQC2GLvwV35/E9BDMlsIhqyI9+7KsS+wugV9Av
FCTc78pYlabAqCPsUvcDRraqQyCh1w5qpO+zuBaw2eZ5orfVObzqx/lQdr2qckIY
wjuLdyJsuVAmmGw5tcEGGVaInTtWZphGKjHg0BH41HY9n3ytvcBuPJvRkQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFFHhXaM5Z9QUcKltYUHINA8iQFgcMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzAyLzIzZDVj
MS1hYzY2LTQ2MWYtOTAwZi0zODA4ODU3NDBkNGEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDIvMjNkNWMx
LWFjNjYtNDYxZi05MDBmLTM4MDg4NTc0MGQ0YS8xL1VlRmRvemxuMUJSd3FXMWhR
Y2cwRHlKQVdCdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCuf9QMA0GCSqGSIb3DQEBCwUAA4IBAQBJCbbS
oFP/hairbG3D7hrNe4KiisWFXuKQlSMRPjOdXWFaIVV6m4gQRAo9Gyw2ZNjXKJIN
77WhliHxteqdjw2CQ1WMK5zl4+SwWGgUZvaQSaTczzwQ5XiCyuOahf1ATWE2FXK3
Hamr950QbUJXC+LMhO8rv9J7oWCwaS03k/J+sTrnB4y+Uonz1ixLOC99QTCc3sPI
HsReiT/66Z1dDNHbGnXLkBnp1e9o3IlH3jlrpI6WbemKAx+yh9KP4Fuk8QfFSLnJ
VNphJuOYcp16w8zeBwUBmOZRWqBozdNCI1z0iu0+6PEdqErXXmgapOYMjB8WLfiZ
GgLHUFGKn9i6zxmP
-----END CERTIFICATE-----