Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/UeOaZ3aTuvt5JNbqhGl4z0xouMI.cer
File:                     UeOaZ3aTuvt5JNbqhGl4z0xouMI.cer (raw, json)
Hash identifier:          wrK4F8gh/TZS6rPRfiQz55WZ47BvR2u3vt9Zo72l6iY=
Subject key identifier:   51:E3:9A:67:76:93:BA:FB:79:24:D6:EA:84:69:78:CF:4C:68:B8:C2
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC64B67576F412FA955907AFDEA27AD66
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/47/4791e2-df25-4c7c-89df-76ec4acbb726/1/UeOaZ3aTuvt5JNbqhGl4z0xouMI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/47/4791e2-df25-4c7c-89df-76ec4acbb726/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:31:19 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.8.166.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:67:57:6f:41:2f:a9:55:90:7a:fd:ea:27:ad:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51e39a677693bafb7924d6ea846978cf4c68b8c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:fb:62:e0:d8:24:f4:34:13:86:2e:be:f6:bb:
                    d5:00:45:33:52:40:67:e0:dd:2f:2d:2f:cb:d1:c3:
                    f7:4e:ee:32:ec:fb:82:a8:39:2b:e4:9e:57:a0:de:
                    7c:67:c9:c2:9d:bd:86:43:d5:60:59:67:82:28:33:
                    0e:ee:94:40:92:ce:fe:78:9d:80:0b:63:84:5c:f8:
                    e0:75:f8:29:39:64:3a:62:49:e2:fc:a2:27:ab:33:
                    2e:dd:2e:3c:67:d2:d5:76:1e:ec:c8:cf:a0:4b:15:
                    7c:3d:8b:dc:68:18:ce:a5:f5:b3:a6:2d:6f:8a:7e:
                    e9:c6:aa:ae:ad:b8:ae:f9:b7:1d:51:f6:06:f3:19:
                    46:c6:1e:dd:48:2a:74:63:c3:f4:53:bd:f8:1a:05:
                    ef:dd:26:10:36:31:58:c3:9b:ff:69:70:b8:87:be:
                    eb:c0:db:32:a8:84:d8:75:54:8b:e1:61:2c:d7:f7:
                    18:45:93:c7:10:18:30:86:93:ba:f4:62:1e:10:80:
                    e1:cc:81:75:6f:60:6d:6d:eb:8f:8b:86:c2:f9:6b:
                    6f:28:c9:dc:7b:15:be:59:11:3f:c3:ab:e7:51:69:
                    f2:38:e2:d2:a7:51:2a:1a:3d:d1:00:a6:61:79:5f:
                    06:79:f6:05:95:dc:56:43:fc:60:3d:24:62:da:31:
                    31:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:E3:9A:67:76:93:BA:FB:79:24:D6:EA:84:69:78:CF:4C:68:B8:C2
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4791e2-df25-4c7c-89df-76ec4acbb726/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4791e2-df25-4c7c-89df-76ec4acbb726/1/UeOaZ3aTuvt5JNbqhGl4z0xouMI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:6f:a0:16:2a:d5:47:47:66:8e:fa:48:5e:19:6f:0e:a3:58:
         36:a7:de:87:36:31:ca:f3:69:dd:cc:8f:c7:8b:2b:94:21:ec:
         05:81:ff:82:0f:61:c6:fd:43:d8:e4:4b:87:e0:75:b3:45:e3:
         92:c5:3b:02:1e:a4:8d:85:89:80:1f:50:a0:da:49:c4:4b:35:
         5f:c7:20:8f:80:6e:31:54:4b:ac:db:7e:ac:82:c1:39:a6:04:
         8f:62:59:fb:62:65:33:d5:09:a1:76:9d:6d:ca:29:b3:95:d6:
         d7:c3:f2:28:4c:42:0d:ce:68:7d:d5:9c:94:24:41:8b:0e:ba:
         07:a7:14:1a:21:ac:ba:12:92:70:fc:78:db:c8:6c:d2:b6:f9:
         9b:ba:13:35:4a:5f:47:2f:4d:90:71:26:05:af:cc:7c:50:58:
         66:25:5f:8e:01:50:ea:ab:84:9f:82:1a:4d:eb:b3:f8:fb:77:
         19:4e:76:af:2b:e0:e2:34:3e:66:c4:cf:a3:91:e3:3c:34:59:
         63:bc:e1:fc:ac:5e:08:88:de:d1:d5:c0:a0:97:73:42:c4:5f:
         2d:86:2a:0a:ad:2b:03:36:65:3b:c4:fc:a9:dd:33:bf:c6:7d:
         1d:30:d2:1e:3f:52:0b:2b:2f:91:93:e4:f5:a6:8e:b7:c0:85:
         f7:5f:b3:10
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzGS2dXb0EvqVWQev3qJ61mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWUzOWE2Nzc2OTNiYWZiNzkyNGQ2ZWE4NDY5NzhjZjRjNjhiOGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Pti4Ngk9DQThi6+9rvVAEUzUkBn
4N0vLS/L0cP3Tu4y7PuCqDkr5J5XoN58Z8nCnb2GQ9VgWWeCKDMO7pRAks7+eJ2A
C2OEXPjgdfgpOWQ6Ykni/KInqzMu3S48Z9LVdh7syM+gSxV8PYvcaBjOpfWzpi1v
in7pxqqurbiu+bcdUfYG8xlGxh7dSCp0Y8P0U734GgXv3SYQNjFYw5v/aXC4h77r
wNsyqITYdVSL4WEs1/cYRZPHEBgwhpO69GIeEIDhzIF1b2BtbeuPi4bC+WtvKMnc
exW+WRE/w6vnUWnyOOLSp1EqGj3RAKZheV8GefYFldxWQ/xgPSRi2jExgQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFFHjmmd2k7r7eSTW6oRpeM9MaLjCMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ3LzQ3OTFl
Mi1kZjI1LTRjN2MtODlkZi03NmVjNGFjYmI3MjYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDcvNDc5MWUy
LWRmMjUtNGM3Yy04OWRmLTc2ZWM0YWNiYjcyNi8xL1VlT2FaM2FUdXZ0NUpOYnFo
R2w0ejB4b3VNSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwQimMA0GCSqGSIb3DQEBCwUAA4IBAQB6b6AW
KtVHR2aO+kheGW8Oo1g2p96HNjHK82ndzI/HiyuUIewFgf+CD2HG/UPY5EuH4HWz
ReOSxTsCHqSNhYmAH1Cg2knESzVfxyCPgG4xVEus236sgsE5pgSPYln7YmUz1Qmh
dp1tyimzldbXw/IoTEINzmh91ZyUJEGLDroHpxQaIay6EpJw/HjbyGzStvmbuhM1
Sl9HL02QcSYFr8x8UFhmJV+OAVDqq4SfghpN67P4+3cZTnavK+DiND5mxM+jkeM8
NFljvOH8rF4IiN7R1cCgl3NCxF8thioKrSsDNmU7xPyp3TO/xn0dMNIeP1ILKy+R
k+T1po63wIX3X7MQ
-----END CERTIFICATE-----