Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/UxUwA3N9ePci25oo4iBD412Nhx4.cer
File:                     UxUwA3N9ePci25oo4iBD412Nhx4.cer (raw, json)
Hash identifier:          iNXQkNnRcOVQbFV4WUwv44iGL9t9g8b5nGQn0AaMi1Q=
Subject key identifier:   53:15:30:03:73:7D:78:F7:22:DB:9A:28:E2:20:43:E3:5D:8D:87:1E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA997DFE4DB767831187C4A901703977
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fe/8f7148-236d-4088-89e6-665995c62838/1/UxUwA3N9ePci25oo4iBD412Nhx4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fe/8f7148-236d-4088-89e6-665995c62838/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 14:35:06 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 134.21.0.0/16
                          IP: 192.47.244.0 -- 192.47.249.255

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:7d:fe:4d:b7:67:83:11:87:c4:a9:01:70:39:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 14:35:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53153003737d78f722db9a28e22043e35d8d871e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c4:b6:5d:7e:bf:4f:c6:91:52:70:ca:4a:cb:
                    93:2d:28:ad:80:33:a8:60:ef:17:df:58:d2:8f:db:
                    fe:0e:f3:2a:65:a7:ab:2c:53:20:dc:ab:5a:5f:85:
                    49:8d:ce:20:f1:ca:06:25:5d:14:a6:ce:7d:4a:f6:
                    d9:2a:9f:9e:10:5d:c7:82:22:6d:de:bd:b8:4d:bf:
                    81:85:82:a3:0d:ff:a5:51:90:90:b8:e4:db:0f:34:
                    70:7c:dd:76:e5:87:dd:80:0c:1e:63:ff:3e:8e:5b:
                    76:5c:8e:51:6c:1a:cb:fc:6d:d9:be:63:8e:eb:47:
                    11:f6:21:61:1c:66:19:82:a7:2e:06:5d:4c:ef:5f:
                    b9:bb:6e:3c:46:6b:15:cc:81:63:06:e7:ee:8d:a2:
                    ba:cf:83:b1:f3:ea:51:da:df:64:7b:68:07:5d:df:
                    1d:2c:6c:1c:6c:43:21:12:4a:b0:2d:ed:38:b1:68:
                    df:15:73:62:bc:69:4e:a9:fe:9f:a9:89:08:93:04:
                    fc:81:f6:37:e8:1c:a1:8c:8d:43:82:15:b1:c1:04:
                    e0:eb:02:40:50:8a:1a:ef:7b:9f:cb:41:25:d2:25:
                    1f:4e:9c:47:6e:f8:d9:e0:f5:5e:f8:c6:44:fb:2c:
                    1b:9f:fd:c0:7b:14:8c:f1:1f:80:95:9e:ce:6d:d9:
                    30:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:15:30:03:73:7D:78:F7:22:DB:9A:28:E2:20:43:E3:5D:8D:87:1E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/8f7148-236d-4088-89e6-665995c62838/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/8f7148-236d-4088-89e6-665995c62838/1/UxUwA3N9ePci25oo4iBD412Nhx4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.21.0.0/16
                  192.47.244.0-192.47.249.255

    Signature Algorithm: sha256WithRSAEncryption
         90:54:03:01:38:a5:b2:ee:ea:29:08:d4:d0:ac:ec:37:b5:46:
         ae:7e:32:b7:a6:fd:d8:7e:ad:fa:ef:c2:71:ba:70:32:15:d2:
         c7:fa:86:01:3a:ab:27:1f:66:34:b2:a7:e9:de:c6:ff:7e:0e:
         ba:7b:25:6a:90:7e:25:b8:98:d0:c9:63:92:50:40:ee:30:c2:
         1c:02:32:d6:15:11:92:3a:18:68:86:24:a9:49:d9:38:48:d7:
         b5:e7:6a:22:d7:59:2a:65:05:7a:37:ae:11:c0:53:fb:43:06:
         8f:c9:4d:72:d7:d8:7b:33:88:92:f8:a9:5f:1e:ff:24:c2:e8:
         86:a2:1f:d6:6a:dc:8f:5c:f6:31:8a:45:97:61:52:67:1b:cf:
         24:c4:ed:17:87:5f:be:d5:ed:1d:e2:78:11:dc:d5:5f:3f:31:
         a0:c3:8d:ce:4f:b4:72:45:e2:a0:1e:a6:7a:05:e7:e2:0e:39:
         71:04:54:08:2a:73:e9:05:76:9a:0d:d3:f0:e3:c2:c8:59:67:
         3d:a8:c5:08:a5:cd:ac:fd:cb:7a:3e:51:b0:84:83:6d:df:5c:
         b1:ca:e9:db:d0:1b:9f:8c:a3:e8:29:b7:3a:79:04:08:9c:a6:
         40:e5:ec:9d:01:09:88:6c:50:f5:f6:97:6e:7e:7d:b9:1b:63:
         85:10:4d:eb
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgISAYzKmX3+TbdngxGHxKkBcDl3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTQzNTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzE1MzAwMzczN2Q3OGY3MjJkYjlhMjhlMjIwNDNlMzVkOGQ4NzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsS2XX6/T8aRUnDKSsuTLSitgDOo
YO8X31jSj9v+DvMqZaerLFMg3KtaX4VJjc4g8coGJV0Ups59SvbZKp+eEF3HgiJt
3r24Tb+BhYKjDf+lUZCQuOTbDzRwfN125YfdgAweY/8+jlt2XI5RbBrL/G3ZvmOO
60cR9iFhHGYZgqcuBl1M71+5u248RmsVzIFjBufujaK6z4Ox8+pR2t9ke2gHXd8d
LGwcbEMhEkqwLe04sWjfFXNivGlOqf6fqYkIkwT8gfY36ByhjI1DghWxwQTg6wJA
UIoa73ufy0El0iUfTpxHbvjZ4PVe+MZE+ywbn/3AexSM8R+AlZ7Obdkw/QIDAQAB
o4ICkTCCAo0wHQYDVR0OBBYEFFMVMANzfXj3ItuaKOIgQ+NdjYceMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZlLzhmNzE0
OC0yMzZkLTQwODgtODllNi02NjU5OTVjNjI4MzgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmUvOGY3MTQ4
LTIzNmQtNDA4OC04OWU2LTY2NTk5NWM2MjgzOC8xL1V4VXdBM045ZVBjaTI1b280
aUJENDEyTmh4NC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCwGCCsGAQUF
BwEHAQH/BB0wGzAZBAIAATATAwMAhhUwDAMEAsAv9AMEAcAv+DANBgkqhkiG9w0B
AQsFAAOCAQEAkFQDATilsu7qKQjU0KzsN7VGrn4yt6b92H6t+u/CcbpwMhXSx/qG
ATqrJx9mNLKn6d7G/34OunslapB+JbiY0MljklBA7jDCHAIy1hURkjoYaIYkqUnZ
OEjXtedqItdZKmUFejeuEcBT+0MGj8lNctfYezOIkvipXx7/JMLohqIf1mrcj1z2
MYpFl2FSZxvPJMTtF4dfvtXtHeJ4EdzVXz8xoMONzk+0ckXioB6megXn4g45cQRU
CCpz6QV2mg3T8OPCyFlnPajFCKXNrP3Lej5RsISDbd9cscrp29Abn4yj6Cm3OnkE
CJymQOXsnQEJiGxQ9faXbn59uRtjhRBN6w==
-----END CERTIFICATE-----