Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/V_u26yzsmpt7uBo7Fgwaq5kOSCY.cer
File:                     V_u26yzsmpt7uBo7Fgwaq5kOSCY.cer (raw, json)
Hash identifier:          GrOxvl/v12XG/KpHvccxZV3kmQgrWs66+jl4kNOUtqg=
Subject key identifier:   57:FB:B6:EB:2C:EC:9A:9B:7B:B8:1A:3B:16:0C:1A:AB:99:0E:48:26
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8DF7024AE27CC263AA8894514AF9F9A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/cf/5888ff-3b8e-4556-adf4-4d9ecfce0dbc/1/V_u26yzsmpt7uBo7Fgwaq5kOSCY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/cf/5888ff-3b8e-4556-adf4-4d9ecfce0dbc/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 06:32:15 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 195.225.80.0/24
                          IP: 2a11:e600::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:70:24:ae:27:cc:26:3a:a8:89:45:14:af:9f:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:32:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57fbb6eb2cec9a9b7bb81a3b160c1aab990e4826
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:33:0f:ef:24:20:88:02:ab:ae:cd:dc:19:9f:
                    ff:f6:41:57:5c:f6:d6:96:ef:3b:a1:e3:b3:e9:29:
                    67:b4:4d:44:af:47:e3:4c:b9:81:cc:85:ed:98:22:
                    e7:41:9a:95:bf:7d:dc:7a:17:c0:8b:db:a2:c4:59:
                    b7:24:2f:17:4d:9e:49:6b:b7:c9:1f:f1:60:d7:41:
                    ea:39:e7:8c:24:64:7a:98:b6:b8:0b:0c:33:f9:3d:
                    ec:7f:7f:b8:ad:97:78:ba:ab:d2:df:d7:f1:e0:f4:
                    86:41:41:44:9d:c1:c9:9f:1d:d7:d3:78:26:9b:18:
                    b7:db:ff:d9:35:48:0a:31:38:01:e8:9e:4b:30:1e:
                    45:4e:9c:c3:d0:42:30:7d:ab:1a:2e:57:cd:a8:89:
                    b7:ea:d2:10:ff:2a:77:9c:03:be:7d:9a:dd:66:d7:
                    9a:23:ce:1b:9d:fd:a1:7a:c5:f8:db:69:e4:a0:49:
                    e9:bb:2f:49:56:a9:fc:94:0e:3d:f9:50:8e:e0:5d:
                    3a:6e:39:87:ff:e6:16:d9:34:18:7c:9e:75:a2:4a:
                    e4:65:31:e9:2e:75:d6:b7:cf:7d:cf:7c:a8:2e:32:
                    94:3f:0e:55:68:fd:ce:90:f4:45:97:d1:94:9e:04:
                    42:b8:28:cb:6e:00:e5:df:29:59:54:f3:87:c7:31:
                    46:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:FB:B6:EB:2C:EC:9A:9B:7B:B8:1A:3B:16:0C:1A:AB:99:0E:48:26
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/5888ff-3b8e-4556-adf4-4d9ecfce0dbc/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/5888ff-3b8e-4556-adf4-4d9ecfce0dbc/1/V_u26yzsmpt7uBo7Fgwaq5kOSCY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.225.80.0/24
                IPv6:
                  2a11:e600::/29

    Signature Algorithm: sha256WithRSAEncryption
         09:bd:1f:e3:b0:f3:b1:ea:55:57:f5:55:55:0e:6e:1f:43:4f:
         d8:72:0a:91:53:65:ba:6e:ad:0a:ee:31:f5:c8:9a:45:50:7e:
         d5:0b:1d:1c:2e:5f:29:06:7e:69:53:fa:4e:a1:54:4b:59:f5:
         eb:d8:89:32:8f:94:3f:c0:63:ba:5e:d8:9a:05:98:e5:56:13:
         20:96:25:30:61:99:71:e2:cb:8b:3e:f2:20:3c:c5:76:fb:c2:
         c8:d2:b2:4b:f6:f9:b7:35:d2:dc:8a:a0:a4:b9:85:bc:aa:03:
         b2:43:5d:35:ba:31:6e:25:1f:df:f8:85:1d:7b:5b:ad:f1:a7:
         25:1b:b1:87:5f:5b:e6:b0:c3:27:15:9e:fc:77:c6:0f:0a:51:
         d0:e4:33:6c:45:77:66:36:c3:70:1b:50:99:24:97:84:17:32:
         12:3d:17:02:7b:f6:2e:cf:f6:a2:72:97:2e:5f:04:eb:c1:d4:
         83:ac:27:70:01:c7:49:47:41:7b:0f:d0:51:c9:e8:46:59:f6:
         ad:68:47:39:5a:c3:12:e1:c5:5d:f1:20:36:ea:2f:74:eb:03:
         13:87:7f:46:f2:40:b7:07:d9:c5:77:db:91:59:26:58:33:28:
         a0:35:19:3e:0f:31:91:46:60:e3:ae:d6:8c:55:ef:c2:98:c4:
         fe:2f:04:50
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzI33AkrifMJjqoiUUUr5+aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDYzMjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2ZiYjZlYjJjZWM5YTliN2JiODFhM2IxNjBjMWFhYjk5MGU0ODI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjMP7yQgiAKrrs3cGZ//9kFXXPbW
lu87oeOz6SlntE1Er0fjTLmBzIXtmCLnQZqVv33cehfAi9uixFm3JC8XTZ5Ja7fJ
H/Fg10HqOeeMJGR6mLa4Cwwz+T3sf3+4rZd4uqvS39fx4PSGQUFEncHJnx3X03gm
mxi32//ZNUgKMTgB6J5LMB5FTpzD0EIwfasaLlfNqIm36tIQ/yp3nAO+fZrdZtea
I84bnf2hesX422nkoEnpuy9JVqn8lA49+VCO4F06bjmH/+YW2TQYfJ51okrkZTHp
LnXWt899z3yoLjKUPw5VaP3OkPRFl9GUngRCuCjLbgDl3ylZVPOHxzFGqwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFFf7tuss7Jqbe7gaOxYMGquZDkgmMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NmLzU4ODhm
Zi0zYjhlLTQ1NTYtYWRmNC00ZDllY2ZjZTBkYmMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2YvNTg4OGZm
LTNiOGUtNDU1Ni1hZGY0LTRkOWVjZmNlMGRiYy8xL1ZfdTI2eXpzbXB0N3VCbzdG
Z3dhcTVrT1NDWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAw+FQMA0EAgACMAcDBQMqEeYAMA0GCSqGSIb3
DQEBCwUAA4IBAQAJvR/jsPOx6lVX9VVVDm4fQ0/YcgqRU2W6bq0K7jH1yJpFUH7V
Cx0cLl8pBn5pU/pOoVRLWfXr2Ikyj5Q/wGO6XtiaBZjlVhMgliUwYZlx4suLPvIg
PMV2+8LI0rJL9vm3NdLciqCkuYW8qgOyQ101ujFuJR/f+IUde1ut8aclG7GHX1vm
sMMnFZ78d8YPClHQ5DNsRXdmNsNwG1CZJJeEFzISPRcCe/Yuz/aicpcuXwTrwdSD
rCdwAcdJR0F7D9BRyehGWfataEc5WsMS4cVd8SA26i906wMTh39G8kC3B9nFd9uR
WSZYMyigNRk+DzGRRmDjrtaMVe/CmMT+LwRQ
-----END CERTIFICATE-----