Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/VrS_zQFkrXxmiK8iJGyC4Zld01E.cer
File:                     VrS_zQFkrXxmiK8iJGyC4Zld01E.cer (raw, json)
Hash identifier:          oSZchpUFuXMGwPF/9eXwayjvs+u4wk9dtH+ctJTinFg=
Subject key identifier:   56:B4:BF:CD:01:64:AD:7C:66:88:AF:22:24:6C:82:E1:99:5D:D3:51
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56E13510CF123DB15E9A8D08CB67AC8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c1/e03e0f-f3a6-4c55-addd-241665f49d25/1/VrS_zQFkrXxmiK8iJGyC4Zld01E.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c1/e03e0f-f3a6-4c55-addd-241665f49d25/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:29:34 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.123.124.0/22
                          IP: 2a06:af00::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:13:51:0c:f1:23:db:15:e9:a8:d0:8c:b6:7a:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56b4bfcd0164ad7c6688af22246c82e1995dd351
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:75:14:42:45:87:7f:0c:19:a3:20:1c:11:35:
                    ba:9b:17:12:7f:ba:e1:8a:01:d4:af:cf:56:80:04:
                    23:22:18:e1:72:3a:08:d2:dc:e7:db:ba:3f:78:85:
                    de:b0:5b:ca:78:6a:04:43:c4:ae:a6:1e:d6:c0:67:
                    3f:3f:ad:c2:05:9b:1b:8a:f6:b1:a4:9a:9e:38:38:
                    5d:9f:1a:b1:ec:5b:9a:4c:4f:e2:e4:4f:66:99:7c:
                    b2:20:50:1f:bb:e0:0e:6f:96:fc:9c:d9:fe:f3:ac:
                    9b:2a:f1:46:d9:b0:37:29:b3:d3:c2:f7:0d:99:17:
                    95:92:ed:ad:9f:b6:2d:f7:60:16:21:f1:fb:97:8e:
                    81:a5:60:7b:92:b0:5e:25:24:30:28:53:f9:89:c1:
                    c0:3a:4f:cd:d2:7d:ed:07:2f:66:aa:43:12:1b:0d:
                    93:e7:bd:7d:bb:59:5b:02:12:99:6f:18:78:6d:b4:
                    6b:b8:3d:68:43:96:50:d6:e3:c9:59:62:8c:78:6a:
                    f7:f1:96:a1:1e:2f:33:5e:6c:70:77:2c:db:f6:c7:
                    3d:ee:12:74:fc:1a:89:c7:33:6a:9b:0a:e1:d5:37:
                    dc:f0:6d:8b:65:22:76:e4:92:a3:cc:b0:cd:dc:67:
                    c2:20:fe:4e:07:0f:69:ba:5b:a0:f4:c3:7e:69:06:
                    a5:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:B4:BF:CD:01:64:AD:7C:66:88:AF:22:24:6C:82:E1:99:5D:D3:51
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/e03e0f-f3a6-4c55-addd-241665f49d25/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/e03e0f-f3a6-4c55-addd-241665f49d25/1/VrS_zQFkrXxmiK8iJGyC4Zld01E.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.123.124.0/22
                IPv6:
                  2a06:af00::/29

    Signature Algorithm: sha256WithRSAEncryption
         17:18:e9:79:c7:4f:6d:fb:41:b1:f5:40:6b:e3:3f:4c:17:36:
         67:5b:88:93:66:52:cc:36:42:10:a8:18:87:46:3e:99:6a:70:
         4b:6f:87:d5:68:11:84:2b:cf:31:44:f4:0a:14:41:94:79:4f:
         c4:8b:b0:ac:e5:2a:cc:08:36:52:18:bc:df:8c:16:11:6f:1e:
         eb:f7:ae:14:af:a3:60:3b:4c:68:57:67:72:88:42:21:d4:52:
         e9:a0:c2:e0:33:77:81:cf:27:97:c4:43:9d:f6:08:26:c0:24:
         a9:77:c2:25:5d:25:c2:d4:fb:52:53:39:ea:64:5f:a3:dd:e7:
         8e:bf:2a:06:d1:91:eb:40:58:ca:f4:bc:e4:70:ed:32:72:bf:
         fa:ec:ef:8d:c8:ca:cd:1e:06:07:b7:1c:1a:12:c4:b3:e2:ed:
         40:79:36:ee:72:95:c3:7a:22:60:52:48:f2:02:59:4e:53:95:
         8c:d0:e9:d0:06:c6:3d:33:3b:d4:39:76:e9:33:d0:04:5a:d0:
         fd:dd:9a:95:6a:25:f2:ba:bb:52:0a:e0:ee:89:2a:e1:98:ad:
         55:07:9f:e4:c1:18:56:98:ac:5d:9a:25:41:85:d7:e6:de:4b:
         20:a8:85:27:4c:02:2c:f2:b4:7e:05:8e:d6:53:8b:97:f7:b0:
         9c:70:6a:8d
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzFbhNRDPEj2xXpqNCMtnrIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmI0YmZjZDAxNjRhZDdjNjY4OGFmMjIyNDZjODJlMTk5NWRkMzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnUUQkWHfwwZoyAcETW6mxcSf7rh
igHUr89WgAQjIhjhcjoI0tzn27o/eIXesFvKeGoEQ8Suph7WwGc/P63CBZsbivax
pJqeODhdnxqx7FuaTE/i5E9mmXyyIFAfu+AOb5b8nNn+86ybKvFG2bA3KbPTwvcN
mReVku2tn7Yt92AWIfH7l46BpWB7krBeJSQwKFP5icHAOk/N0n3tBy9mqkMSGw2T
5719u1lbAhKZbxh4bbRruD1oQ5ZQ1uPJWWKMeGr38ZahHi8zXmxwdyzb9sc97hJ0
/BqJxzNqmwrh1Tfc8G2LZSJ25JKjzLDN3GfCIP5OBw9pulug9MN+aQalvwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFFa0v80BZK18ZoivIiRsguGZXdNRMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MxL2UwM2Uw
Zi1mM2E2LTRjNTUtYWRkZC0yNDE2NjVmNDlkMjUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzEvZTAzZTBm
LWYzYTYtNGM1NS1hZGRkLTI0MTY2NWY0OWQyNS8xL1ZyU196UUZrclh4bWlLOGlK
R3lDNFpsZDAxRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuXt8MA0EAgACMAcDBQMqBq8AMA0GCSqGSIb3
DQEBCwUAA4IBAQAXGOl5x09t+0Gx9UBr4z9MFzZnW4iTZlLMNkIQqBiHRj6ZanBL
b4fVaBGEK88xRPQKFEGUeU/Ei7Cs5SrMCDZSGLzfjBYRbx7r964Ur6NgO0xoV2dy
iEIh1FLpoMLgM3eBzyeXxEOd9ggmwCSpd8IlXSXC1PtSUznqZF+j3eeOvyoG0ZHr
QFjK9LzkcO0ycr/67O+NyMrNHgYHtxwaEsSz4u1AeTbucpXDeiJgUkjyAllOU5WM
0OnQBsY9MzvUOXbpM9AEWtD93ZqVaiXyurtSCuDuiSrhmK1VB5/kwRhWmKxdmiVB
hdfm3ksgqIUnTAIs8rR+BY7WU4uX97CccGqN
-----END CERTIFICATE-----