Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/VuPo8TvGD9aFHdcF8yfKKqgkdzk.cer
File:                     VuPo8TvGD9aFHdcF8yfKKqgkdzk.cer (raw, json)
Hash identifier:          ivC7F/PXvkequ7pABMI7ipEoCV8fWKc58JTO88UJYM8=
Subject key identifier:   56:E3:E8:F1:3B:C6:0F:D6:85:1D:D7:05:F3:27:CA:2A:A8:24:77:39
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC649FCD504852E2AB02FEC167D7B40C2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/50/f54692-2d4b-41d4-b03c-38526ae48451/1/VuPo8TvGD9aFHdcF8yfKKqgkdzk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/50/f54692-2d4b-41d4-b03c-38526ae48451/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:29:46 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 194.102.243.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:fc:d5:04:85:2e:2a:b0:2f:ec:16:7d:7b:40:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56e3e8f13bc60fd6851dd705f327ca2aa8247739
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:bf:08:61:24:0d:26:aa:1e:4a:cc:79:bf:d3:
                    98:58:26:a3:d3:c8:8b:cc:39:01:28:15:67:25:ad:
                    56:8b:92:ad:b8:5a:ac:05:ed:8a:6c:b1:c0:95:09:
                    a2:50:28:c7:d7:3a:60:50:cd:d6:48:e6:8d:9d:3e:
                    1d:a3:69:f1:75:b0:49:e5:49:7a:8b:05:8f:23:04:
                    2a:f3:50:50:78:ca:ee:42:fe:c0:0b:45:f3:6a:67:
                    ba:6c:7e:aa:ca:c7:66:76:29:e2:f6:0d:99:bd:f7:
                    33:37:6a:2f:e0:da:9e:d8:96:66:19:1c:87:02:78:
                    94:ab:97:62:18:fb:56:41:97:72:d5:2c:e1:06:85:
                    af:4f:3e:48:1b:d0:4b:71:ce:d5:e5:e4:28:8e:97:
                    43:03:f9:8d:4b:b7:32:3a:bc:48:4d:6b:7f:e3:96:
                    e0:33:06:d1:1d:5b:43:ff:65:a8:34:f3:d1:12:e5:
                    d4:f6:e0:34:dd:c3:ac:69:74:a6:cd:11:77:d3:e5:
                    e7:92:80:15:0d:4e:70:1d:95:a6:49:a1:f1:d0:d6:
                    5f:a1:aa:63:2f:07:68:18:a7:50:6f:39:28:8c:0a:
                    4d:1b:f7:dd:64:f9:e4:1a:24:72:36:c9:04:4c:dd:
                    75:80:b6:10:3b:f5:82:a5:9a:f8:cd:80:87:df:54:
                    b1:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:E3:E8:F1:3B:C6:0F:D6:85:1D:D7:05:F3:27:CA:2A:A8:24:77:39
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f54692-2d4b-41d4-b03c-38526ae48451/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f54692-2d4b-41d4-b03c-38526ae48451/1/VuPo8TvGD9aFHdcF8yfKKqgkdzk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.102.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:b6:fc:4e:d0:1a:43:95:44:7e:2c:47:4d:09:eb:e8:ab:83:
         75:d3:de:ea:f6:80:d9:74:55:23:7a:de:72:ad:06:ca:13:32:
         36:8b:88:b2:54:5e:f7:1a:36:d7:41:69:1b:3e:48:9b:92:0b:
         e3:6d:5f:50:28:6c:0c:bf:24:0a:c6:b2:bc:e3:87:a0:4d:8d:
         d8:81:49:63:d7:e5:e6:19:79:aa:de:01:aa:19:3d:c8:28:a4:
         44:a4:ad:bc:9b:d8:7e:18:2b:df:fb:5d:e7:5a:f2:24:66:4e:
         fe:73:ce:76:e0:ee:c1:2d:7b:21:53:7e:00:f9:79:1c:c1:6d:
         9c:2c:ac:19:5b:22:82:0e:09:cf:b8:53:9b:5a:38:85:2a:53:
         4a:06:fb:4b:94:b3:0f:65:c5:dd:95:44:ce:c8:af:ac:f9:c9:
         43:70:35:39:c2:ee:59:d8:0c:7e:03:56:90:6c:a5:a9:f7:5a:
         92:ac:90:c2:f6:5c:ff:27:8b:7d:4b:a8:2d:8b:47:9f:f5:e1:
         90:9b:ee:29:d8:3a:a5:7c:ca:95:44:45:99:e0:f5:dd:f2:1d:
         0c:68:ba:44:b3:b1:d6:7a:90:e7:15:1a:03:29:21:3b:56:32:
         c6:18:2a:bd:8c:af:9d:fb:38:7c:70:cf:35:36:f1:d2:07:23:
         a3:86:a7:80
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzGSfzVBIUuKrAv7BZ9e0DCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmUzZThmMTNiYzYwZmQ2ODUxZGQ3MDVmMzI3Y2EyYWE4MjQ3NzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm78IYSQNJqoeSsx5v9OYWCaj08iL
zDkBKBVnJa1Wi5KtuFqsBe2KbLHAlQmiUCjH1zpgUM3WSOaNnT4do2nxdbBJ5Ul6
iwWPIwQq81BQeMruQv7AC0Xzame6bH6qysdmdini9g2ZvfczN2ov4Nqe2JZmGRyH
AniUq5diGPtWQZdy1SzhBoWvTz5IG9BLcc7V5eQojpdDA/mNS7cyOrxITWt/45bg
MwbRHVtD/2WoNPPREuXU9uA03cOsaXSmzRF30+XnkoAVDU5wHZWmSaHx0NZfoapj
LwdoGKdQbzkojApNG/fdZPnkGiRyNskETN11gLYQO/WCpZr4zYCH31SxNQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFFbj6PE7xg/WhR3XBfMnyiqoJHc5MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzUwL2Y1NDY5
Mi0yZDRiLTQxZDQtYjAzYy0zODUyNmFlNDg0NTEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTAvZjU0Njky
LTJkNGItNDFkNC1iMDNjLTM4NTI2YWU0ODQ1MS8xL1Z1UG84VHZHRDlhRkhkY0Y4
eWZLS3Fna2R6ay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwmbzMA0GCSqGSIb3DQEBCwUAA4IBAQCFtvxO
0BpDlUR+LEdNCevoq4N1097q9oDZdFUjet5yrQbKEzI2i4iyVF73GjbXQWkbPkib
kgvjbV9QKGwMvyQKxrK844egTY3YgUlj1+XmGXmq3gGqGT3IKKREpK28m9h+GCvf
+13nWvIkZk7+c8524O7BLXshU34A+XkcwW2cLKwZWyKCDgnPuFObWjiFKlNKBvtL
lLMPZcXdlUTOyK+s+clDcDU5wu5Z2Ax+A1aQbKWp91qSrJDC9lz/J4t9S6gti0ef
9eGQm+4p2DqlfMqVREWZ4PXd8h0MaLpEs7HWepDnFRoDKSE7VjLGGCq9jK+d+zh8
cM81NvHSByOjhqeA
-----END CERTIFICATE-----