Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Vylib6kTE9VuTXZFVy_1gGH9T4w.cer
File:                     Vylib6kTE9VuTXZFVy_1gGH9T4w.cer (raw, json)
Hash identifier:          ++kfysdy6M6WpKm5vwvWzgV+QG79I7TG7fymVPCxbC0=
Subject key identifier:   57:29:62:6F:A9:13:13:D5:6E:4D:76:45:57:2F:F5:80:61:FD:4F:8C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DACB9747F487967883536381AC9E16
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/60/2d35a9-e802-415c-ba56-7b7b5d4f58fb/1/Vylib6kTE9VuTXZFVy_1gGH9T4w.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/60/2d35a9-e802-415c-ba56-7b7b5d4f58fb/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:28 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 2001:67c:1978::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:cb:97:47:f4:87:96:78:83:53:63:81:ac:9e:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5729626fa91313d56e4d7645572ff58061fd4f8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:c4:0f:fa:2f:1f:8b:7d:69:12:b4:e3:01:64:
                    81:a5:7f:c2:a4:ca:2e:e3:43:ad:31:2e:54:3e:51:
                    26:7b:bd:e3:08:0e:f4:d7:31:1e:67:31:de:0a:70:
                    38:de:8d:01:73:1b:19:fe:af:38:2d:49:0f:05:37:
                    84:b6:c2:68:bb:43:f0:24:20:39:6b:29:11:f1:fa:
                    2b:40:9a:16:f9:c7:2e:10:45:fd:47:38:66:96:0d:
                    1b:7f:25:b4:c9:50:62:f8:b7:12:0e:aa:d4:8f:0c:
                    ae:67:08:4b:c6:e2:c8:6b:e4:34:f7:63:be:de:ba:
                    e3:d0:6f:94:91:a9:11:65:48:0a:b8:e1:a3:c7:4e:
                    ed:dd:9c:ed:19:7d:73:f8:1d:f0:3e:7f:ff:34:9d:
                    5a:36:8e:d0:0d:9c:04:77:2c:db:42:d1:52:4a:4f:
                    30:13:17:f4:3b:67:d1:16:59:fd:00:74:bf:5c:4d:
                    48:4e:8b:00:a3:30:d0:cc:87:c4:d5:1d:15:27:53:
                    92:40:d1:68:51:e5:a7:39:0c:80:21:cf:80:32:2e:
                    13:6b:bf:ce:78:75:cf:76:76:aa:dd:64:74:4c:c0:
                    b9:ca:bb:f9:e4:1b:b9:d0:74:e5:44:fe:85:3f:70:
                    8b:c5:55:8b:d5:b8:f8:dc:42:b0:87:9e:86:b3:57:
                    7e:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:29:62:6F:A9:13:13:D5:6E:4D:76:45:57:2F:F5:80:61:FD:4F:8C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/2d35a9-e802-415c-ba56-7b7b5d4f58fb/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/2d35a9-e802-415c-ba56-7b7b5d4f58fb/1/Vylib6kTE9VuTXZFVy_1gGH9T4w.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1978::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:2f:f0:fd:09:5f:49:3a:58:00:92:2e:bf:d1:31:78:e9:4b:
         63:7a:c5:89:20:63:35:16:18:fa:fb:77:31:67:de:f3:16:83:
         87:30:80:36:b5:6b:5e:9b:b3:db:6d:07:9e:27:5f:20:f0:1a:
         65:6a:79:3a:68:c5:b7:ec:95:7a:e8:c0:de:aa:47:07:1a:39:
         77:9c:b2:f3:ab:63:95:0c:97:79:86:1d:c2:6b:ab:71:58:26:
         6f:e8:80:47:3c:a1:0c:cd:04:78:e7:71:3d:fe:87:66:2e:3c:
         25:10:f5:e3:2b:b0:06:ae:75:8b:b5:bc:a1:dd:6b:15:cf:55:
         22:fb:cd:68:71:bc:9b:34:ee:1c:5b:6e:c1:d6:41:c8:c9:e1:
         d2:0d:e8:a1:b6:ed:18:c8:e9:b8:54:d6:69:0f:e0:db:ac:6e:
         41:15:e2:6b:63:93:3a:11:0e:ea:e0:62:70:ad:b6:6f:7c:b9:
         72:b3:a2:2e:c3:57:7f:1c:52:79:59:65:a2:b1:ab:c3:c7:cd:
         7e:d8:76:c1:4e:ad:eb:83:71:72:a9:ca:61:fb:7f:c8:c2:95:
         c5:24:79:ca:18:54:37:63:26:2d:b8:2b:24:b6:89:e2:31:6d:
         82:4c:e1:54:67:86:82:78:67:d1:2c:b9:9b:c9:d2:99:d8:e8:
         56:28:b8:4a
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgISAYzC2suXR/SHlniDU2OBrJ4WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzI5NjI2ZmE5MTMxM2Q1NmU0ZDc2NDU1NzJmZjU4MDYxZmQ0ZjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8QP+i8fi31pErTjAWSBpX/CpMou
40OtMS5UPlEme73jCA701zEeZzHeCnA43o0BcxsZ/q84LUkPBTeEtsJou0PwJCA5
aykR8forQJoW+ccuEEX9Rzhmlg0bfyW0yVBi+LcSDqrUjwyuZwhLxuLIa+Q092O+
3rrj0G+UkakRZUgKuOGjx07t3ZztGX1z+B3wPn//NJ1aNo7QDZwEdyzbQtFSSk8w
Exf0O2fRFln9AHS/XE1ITosAozDQzIfE1R0VJ1OSQNFoUeWnOQyAIc+AMi4Ta7/O
eHXPdnaq3WR0TMC5yrv55Bu50HTlRP6FP3CLxVWL1bj43EKwh56Gs1d+BwIDAQAB
o4IChzCCAoMwHQYDVR0OBBYEFFcpYm+pExPVbk12RVcv9YBh/U+MMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzYwLzJkMzVh
OS1lODAyLTQxNWMtYmE1Ni03YjdiNWQ0ZjU4ZmIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjAvMmQzNWE5
LWU4MDItNDE1Yy1iYTU2LTdiN2I1ZDRmNThmYi8xL1Z5bGliNmtURTlWdVRYWkZW
eV8xZ0dIOVQ0dy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBl4MA0GCSqGSIb3DQEBCwUAA4IBAQBd
L/D9CV9JOlgAki6/0TF46UtjesWJIGM1Fhj6+3cxZ97zFoOHMIA2tWtem7PbbQee
J18g8Bplank6aMW37JV66MDeqkcHGjl3nLLzq2OVDJd5hh3Ca6txWCZv6IBHPKEM
zQR453E9/odmLjwlEPXjK7AGrnWLtbyh3WsVz1Ui+81ocbybNO4cW27B1kHIyeHS
Deihtu0YyOm4VNZpD+DbrG5BFeJrY5M6EQ7q4GJwrbZvfLlys6Iuw1d/HFJ5WWWi
savDx81+2HbBTq3rg3Fyqcph+3/IwpXFJHnKGFQ3YyYtuCsktoniMW2CTOFUZ4aC
eGfRLLmbydKZ2OhWKLhK
-----END CERTIFICATE-----