Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/WKhqbHH7c0xwW15m50rBxWu5YF4.cer
File:                     WKhqbHH7c0xwW15m50rBxWu5YF4.cer (raw, json)
Hash identifier:          vT6D/Q6f6Nnd75uQH27CGMQ9A8zBcIrfNRfq8CzuHpQ=
Subject key identifier:   58:A8:6A:6C:71:FB:73:4C:70:5B:5E:66:E7:4A:C1:C5:6B:B9:60:5E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA292412BD2DCFB46A4C40C9989E915B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b1/9c4365-a98f-43fe-9950-a9b13c2800af/1/WKhqbHH7c0xwW15m50rBxWu5YF4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b1/9c4365-a98f-43fe-9950-a9b13c2800af/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:32:23 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.35.28.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:24:12:bd:2d:cf:b4:6a:4c:40:c9:98:9e:91:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:32:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58a86a6c71fb734c705b5e66e74ac1c56bb9605e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:59:59:6e:79:20:84:07:19:d2:d2:be:4c:28:
                    47:0c:81:41:df:e9:f0:9f:90:51:ff:a8:4b:f1:f2:
                    e9:06:67:d7:cd:ba:c5:9a:ec:a2:89:e6:8b:1e:08:
                    2a:9e:d9:67:77:71:79:fe:a0:eb:41:72:c4:45:ca:
                    06:d9:e4:c7:da:4c:74:8a:06:6c:a1:cd:d9:50:d7:
                    5e:25:03:42:78:d4:54:12:f7:b2:be:80:04:d5:00:
                    55:6a:1d:37:d0:27:24:63:46:91:25:8f:86:50:51:
                    3e:79:b7:d3:f1:00:fd:3f:30:7f:c0:c3:ed:9d:6b:
                    4b:c7:ad:11:c9:ad:0d:5d:e1:09:e6:cb:15:94:91:
                    09:36:9f:e5:8a:79:34:ec:99:60:d0:4a:f1:33:22:
                    53:8b:11:c8:bb:6c:c5:da:a7:c4:cf:2d:a2:a3:82:
                    e4:7d:91:91:ad:51:6c:bd:54:74:ec:0b:69:aa:af:
                    e2:e9:e7:78:e1:3d:4a:3b:ef:4a:bc:f2:b8:d5:2e:
                    36:02:82:c8:59:73:a5:a1:e0:a4:e6:1e:32:80:ab:
                    91:d1:71:59:56:f5:42:cd:f7:6a:c7:f8:d4:e7:78:
                    3d:82:cc:af:dd:09:f3:0b:a2:16:83:e1:1b:a6:81:
                    9d:c1:ff:07:94:f0:61:01:74:bb:47:7b:d9:27:5d:
                    9b:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:A8:6A:6C:71:FB:73:4C:70:5B:5E:66:E7:4A:C1:C5:6B:B9:60:5E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/9c4365-a98f-43fe-9950-a9b13c2800af/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/9c4365-a98f-43fe-9950-a9b13c2800af/1/WKhqbHH7c0xwW15m50rBxWu5YF4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:31:02:19:3f:c0:f6:18:bc:88:25:9f:ff:3b:5a:49:d3:26:
         4d:24:65:61:7d:85:56:82:fb:a4:bc:3a:8d:5a:cc:11:19:98:
         f2:81:a7:29:96:21:30:44:f8:da:c3:83:a6:63:a7:16:25:a1:
         1f:db:e2:0c:78:7c:cb:ea:28:39:a5:4c:f6:3b:70:40:22:0c:
         29:d6:98:12:b8:21:9e:34:4f:fe:db:fc:17:8e:2d:5a:12:cb:
         56:c5:25:b8:c8:ee:71:58:66:42:c5:5b:77:a5:9a:6f:52:5d:
         06:44:03:20:ac:f0:bf:d0:c1:e4:ef:87:ed:5f:da:f7:d8:91:
         03:ba:8d:0a:4d:34:9b:b3:14:ce:a0:a0:ff:1c:75:3f:16:23:
         ea:e3:f8:b6:ea:51:70:33:de:42:c4:7d:2f:dd:ba:11:29:b6:
         02:75:01:19:45:fa:86:41:f0:25:af:70:6c:74:4c:95:89:6e:
         0e:ac:82:ec:d3:e0:08:f3:36:c7:62:79:ef:e1:67:16:fc:30:
         8c:42:75:ab:6d:c1:bb:64:cc:47:23:58:72:83:86:bc:1d:e4:
         3c:59:57:63:79:aa:08:c4:97:8c:1c:4c:41:f8:c0:91:b7:a8:
         82:f7:85:66:f2:b5:2b:c2:12:91:33:1d:17:05:51:6e:43:21:
         85:34:f1:8a
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzKKSQSvS3PtGpMQMmYnpFbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzMjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGE4NmE2YzcxZmI3MzRjNzA1YjVlNjZlNzRhYzFjNTZiYjk2MDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3VlZbnkghAcZ0tK+TChHDIFB3+nw
n5BR/6hL8fLpBmfXzbrFmuyiieaLHggqntlnd3F5/qDrQXLERcoG2eTH2kx0igZs
oc3ZUNdeJQNCeNRUEveyvoAE1QBVah030CckY0aRJY+GUFE+ebfT8QD9PzB/wMPt
nWtLx60Rya0NXeEJ5ssVlJEJNp/link07Jlg0ErxMyJTixHIu2zF2qfEzy2io4Lk
fZGRrVFsvVR07Atpqq/i6ed44T1KO+9KvPK41S42AoLIWXOloeCk5h4ygKuR0XFZ
VvVCzfdqx/jU53g9gsyv3QnzC6IWg+EbpoGdwf8HlPBhAXS7R3vZJ12bxQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFFioamxx+3NMcFteZudKwcVruWBeMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2IxLzljNDM2
NS1hOThmLTQzZmUtOTk1MC1hOWIxM2MyODAwYWYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEvOWM0MzY1
LWE5OGYtNDNmZS05OTUwLWE5YjEzYzI4MDBhZi8xL1dLaHFiSEg3YzB4d1cxNW01
MHJCeFd1NVlGNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwSMcMA0GCSqGSIb3DQEBCwUAA4IBAQCUMQIZ
P8D2GLyIJZ//O1pJ0yZNJGVhfYVWgvukvDqNWswRGZjygacpliEwRPjaw4OmY6cW
JaEf2+IMeHzL6ig5pUz2O3BAIgwp1pgSuCGeNE/+2/wXji1aEstWxSW4yO5xWGZC
xVt3pZpvUl0GRAMgrPC/0MHk74ftX9r32JEDuo0KTTSbsxTOoKD/HHU/FiPq4/i2
6lFwM95CxH0v3boRKbYCdQEZRfqGQfAlr3BsdEyViW4OrILs0+AI8zbHYnnv4WcW
/DCMQnWrbcG7ZMxHI1hyg4a8HeQ8WVdjeaoIxJeMHExB+MCRt6iC94Vm8rUrwhKR
Mx0XBVFuQyGFNPGK
-----END CERTIFICATE-----