Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/XL1s2RrWpyhrIfZQn92fUP7nXYc.cer
File:                     XL1s2RrWpyhrIfZQn92fUP7nXYc.cer (raw, json)
Hash identifier:          75EiAfSlJhaHGa1EbW4MNbzE6e+C9qvvDd6j7pPJSWA=
Subject key identifier:   5C:BD:6C:D9:1A:D6:A7:28:6B:21:F6:50:9F:DD:9F:50:FE:E7:5D:87
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC4250EEA71275456A901AE891BAB1098
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8a/e0223a-31fd-4cac-8164-fba074ba1b90/1/XL1s2RrWpyhrIfZQn92fUP7nXYc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8a/e0223a-31fd-4cac-8164-fba074ba1b90/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 08:30:12 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 195.10.206.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:0e:ea:71:27:54:56:a9:01:ae:89:1b:ab:10:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 08:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5cbd6cd91ad6a7286b21f6509fdd9f50fee75d87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a2:a2:1d:62:0f:a6:e9:ed:b0:c3:57:fe:11:
                    e6:6f:83:51:b2:92:ed:8d:e9:4b:f3:55:f6:b1:91:
                    e3:fc:b3:45:e2:1e:f5:3d:3c:34:a6:96:a3:86:30:
                    e7:a5:ce:29:d5:a2:51:f1:67:4a:42:c3:5f:0d:19:
                    ae:2b:e8:e4:0a:a6:bc:5b:be:45:2f:1d:d7:eb:8b:
                    1c:1f:fc:11:c2:70:2c:66:4a:0c:be:bc:2a:d0:28:
                    db:39:05:b7:93:67:35:49:56:7e:e4:ab:5b:4d:af:
                    bf:57:49:79:f7:9d:87:26:f3:b7:58:6e:f7:bc:13:
                    aa:32:5d:15:4d:a9:6c:83:4a:3c:55:c8:13:97:04:
                    9f:e2:54:1e:68:1a:cc:48:58:04:15:38:2c:cd:fd:
                    e0:7e:93:7e:ba:7b:28:8d:11:1e:e1:af:3c:92:3c:
                    05:2e:03:0f:22:8c:48:9a:b0:2e:96:54:9c:0c:a1:
                    ba:9f:58:02:d3:31:3e:80:ff:b9:6d:7c:5b:9c:e1:
                    6c:41:2f:3c:5d:24:01:32:81:44:6b:36:29:ee:f0:
                    0b:87:3f:ad:0c:e4:fc:42:76:66:f1:d3:90:17:58:
                    3b:ae:8f:0b:5d:15:ea:41:e5:4a:83:32:d8:f5:3f:
                    1f:5d:f2:62:d3:00:95:e6:6d:ed:ee:94:3e:89:fa:
                    fb:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:BD:6C:D9:1A:D6:A7:28:6B:21:F6:50:9F:DD:9F:50:FE:E7:5D:87
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e0223a-31fd-4cac-8164-fba074ba1b90/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e0223a-31fd-4cac-8164-fba074ba1b90/1/XL1s2RrWpyhrIfZQn92fUP7nXYc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.10.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:58:b4:8e:e9:ab:0b:27:f3:90:7a:ca:ad:bf:b2:bf:68:a2:
         e7:a5:ee:c1:1e:ca:98:37:0f:d4:fa:be:90:2a:40:1a:89:d7:
         d4:2d:6b:dc:89:69:57:87:10:e9:c5:39:b8:91:ad:97:dd:1d:
         62:b5:ef:dc:39:e0:7f:97:18:6a:b3:99:64:70:9c:fb:26:2b:
         d4:c2:3a:d5:b4:42:d3:49:de:b7:77:19:96:14:f6:ff:c9:83:
         d5:9a:79:f7:31:41:a1:c0:b9:8c:b2:f6:d3:02:ae:2b:25:5e:
         cc:a0:6a:4d:30:dd:73:36:2a:d5:f0:65:09:f3:f0:34:74:29:
         bd:cc:63:9b:9c:aa:2c:1b:a5:6e:24:6a:0a:da:bf:67:31:21:
         dc:ae:b1:b9:0c:14:6c:52:69:1f:57:56:ef:48:9c:52:1b:27:
         07:0f:6d:d2:20:09:4b:9b:dc:29:59:55:a4:03:3c:a6:df:c8:
         9d:0e:82:ec:bb:b9:5e:6e:bf:2b:0a:21:81:8e:c5:25:14:16:
         ab:56:df:d8:bb:57:49:60:95:5b:3b:97:67:5b:d5:a0:25:b4:
         04:4e:b6:45:a0:40:68:54:c1:22:69:eb:22:8d:bc:3a:5a:ed:
         16:11:d0:5b:05:e9:af:32:1f:f6:08:13:a6:bc:18:0c:6e:70:
         8e:28:86:f2
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzEJQ7qcSdUVqkBrokbqxCYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDgzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2JkNmNkOTFhZDZhNzI4NmIyMWY2NTA5ZmRkOWY1MGZlZTc1ZDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaKiHWIPpuntsMNX/hHmb4NRspLt
jelL81X2sZHj/LNF4h71PTw0ppajhjDnpc4p1aJR8WdKQsNfDRmuK+jkCqa8W75F
Lx3X64scH/wRwnAsZkoMvrwq0CjbOQW3k2c1SVZ+5KtbTa+/V0l5952HJvO3WG73
vBOqMl0VTalsg0o8VcgTlwSf4lQeaBrMSFgEFTgszf3gfpN+unsojREe4a88kjwF
LgMPIoxImrAullScDKG6n1gC0zE+gP+5bXxbnOFsQS88XSQBMoFEazYp7vALhz+t
DOT8QnZm8dOQF1g7ro8LXRXqQeVKgzLY9T8fXfJi0wCV5m3t7pQ+ifr7tQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFFy9bNka1qcoayH2UJ/dn1D+512HMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhhL2UwMjIz
YS0zMWZkLTRjYWMtODE2NC1mYmEwNzRiYTFiOTAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGEvZTAyMjNh
LTMxZmQtNGNhYy04MTY0LWZiYTA3NGJhMWI5MC8xL1hMMXMyUnJXcHlocklmWlFu
OTJmVVA3blhZYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwwrOMA0GCSqGSIb3DQEBCwUAA4IBAQBaWLSO
6asLJ/OQesqtv7K/aKLnpe7BHsqYNw/U+r6QKkAaidfULWvciWlXhxDpxTm4ka2X
3R1ite/cOeB/lxhqs5lkcJz7JivUwjrVtELTSd63dxmWFPb/yYPVmnn3MUGhwLmM
svbTAq4rJV7MoGpNMN1zNirV8GUJ8/A0dCm9zGObnKosG6VuJGoK2r9nMSHcrrG5
DBRsUmkfV1bvSJxSGycHD23SIAlLm9wpWVWkAzym38idDoLsu7lebr8rCiGBjsUl
FBarVt/Yu1dJYJVbO5dnW9WgJbQETrZFoEBoVMEiaesijbw6Wu0WEdBbBemvMh/2
CBOmvBgMbnCOKIby
-----END CERTIFICATE-----