Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/XWRLkCyqF6mdZcRss6b42TnNmLU.cer
File:                     XWRLkCyqF6mdZcRss6b42TnNmLU.cer (raw, json)
Hash identifier:          z8v9LmwvJhd6o2xmEu1vmCCDptJkq7gnaq2KJ8VG3QU=
Subject key identifier:   5D:64:4B:90:2C:AA:17:A9:9D:65:C4:6C:B3:A6:F8:D9:39:CD:98:B5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC4255C1AF71296BBA018B6E16C3D5315
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9a/cd39a7-ed1a-4bf3-b5a6-40d836c62829/1/XWRLkCyqF6mdZcRss6b42TnNmLU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9a/cd39a7-ed1a-4bf3-b5a6-40d836c62829/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 08:30:31 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 62.3.43.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5c:1a:f7:12:96:bb:a0:18:b6:e1:6c:3d:53:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 08:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d644b902caa17a99d65c46cb3a6f8d939cd98b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:93:bb:52:b7:49:60:91:7c:1f:d3:e8:ad:fe:
                    44:31:69:c6:76:6f:17:26:ec:59:24:d4:a5:68:b8:
                    16:ea:25:59:4d:c7:87:b1:a0:2e:17:f5:f5:25:01:
                    6d:e5:8e:83:62:8d:41:d1:b5:69:92:58:dc:c5:36:
                    93:87:2e:ca:d0:6a:47:c1:73:ba:d7:b0:1c:87:cc:
                    c4:60:e9:54:0d:0a:c6:f8:79:f8:1a:ea:28:5c:8a:
                    6c:a8:a1:c0:73:5b:10:6c:78:c3:08:7f:ec:00:77:
                    96:63:b8:e2:b7:bd:14:a5:31:9c:18:8e:09:28:b9:
                    c0:b5:c1:34:cf:bd:a0:77:a2:a5:a9:aa:55:cd:eb:
                    bc:ab:d6:8b:d3:d1:e1:e0:12:b3:06:da:30:05:c1:
                    7f:da:50:26:40:06:db:26:ec:57:ba:8a:06:8a:68:
                    6b:5c:03:ad:b6:1c:f1:4d:20:28:2f:1f:47:78:d7:
                    92:eb:5e:51:04:6b:7d:8e:23:de:b4:f4:23:12:fc:
                    6d:3e:5b:1c:60:45:d8:cb:1a:7f:f6:8e:4e:f1:2b:
                    82:ee:9d:56:91:b4:9f:2a:f7:27:f1:b3:d5:49:8c:
                    bb:27:b3:1d:42:c0:b1:82:8d:25:39:b0:04:1c:47:
                    3f:d7:f2:e3:98:1f:e9:22:7a:dd:b7:64:93:c3:aa:
                    be:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:64:4B:90:2C:AA:17:A9:9D:65:C4:6C:B3:A6:F8:D9:39:CD:98:B5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/cd39a7-ed1a-4bf3-b5a6-40d836c62829/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/cd39a7-ed1a-4bf3-b5a6-40d836c62829/1/XWRLkCyqF6mdZcRss6b42TnNmLU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:23:d3:78:46:83:ba:7e:88:1a:38:3d:3f:bc:8f:89:cc:06:
         c4:5d:b5:84:9d:eb:1a:06:3b:ca:9f:cd:b2:a2:70:20:cd:9f:
         ff:ae:59:19:0f:8a:a8:39:b6:3e:60:a5:78:b2:eb:00:c5:24:
         34:ed:09:5a:2c:40:ee:ab:7b:a7:58:a8:fd:4b:b4:d9:7a:44:
         5f:a5:9a:2e:af:db:e5:07:a2:70:7e:63:a4:70:e6:aa:30:3c:
         38:7a:a2:fd:71:6c:b0:b7:6e:d3:db:d8:79:88:4b:7d:9a:03:
         47:fc:21:54:0a:50:60:30:29:74:eb:68:d8:1f:04:07:41:04:
         94:3b:3f:8f:1e:ac:3f:6d:20:34:e9:2a:5f:70:7b:e9:32:ed:
         16:ba:d5:af:12:b4:ad:50:76:e9:23:99:c6:fe:ea:c9:b6:6f:
         ac:42:26:b2:8d:64:c3:20:32:02:ba:db:81:0d:e0:13:08:f3:
         0a:94:b9:84:90:f2:59:10:c3:5f:9f:a4:b1:ea:24:85:f9:dc:
         a0:ba:82:42:de:3a:b3:0b:8a:03:64:b7:b9:de:af:e7:84:bb:
         48:fe:55:12:6a:f5:59:89:33:7d:20:99:38:e7:9b:8e:9f:34:
         5a:c5:18:71:cf:17:e1:ae:f4:60:67:e2:ed:b0:f6:c5:74:c6:
         1d:fb:7a:8d
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzEJVwa9xKWu6AYtuFsPVMVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDgzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDY0NGI5MDJjYWExN2E5OWQ2NWM0NmNiM2E2ZjhkOTM5Y2Q5OGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pO7UrdJYJF8H9Porf5EMWnGdm8X
JuxZJNSlaLgW6iVZTceHsaAuF/X1JQFt5Y6DYo1B0bVpkljcxTaThy7K0GpHwXO6
17Ach8zEYOlUDQrG+Hn4GuooXIpsqKHAc1sQbHjDCH/sAHeWY7jit70UpTGcGI4J
KLnAtcE0z72gd6KlqapVzeu8q9aL09Hh4BKzBtowBcF/2lAmQAbbJuxXuooGimhr
XAOtthzxTSAoLx9HeNeS615RBGt9jiPetPQjEvxtPlscYEXYyxp/9o5O8SuC7p1W
kbSfKvcn8bPVSYy7J7MdQsCxgo0lObAEHEc/1/LjmB/pInrdt2STw6q+mwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFF1kS5AsqhepnWXEbLOm+Nk5zZi1MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzlhL2NkMzlh
Ny1lZDFhLTRiZjMtYjVhNi00MGQ4MzZjNjI4MjkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWEvY2QzOWE3
LWVkMWEtNGJmMy1iNWE2LTQwZDgzNmM2MjgyOS8xL1hXUkxrQ3lxRjZtZFpjUnNz
NmI0MlRuTm1MVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAPgMrMA0GCSqGSIb3DQEBCwUAA4IBAQBGI9N4
RoO6fogaOD0/vI+JzAbEXbWEnesaBjvKn82yonAgzZ//rlkZD4qoObY+YKV4susA
xSQ07QlaLEDuq3unWKj9S7TZekRfpZour9vlB6JwfmOkcOaqMDw4eqL9cWywt27T
29h5iEt9mgNH/CFUClBgMCl062jYHwQHQQSUOz+PHqw/bSA06SpfcHvpMu0WutWv
ErStUHbpI5nG/urJtm+sQiayjWTDIDICutuBDeATCPMKlLmEkPJZEMNfn6Sx6iSF
+dyguoJC3jqzC4oDZLe53q/nhLtI/lUSavVZiTN9IJk455uOnzRaxRhxzxfhrvRg
Z+LtsPbFdMYd+3qN
-----END CERTIFICATE-----