Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Xxza2jmCQOZ-T4JugInSWxJJBAE.cer
File:                     Xxza2jmCQOZ-T4JugInSWxJJBAE.cer (raw, json)
Hash identifier:          PVb6/2HWDz1GCJGSAmvQJjh+zkAcMKUCfKIATswqLGY=
Subject key identifier:   5F:1C:DA:DA:39:82:40:E6:7E:4F:82:6E:80:89:D2:5B:12:49:04:01
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DAB3AF115F8F8F0ECBAE795245D241
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/54/490ae5-32dd-4457-9407-0e00152dd9e1/1/Xxza2jmCQOZ-T4JugInSWxJJBAE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/54/490ae5-32dd-4457-9407-0e00152dd9e1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:21 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 45.95.68.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b3:af:11:5f:8f:8f:0e:cb:ae:79:52:45:d2:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f1cdada398240e67e4f826e8089d25b12490401
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:0e:63:d8:ae:9a:84:69:c2:ec:d9:6c:63:1a:
                    f9:3a:0b:e5:38:6e:c3:2e:ef:33:0d:7e:89:73:15:
                    6c:8b:4f:23:9a:43:08:f3:4b:45:44:d3:5f:9e:ba:
                    40:c4:17:b8:dc:12:4a:2b:85:bd:cb:65:ec:e4:6b:
                    ca:36:f9:e1:8b:f6:18:79:34:c5:6b:1d:ac:ff:38:
                    bf:be:d4:ff:e9:c3:61:6d:35:de:23:ed:e0:03:1a:
                    d8:0f:c4:4b:a2:9d:1c:16:ca:51:93:de:f3:86:71:
                    7d:86:e0:b7:90:ed:cc:3d:23:6a:90:a7:e4:31:e6:
                    2d:f0:79:ba:28:9c:13:7f:d1:11:a8:d4:43:1b:77:
                    3b:8c:84:18:88:72:1c:ac:e3:4f:03:b2:5d:d0:fe:
                    85:52:89:1f:ec:17:bc:cf:bf:a5:a2:f5:95:33:c4:
                    53:a2:cf:ea:98:b5:25:a8:52:73:29:0f:fb:a7:ca:
                    e0:a8:42:85:60:72:1d:0b:ef:2a:71:b9:75:bd:03:
                    49:a2:98:e9:d1:0a:14:11:21:7d:9a:c6:d2:c3:7b:
                    9c:20:ae:95:e1:e0:3a:ac:84:f1:0c:49:b6:ba:60:
                    30:53:50:0f:3a:31:fd:fb:c0:07:d6:e5:7f:da:e8:
                    9c:d1:3f:f7:88:77:29:3e:1e:28:b0:a1:6a:55:98:
                    9d:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:1C:DA:DA:39:82:40:E6:7E:4F:82:6E:80:89:D2:5B:12:49:04:01
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/490ae5-32dd-4457-9407-0e00152dd9e1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/490ae5-32dd-4457-9407-0e00152dd9e1/1/Xxza2jmCQOZ-T4JugInSWxJJBAE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:c2:c1:b3:54:a3:f7:6a:1a:97:32:30:9c:40:72:77:5f:c3:
         d9:4d:81:b5:95:e9:31:dc:bf:b2:79:a4:66:bc:a3:d5:51:a0:
         6d:95:28:2a:5b:1c:8a:03:a5:d6:2d:f7:3d:5d:a4:ce:83:15:
         5c:08:aa:0a:a7:c5:b5:ab:a4:ae:f8:a1:3d:23:9f:26:7c:2f:
         53:e8:b7:38:7b:f7:38:2d:9b:8e:21:a0:18:1d:8b:2e:83:13:
         d3:4d:20:8f:95:32:c7:50:64:40:53:3b:79:e0:79:06:b8:41:
         c8:dd:9b:f4:62:04:1c:7d:0a:64:e1:9a:6a:26:9a:9e:e8:79:
         4f:97:91:6d:df:bf:e9:71:72:dc:41:c8:45:5f:a7:ab:e2:94:
         d3:95:99:74:6e:20:38:70:f2:ad:a6:db:9d:2f:ba:78:83:e2:
         ea:55:30:3a:c9:85:bd:09:6c:2c:3d:fb:38:7e:2e:13:9d:83:
         98:24:59:08:48:be:a4:50:b9:44:ba:cb:49:17:90:a0:d3:08:
         73:2d:ae:25:90:13:b2:96:1f:b6:8c:2a:74:e9:c6:90:d5:be:
         81:34:e5:b4:75:93:70:45:6b:61:59:9e:c2:f2:77:7d:95:d9:
         57:50:20:00:19:10:e1:32:85:d4:88:b6:e3:64:a4:ba:32:3d:
         a1:98:fe:d4
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzC2rOvEV+Pjw7LrnlSRdJBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjFjZGFkYTM5ODI0MGU2N2U0ZjgyNmU4MDg5ZDI1YjEyNDkwNDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlg5j2K6ahGnC7NlsYxr5OgvlOG7D
Lu8zDX6JcxVsi08jmkMI80tFRNNfnrpAxBe43BJKK4W9y2Xs5GvKNvnhi/YYeTTF
ax2s/zi/vtT/6cNhbTXeI+3gAxrYD8RLop0cFspRk97zhnF9huC3kO3MPSNqkKfk
MeYt8Hm6KJwTf9ERqNRDG3c7jIQYiHIcrONPA7Jd0P6FUokf7Be8z7+lovWVM8RT
os/qmLUlqFJzKQ/7p8rgqEKFYHIdC+8qcbl1vQNJopjp0QoUESF9msbSw3ucIK6V
4eA6rITxDEm2umAwU1APOjH9+8AH1uV/2uic0T/3iHcpPh4osKFqVZidmwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFF8c2to5gkDmfk+CboCJ0lsSSQQBMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU0LzQ5MGFl
NS0zMmRkLTQ0NTctOTQwNy0wZTAwMTUyZGQ5ZTEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTQvNDkwYWU1
LTMyZGQtNDQ1Ny05NDA3LTBlMDAxNTJkZDllMS8xL1h4emEyam1DUU9aLVQ0SnVn
SW5TV3hKSkJBRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCLV9EMA0GCSqGSIb3DQEBCwUAA4IBAQB3wsGz
VKP3ahqXMjCcQHJ3X8PZTYG1lekx3L+yeaRmvKPVUaBtlSgqWxyKA6XWLfc9XaTO
gxVcCKoKp8W1q6Su+KE9I58mfC9T6Lc4e/c4LZuOIaAYHYsugxPTTSCPlTLHUGRA
Uzt54HkGuEHI3Zv0YgQcfQpk4ZpqJpqe6HlPl5Ft37/pcXLcQchFX6er4pTTlZl0
biA4cPKtptudL7p4g+LqVTA6yYW9CWwsPfs4fi4TnYOYJFkISL6kULlEustJF5Cg
0whzLa4lkBOylh+2jCp06caQ1b6BNOW0dZNwRWthWZ7C8nd9ldlXUCAAGRDhMoXU
iLbjZKS6Mj2hmP7U
-----END CERTIFICATE-----