Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ZMX9HcDEV9nsET0jvUk1xyPp7PQ.cer
File:                     ZMX9HcDEV9nsET0jvUk1xyPp7PQ.cer (raw, json)
Hash identifier:          FlbEoSuOFdZAOu8kn7uBPvEQzWzs7iHlLbmnto8iGtE=
Subject key identifier:   64:C5:FD:1D:C0:C4:57:D9:EC:11:3D:23:BD:49:35:C7:23:E9:EC:F4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA9949E264C29370AC0C5EFAE4881630
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/3b/a4640c-e69a-4337-b1aa-4cb0679ace7f/1/ZMX9HcDEV9nsET0jvUk1xyPp7PQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/3b/a4640c-e69a-4337-b1aa-4cb0679ace7f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 14:34:52 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 211465
                          IP: 194.42.126.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:49:e2:64:c2:93:70:ac:0c:5e:fa:e4:88:16:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 14:34:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64c5fd1dc0c457d9ec113d23bd4935c723e9ecf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:cc:2b:79:4d:30:cf:d5:f8:2b:60:70:dc:a5:
                    54:ce:4e:d0:9a:73:70:76:ea:b9:d7:f2:34:60:21:
                    78:40:dd:d3:87:54:f8:de:e3:0c:18:78:c8:4a:82:
                    86:ff:7b:dd:b5:5c:b6:8a:76:69:56:7e:dc:08:dd:
                    0e:2a:0c:35:9f:a4:41:d9:a1:91:2e:07:24:1a:9f:
                    2f:3d:4a:a7:1c:16:6b:3f:e0:f6:b1:6f:ec:0c:ee:
                    6f:45:86:0e:d1:5c:0a:8e:70:7a:7f:1b:e3:9c:ca:
                    a3:51:a6:cf:0b:8a:28:69:9a:6e:f7:fe:d5:55:43:
                    38:e4:c3:62:b0:46:e7:04:65:f8:12:df:e6:50:55:
                    1b:12:09:69:af:71:ac:e4:91:72:1c:1c:b3:e8:a4:
                    df:c2:b7:82:0b:fd:ad:1e:d3:7d:6b:6c:00:e2:cb:
                    1e:b8:d0:57:31:76:4e:8a:1a:ac:ba:34:59:c9:f3:
                    50:40:04:c5:30:78:11:06:bf:17:77:f3:68:ab:20:
                    6e:0d:f5:49:4c:14:cd:ab:f2:83:07:ad:89:3b:53:
                    9a:3e:bd:c5:4d:a0:25:9a:4e:3f:c8:66:7f:26:4b:
                    05:78:87:4f:15:e1:c7:4a:69:0a:67:ec:db:5d:8a:
                    70:c3:7e:be:c4:b4:45:67:5c:e6:1c:30:ae:6d:de:
                    b0:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:C5:FD:1D:C0:C4:57:D9:EC:11:3D:23:BD:49:35:C7:23:E9:EC:F4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/a4640c-e69a-4337-b1aa-4cb0679ace7f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/a4640c-e69a-4337-b1aa-4cb0679ace7f/1/ZMX9HcDEV9nsET0jvUk1xyPp7PQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.42.126.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  211465

    Signature Algorithm: sha256WithRSAEncryption
         3a:36:1b:bb:67:7a:d3:6a:ac:7e:0c:99:83:68:3e:53:ff:43:
         28:13:63:cc:d7:d6:2c:55:93:74:b4:09:8c:31:ea:c5:7c:f9:
         e7:02:61:79:09:b2:72:6e:ed:7b:68:63:9b:a1:eb:7e:f2:53:
         5f:f5:1b:59:bb:4d:d8:5c:51:61:4f:aa:97:02:bc:45:02:5a:
         66:4c:a3:c8:98:b7:0e:37:bf:d4:9b:1c:c8:4d:ce:b4:98:2b:
         6f:9a:ad:5e:e2:23:a0:f5:f7:e5:5b:a4:0d:32:13:7c:13:e6:
         0e:53:82:cd:47:c4:2f:0b:76:b7:17:34:3c:ec:ba:c8:aa:79:
         d5:23:4d:77:4d:1e:47:39:16:62:08:ea:55:6b:73:c7:10:d6:
         b3:e3:e6:7e:fc:79:8d:17:f6:4d:0b:b0:37:75:a8:58:fa:1d:
         3b:55:65:37:5e:2e:33:52:31:99:34:a9:ca:64:0a:12:95:81:
         6f:38:c2:f3:9c:65:61:b8:eb:3a:52:f1:28:27:ab:48:99:21:
         8a:33:c1:dc:54:ac:62:7d:34:3f:8d:1a:b2:68:a9:01:b8:58:
         cc:35:16:c8:fd:c8:9b:97:55:b3:5f:2e:98:5e:55:47:37:7a:
         b0:6c:d3:92:87:db:31:8c:da:7b:73:cf:25:ae:ae:c6:67:fe:
         09:5f:41:56
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzKmUniZMKTcKwMXvrkiBYwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTQzNDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGM1ZmQxZGMwYzQ1N2Q5ZWMxMTNkMjNiZDQ5MzVjNzIzZTllY2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8wreU0wz9X4K2Bw3KVUzk7QmnNw
duq51/I0YCF4QN3Th1T43uMMGHjISoKG/3vdtVy2inZpVn7cCN0OKgw1n6RB2aGR
LgckGp8vPUqnHBZrP+D2sW/sDO5vRYYO0VwKjnB6fxvjnMqjUabPC4ooaZpu9/7V
VUM45MNisEbnBGX4Et/mUFUbEglpr3Gs5JFyHByz6KTfwreCC/2tHtN9a2wA4sse
uNBXMXZOihqsujRZyfNQQATFMHgRBr8Xd/NoqyBuDfVJTBTNq/KDB62JO1OaPr3F
TaAlmk4/yGZ/JksFeIdPFeHHSmkKZ+zbXYpww36+xLRFZ1zmHDCubd6w6QIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFGTF/R3AxFfZ7BE9I71JNccj6ez0MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNiL2E0NjQw
Yy1lNjlhLTQzMzctYjFhYS00Y2IwNjc5YWNlN2YvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2IvYTQ2NDBj
LWU2OWEtNDMzNy1iMWFhLTRjYjA2NzlhY2U3Zi8xL1pNWDlIY0RFVjluc0VUMGp2
VWsxeHlQcDdQUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBwip+MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwM6CTANBgkqhkiG9w0BAQsFAAOCAQEAOjYbu2d602qsfgyZg2g+U/9DKBNjzNfW
LFWTdLQJjDHqxXz55wJheQmycm7te2hjm6HrfvJTX/UbWbtN2FxRYU+qlwK8RQJa
ZkyjyJi3Dje/1JscyE3OtJgrb5qtXuIjoPX35VukDTITfBPmDlOCzUfELwt2txc0
POy6yKp51SNNd00eRzkWYgjqVWtzxxDWs+Pmfvx5jRf2TQuwN3WoWPodO1VlN14u
M1IxmTSpymQKEpWBbzjC85xlYbjrOlLxKCerSJkhijPB3FSsYn00P40asmipAbhY
zDUWyP3Im5dVs18umF5VRzd6sGzTkofbMYzae3PPJa6uxmf+CV9BVg==
-----END CERTIFICATE-----