Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ZTVXR1wNh8ZlMiFoxFQ30Q0lOl4.cer
File:                     ZTVXR1wNh8ZlMiFoxFQ30Q0lOl4.cer (raw, json)
Hash identifier:          LkvA6o1Ud57Of1RMJM1RMpibsy/FSmphDqrcyC3uEto=
Subject key identifier:   65:35:57:47:5C:0D:87:C6:65:32:21:68:C4:54:37:D1:0D:25:3A:5E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018EA8D448746B7CD2EF00212B31A36F5708
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/38/800359-09c0-42a8-9762-ea3a2096e357/1/ZTVXR1wNh8ZlMiFoxFQ30Q0lOl4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/38/800359-09c0-42a8-9762-ea3a2096e357/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 04 Apr 2024 11:17:48 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 2a0b:f40::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a8:d4:48:74:6b:7c:d2:ef:00:21:2b:31:a3:6f:57:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr  4 11:17:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=653557475c0d87c665322168c45437d10d253a5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:58:64:e2:d6:12:24:76:81:a5:a9:38:a9:57:
                    76:17:68:ab:f5:f8:a1:b6:74:02:95:31:78:1d:7a:
                    90:52:b6:ec:1b:88:01:41:83:80:ed:c0:59:4f:68:
                    41:98:be:b0:c1:c2:b1:83:76:45:63:f9:d9:e7:70:
                    28:66:3e:ec:f8:64:7f:9d:5b:9c:9a:3f:b7:36:09:
                    e6:77:a6:45:94:22:39:87:16:8a:b7:1a:73:4f:60:
                    c1:55:c3:a3:d8:ab:43:29:ff:06:48:96:e4:05:d5:
                    20:e9:0d:1b:71:ad:c5:bf:7c:0b:e4:a7:4d:22:a3:
                    3d:25:aa:1f:28:6e:1d:68:0e:36:fb:31:a8:20:43:
                    1c:e0:9b:8c:6d:f6:75:42:37:93:43:c5:4b:1e:35:
                    68:64:df:46:6a:8b:89:25:5b:9a:2f:46:a7:62:c3:
                    57:ec:70:ff:3b:7b:cb:69:fd:12:37:f0:63:73:2d:
                    c6:a9:97:8b:56:bb:de:e4:48:e2:5c:a3:95:22:ea:
                    ae:b9:1f:c5:b0:f2:aa:93:ef:1c:1a:2b:26:19:d7:
                    c3:28:c5:95:a1:a8:43:63:33:d3:ae:cc:38:66:50:
                    1e:2c:1e:38:d4:85:bd:64:12:fe:fa:3a:fb:78:10:
                    fa:4b:86:60:14:1e:3d:79:02:f0:e7:69:92:e3:5c:
                    2d:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:35:57:47:5C:0D:87:C6:65:32:21:68:C4:54:37:D1:0D:25:3A:5E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/800359-09c0-42a8-9762-ea3a2096e357/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/800359-09c0-42a8-9762-ea3a2096e357/1/ZTVXR1wNh8ZlMiFoxFQ30Q0lOl4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         0f:cd:8a:ca:03:3e:9f:f6:71:9e:b1:59:70:1a:c8:da:e1:cd:
         ad:04:e8:d9:8d:28:db:f9:de:88:e3:de:1e:40:f9:c1:14:2b:
         da:55:9d:fd:b8:03:56:5c:7c:ea:30:e5:96:9d:c1:42:64:2f:
         9f:70:15:e2:46:d9:d3:49:c2:4e:9c:be:e4:69:9c:ea:1f:4a:
         83:3b:2a:bc:74:5f:fb:de:17:12:84:6e:63:58:1a:3f:e6:98:
         e9:aa:74:41:0d:6b:0c:0e:df:39:46:a6:53:ec:b5:79:34:c3:
         5f:8e:39:29:73:3b:60:34:92:31:01:ed:85:e0:19:d3:04:86:
         0b:cb:5d:65:7f:df:21:f2:03:d3:a1:1e:e7:e4:2f:d1:1d:61:
         fe:34:5b:47:8c:e7:75:23:53:3d:72:e2:11:14:c0:10:21:bc:
         17:f6:99:82:65:df:88:ab:13:2f:82:43:0a:35:85:44:d8:b5:
         04:68:eb:99:96:37:03:9a:3b:cb:b4:61:f2:c6:df:bd:90:e5:
         97:a3:07:b4:6a:f0:f6:5c:d2:76:47:2f:d5:a5:bc:b1:36:a9:
         70:e2:1f:6f:eb:a8:53:a3:a6:4b:35:18:f1:7b:86:b9:44:90:
         71:31:d8:89:49:e4:49:9b:3b:0d:6f:00:2b:a5:6d:fd:9d:98:
         66:77:45:4d
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAY6o1Eh0a3zS7wAhKzGjb1cIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNDA0MTExNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTM1NTc0NzVjMGQ4N2M2NjUzMjIxNjhjNDU0MzdkMTBkMjUzYTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlVhk4tYSJHaBpak4qVd2F2ir9fih
tnQClTF4HXqQUrbsG4gBQYOA7cBZT2hBmL6wwcKxg3ZFY/nZ53AoZj7s+GR/nVuc
mj+3Ngnmd6ZFlCI5hxaKtxpzT2DBVcOj2KtDKf8GSJbkBdUg6Q0bca3Fv3wL5KdN
IqM9JaofKG4daA42+zGoIEMc4JuMbfZ1QjeTQ8VLHjVoZN9GaouJJVuaL0anYsNX
7HD/O3vLaf0SN/Bjcy3GqZeLVrve5EjiXKOVIuquuR/FsPKqk+8cGismGdfDKMWV
oahDYzPTrsw4ZlAeLB441IW9ZBL++jr7eBD6S4ZgFB49eQLw52mS41wtoQIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFGU1V0dcDYfGZTIhaMRUN9ENJTpeMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM4LzgwMDM1
OS0wOWMwLTQyYTgtOTc2Mi1lYTNhMjA5NmUzNTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzgvODAwMzU5
LTA5YzAtNDJhOC05NzYyLWVhM2EyMDk2ZTM1Ny8xL1pUVlhSMXdOaDhabE1pRm94
RlEzMFEwbE9sNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUDKgsPQDANBgkqhkiG9w0BAQsFAAOCAQEAD82K
ygM+n/ZxnrFZcBrI2uHNrQTo2Y0o2/neiOPeHkD5wRQr2lWd/bgDVlx86jDllp3B
QmQvn3AV4kbZ00nCTpy+5Gmc6h9KgzsqvHRf+94XEoRuY1gaP+aY6ap0QQ1rDA7f
OUamU+y1eTTDX445KXM7YDSSMQHtheAZ0wSGC8tdZX/fIfID06Ee5+Qv0R1h/jRb
R4zndSNTPXLiERTAECG8F/aZgmXfiKsTL4JDCjWFRNi1BGjrmZY3A5o7y7Rh8sbf
vZDll6MHtGrw9lzSdkcv1aW8sTapcOIfb+uoU6OmSzUY8XuGuUSQcTHYiUnkSZs7
DW8AK6Vt/Z2YZndFTQ==
-----END CERTIFICATE-----