Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ZTa5s9Rx-T-Oqf7QxFFMLDdNI_Y.cer
File:                     ZTa5s9Rx-T-Oqf7QxFFMLDdNI_Y.cer (raw, json)
Hash identifier:          gilI7Tv83/3B4wGHXHQiigq9YmubUBi66TR+3B5OfHk=
Subject key identifier:   65:36:B9:B3:D4:71:F9:3F:8E:A9:FE:D0:C4:51:4C:2C:37:4D:23:F6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CF54474320D49368AB92D5DED35103AC6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7b/e78a76-7c40-4084-a13b-15992b2c54ca/1/ZTa5s9Rx-T-Oqf7QxFFMLDdNI_Y.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7b/e78a76-7c40-4084-a13b-15992b2c54ca/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 10 Jan 2024 21:25:53 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.46.142.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f5:44:74:32:0d:49:36:8a:b9:2d:5d:ed:35:10:3a:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 10 21:25:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6536b9b3d471f93f8ea9fed0c4514c2c374d23f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:41:3f:d0:45:63:15:75:24:fd:73:80:ba:91:
                    a5:b0:a0:bd:26:b9:ce:8b:ef:28:1f:7f:cc:57:e3:
                    41:dc:e8:f2:2c:19:35:61:61:28:ad:ad:4d:a9:b2:
                    73:74:9b:bf:1d:55:d1:86:d9:2b:6d:20:fe:f6:97:
                    e3:6a:2a:68:1c:fa:f2:0c:d6:ed:09:5e:79:3f:75:
                    ff:24:7d:b1:d0:e8:ed:c0:7e:6d:b2:db:7b:cc:4b:
                    84:ce:a4:65:58:59:27:e0:56:f4:c9:eb:48:c7:f3:
                    0c:c3:f5:3e:ee:3e:8a:c5:00:d3:dd:c5:7f:97:f6:
                    fe:de:43:9f:0d:63:01:d9:69:74:57:99:b0:38:45:
                    b9:25:33:ad:b2:2e:c0:28:aa:20:1d:c8:cf:a8:41:
                    aa:ce:02:72:25:db:6f:eb:23:73:4d:bd:4d:d6:93:
                    0f:08:81:d9:bf:fd:44:b0:52:b2:94:91:16:1c:3a:
                    99:e3:c8:d7:fb:d1:ec:72:39:8b:b8:67:1e:e2:dd:
                    a7:df:c3:f0:29:b5:25:cb:e4:69:e5:b1:51:da:63:
                    42:6d:61:ee:42:aa:3c:b1:9f:ff:d2:9a:02:b4:af:
                    f5:ca:06:d0:d9:b6:4e:0e:4b:8f:73:0d:c9:db:4a:
                    9a:05:3b:f2:3d:ce:47:04:8c:36:b3:9e:e7:c9:a3:
                    40:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:36:B9:B3:D4:71:F9:3F:8E:A9:FE:D0:C4:51:4C:2C:37:4D:23:F6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/e78a76-7c40-4084-a13b-15992b2c54ca/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/e78a76-7c40-4084-a13b-15992b2c54ca/1/ZTa5s9Rx-T-Oqf7QxFFMLDdNI_Y.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:fd:71:0e:57:9e:91:31:36:7d:50:6d:c6:3c:11:19:30:c8:
         48:2f:4c:59:75:50:14:17:42:79:6a:79:7f:39:f5:84:c9:fa:
         ef:52:d6:00:57:7d:0e:4e:c4:e8:e8:64:f3:9b:a5:3e:b5:36:
         2d:c6:06:f9:9f:a3:ec:1d:95:08:1f:f4:f2:99:fa:f0:92:ce:
         0e:7d:c8:8d:7f:97:55:be:b7:14:be:36:f3:58:b0:4e:26:5e:
         bb:d0:ad:2c:36:65:84:0b:57:79:e1:fa:83:4e:54:36:e0:c5:
         5f:31:2a:6a:29:fe:af:ec:2d:25:47:b6:6a:bb:5b:13:89:a6:
         b2:f4:89:23:45:08:55:76:5c:77:04:27:44:b9:81:68:dd:41:
         c3:46:9f:24:fd:9a:8f:55:3d:56:c8:21:03:d5:7a:c2:ac:fd:
         e3:61:b6:f2:62:a9:da:f6:c5:db:4d:8b:23:41:75:d5:61:6f:
         52:e4:fd:40:7b:21:7c:f1:8e:d4:db:30:3f:5e:b8:b8:e9:15:
         8b:37:43:b4:ec:28:90:c2:0a:11:ac:7e:a8:54:5f:4f:3b:4c:
         bc:ad:35:3b:2a:28:28:dc:dc:43:80:b8:54:bb:ee:0e:86:30:
         80:1c:93:32:41:65:5c:4c:61:40:53:80:ec:45:f9:53:8b:80:
         f9:56:85:7d
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYz1RHQyDUk2irktXe01EDrGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTEwMjEyNTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTM2YjliM2Q0NzFmOTNmOGVhOWZlZDBjNDUxNGMyYzM3NGQyM2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEE/0EVjFXUk/XOAupGlsKC9JrnO
i+8oH3/MV+NB3OjyLBk1YWEora1NqbJzdJu/HVXRhtkrbSD+9pfjaipoHPryDNbt
CV55P3X/JH2x0OjtwH5tstt7zEuEzqRlWFkn4Fb0yetIx/MMw/U+7j6KxQDT3cV/
l/b+3kOfDWMB2Wl0V5mwOEW5JTOtsi7AKKogHcjPqEGqzgJyJdtv6yNzTb1N1pMP
CIHZv/1EsFKylJEWHDqZ48jX+9HscjmLuGce4t2n38PwKbUly+Rp5bFR2mNCbWHu
Qqo8sZ//0poCtK/1ygbQ2bZODkuPcw3J20qaBTvyPc5HBIw2s57nyaNAkwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFGU2ubPUcfk/jqn+0MRRTCw3TSP2MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdiL2U3OGE3
Ni03YzQwLTQwODQtYTEzYi0xNTk5MmIyYzU0Y2EvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2IvZTc4YTc2
LTdjNDAtNDA4NC1hMTNiLTE1OTkyYjJjNTRjYS8xL1pUYTVzOVJ4LVQtT3FmN1F4
RkZNTERkTklfWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAuS6OMA0GCSqGSIb3DQEBCwUAA4IBAQBx/XEO
V56RMTZ9UG3GPBEZMMhIL0xZdVAUF0J5anl/OfWEyfrvUtYAV30OTsTo6GTzm6U+
tTYtxgb5n6PsHZUIH/Tymfrwks4OfciNf5dVvrcUvjbzWLBOJl670K0sNmWEC1d5
4fqDTlQ24MVfMSpqKf6v7C0lR7Zqu1sTiaay9IkjRQhVdlx3BCdEuYFo3UHDRp8k
/ZqPVT1WyCED1XrCrP3jYbbyYqna9sXbTYsjQXXVYW9S5P1AeyF88Y7U2zA/Xri4
6RWLN0O07CiQwgoRrH6oVF9PO0y8rTU7Kigo3NxDgLhUu+4OhjCAHJMyQWVcTGFA
U4DsRflTi4D5VoV9
-----END CERTIFICATE-----