Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ZUFaF2P-AFsBObAUxuV11fmypQQ.cer
File:                     ZUFaF2P-AFsBObAUxuV11fmypQQ.cer (raw, json)
Hash identifier:          4WRvs2sudaoFtys0n+6HF0dIXgH5riBhd4+TN1p/P8E=
Subject key identifier:   65:41:5A:17:63:FE:00:5B:01:39:B0:14:C6:E5:75:D5:F9:B2:A5:04
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DAB5A3CCB4539F90EBFF3C0591CD57
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7b/3aec71-ca17-4ec5-87a7-ee7a20569b83/1/ZUFaF2P-AFsBObAUxuV11fmypQQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7b/3aec71-ca17-4ec5-87a7-ee7a20569b83/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:22 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 176.120.120.0/21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b5:a3:cc:b4:53:9f:90:eb:ff:3c:05:91:cd:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65415a1763fe005b0139b014c6e575d5f9b2a504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:07:98:72:18:e1:4c:6b:4d:02:09:c3:14:a1:
                    81:13:65:4d:60:c1:50:ab:65:bb:18:27:40:dd:c2:
                    ff:f5:df:b2:b6:a1:3e:1f:a4:08:d1:66:6b:91:a5:
                    01:62:b2:de:80:05:b1:0e:ae:6d:f2:29:f8:5d:e1:
                    99:85:16:38:3a:2c:aa:b7:67:f7:92:bb:c9:11:2c:
                    37:c3:84:42:51:8f:f3:10:c7:0c:88:13:22:83:2c:
                    5b:10:da:18:ed:44:c4:ad:81:0e:9f:78:6d:26:c5:
                    80:9c:9b:02:34:69:f0:1c:0d:7b:e3:96:dc:a3:2f:
                    2f:c9:44:a1:05:a6:62:c0:41:dc:b4:63:3f:c3:d3:
                    4f:af:73:8d:76:46:da:2a:b7:e7:a9:a8:47:fa:fa:
                    f7:4a:5f:8d:bb:e2:87:b4:2f:66:11:c9:62:3b:ae:
                    1c:fe:b8:ff:0a:0c:ec:66:66:ae:8f:00:32:65:4d:
                    a1:a5:28:1a:cf:0b:ef:f9:e4:c8:93:4a:50:9b:77:
                    64:a8:85:e0:06:58:fb:53:e3:e5:10:90:ec:9d:9c:
                    d7:90:ff:bb:1d:ef:ad:8f:44:e6:4c:a0:f6:c7:63:
                    4d:53:6e:0d:1d:5a:99:79:a8:1e:04:63:21:d9:43:
                    e8:33:3d:ab:8d:f7:28:6f:93:cd:e7:04:27:05:21:
                    87:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:41:5A:17:63:FE:00:5B:01:39:B0:14:C6:E5:75:D5:F9:B2:A5:04
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/3aec71-ca17-4ec5-87a7-ee7a20569b83/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/3aec71-ca17-4ec5-87a7-ee7a20569b83/1/ZUFaF2P-AFsBObAUxuV11fmypQQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.120.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8e:01:82:04:c2:8b:c4:8c:80:c9:af:5d:b5:b7:94:a2:5a:29:
         48:a0:14:cf:ff:72:04:86:96:63:19:88:1b:6a:7a:31:86:bd:
         eb:fc:68:75:11:12:d6:97:6f:71:19:56:53:96:a1:8f:16:b3:
         a6:5d:2d:1c:c2:ec:75:8b:07:cf:ac:76:24:77:ca:de:79:3e:
         05:b2:0a:c1:1b:e4:21:e4:ed:cf:70:f3:f3:13:79:d0:5f:16:
         b0:f6:af:b1:97:1c:db:57:76:d6:10:ae:2e:17:28:2a:98:47:
         23:db:a9:e7:90:27:6b:ff:55:58:b8:fb:c8:d1:c6:48:09:c6:
         6f:b4:43:54:de:2a:95:60:d8:1c:a2:3b:30:a8:33:1a:58:24:
         91:80:80:7d:db:13:b8:c2:47:93:1f:e0:02:c6:46:5c:3d:38:
         4c:3f:29:d9:30:40:ce:5a:68:23:fe:35:7e:8c:87:e5:88:4f:
         ce:b4:24:e9:a3:3f:39:58:a3:a3:e9:79:1d:dc:dd:2f:da:da:
         8f:74:94:a9:23:e2:43:61:c3:fb:35:bb:37:2e:7f:0c:af:e7:
         55:c8:6f:de:7b:da:94:81:97:2c:7b:de:50:e4:81:12:c0:98:
         66:98:c4:1d:a4:de:9b:5b:11:3e:9d:6f:ae:34:04:99:81:4a:
         ee:90:25:03
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzC2rWjzLRTn5Dr/zwFkc1XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTQxNWExNzYzZmUwMDViMDEzOWIwMTRjNmU1NzVkNWY5YjJhNTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwweYchjhTGtNAgnDFKGBE2VNYMFQ
q2W7GCdA3cL/9d+ytqE+H6QI0WZrkaUBYrLegAWxDq5t8in4XeGZhRY4Oiyqt2f3
krvJESw3w4RCUY/zEMcMiBMigyxbENoY7UTErYEOn3htJsWAnJsCNGnwHA1745bc
oy8vyUShBaZiwEHctGM/w9NPr3ONdkbaKrfnqahH+vr3Sl+Nu+KHtC9mEcliO64c
/rj/CgzsZmaujwAyZU2hpSgazwvv+eTIk0pQm3dkqIXgBlj7U+PlEJDsnZzXkP+7
He+tj0TmTKD2x2NNU24NHVqZeageBGMh2UPoMz2rjfcob5PN5wQnBSGHQwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFGVBWhdj/gBbATmwFMblddX5sqUEMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdiLzNhZWM3
MS1jYTE3LTRlYzUtODdhNy1lZTdhMjA1NjliODMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2IvM2FlYzcx
LWNhMTctNGVjNS04N2E3LWVlN2EyMDU2OWI4My8xL1pVRmFGMlAtQUZzQk9iQVV4
dVYxMWZteXBRUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQDsHh4MA0GCSqGSIb3DQEBCwUAA4IBAQCOAYIE
wovEjIDJr121t5SiWilIoBTP/3IEhpZjGYgbanoxhr3r/Gh1ERLWl29xGVZTlqGP
FrOmXS0cwux1iwfPrHYkd8reeT4FsgrBG+Qh5O3PcPPzE3nQXxaw9q+xlxzbV3bW
EK4uFygqmEcj26nnkCdr/1VYuPvI0cZICcZvtENU3iqVYNgcojswqDMaWCSRgIB9
2xO4wkeTH+ACxkZcPThMPynZMEDOWmgj/jV+jIfliE/OtCTpoz85WKOj6Xkd3N0v
2tqPdJSpI+JDYcP7Nbs3Ln8Mr+dVyG/ee9qUgZcse95Q5IESwJhmmMQdpN6bWxE+
nW+uNASZgUrukCUD
-----END CERTIFICATE-----