Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ZgMSklzEtHwRlninwS9GAmWREVQ.cer
File:                     ZgMSklzEtHwRlninwS9GAmWREVQ.cer (raw, json)
Hash identifier:          TMSwYMRy64nUCE6iTDSCN5wdyF2ztGpy8znfzdbX9jE=
Subject key identifier:   66:03:12:92:5C:C4:B4:7C:11:96:78:A7:C1:2F:46:02:65:91:11:54
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2B0E21C293640048D99647DB731EC8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/95/aba8e2-4187-4496-b60a-c84134a08770/1/ZgMSklzEtHwRlninwS9GAmWREVQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/95/aba8e2-4187-4496-b60a-c84134a08770/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:34:28 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.212.166.0/24
                          IP: 2a12:2c40::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:0e:21:c2:93:64:00:48:d9:96:47:db:73:1e:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:34:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=660312925cc4b47c119678a7c12f460265911154
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:5f:93:f5:86:0e:bb:7f:fe:81:9b:a6:3e:30:
                    d3:df:ba:87:dd:52:f1:c4:d4:4c:36:0d:76:9e:3b:
                    19:29:1f:93:d7:b6:ec:57:67:78:87:83:a8:ec:78:
                    e7:79:de:b7:59:a2:79:fd:bd:03:bf:20:94:bb:16:
                    57:b6:72:92:dc:91:02:7d:62:02:25:de:a4:f6:d8:
                    36:b4:cb:92:e8:47:9a:61:da:cd:91:d7:88:59:a9:
                    41:d0:9a:9e:68:17:1f:34:67:15:8e:c7:06:10:aa:
                    db:2f:86:68:4e:3f:f6:99:aa:99:87:e7:84:31:2b:
                    df:13:c4:87:5e:40:ea:5a:94:17:a3:8c:cb:72:cb:
                    73:29:f9:82:50:ae:fc:ce:20:92:53:77:c3:d1:1d:
                    e7:96:4c:c3:8a:81:1e:bf:f5:25:be:e8:f0:fe:f4:
                    24:55:4f:4c:61:9f:cd:55:72:d5:36:e6:8c:b5:66:
                    5b:0a:bf:2a:c0:a3:5d:8a:fe:f0:0d:aa:a4:b1:13:
                    42:11:b7:cd:ab:7f:2e:5f:6d:a1:08:1f:a8:71:4d:
                    94:cb:35:e1:67:37:07:5d:e9:b0:88:52:84:b1:bb:
                    de:57:e9:62:ef:42:ee:75:50:1c:eb:1b:48:b1:da:
                    1a:fb:19:20:63:de:40:f5:e7:0c:f5:57:64:9c:1a:
                    24:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:03:12:92:5C:C4:B4:7C:11:96:78:A7:C1:2F:46:02:65:91:11:54
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/aba8e2-4187-4496-b60a-c84134a08770/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/aba8e2-4187-4496-b60a-c84134a08770/1/ZgMSklzEtHwRlninwS9GAmWREVQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.166.0/24
                IPv6:
                  2a12:2c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         0f:fb:ec:10:87:1c:de:b6:78:64:40:b5:c2:bc:f3:ef:76:72:
         d3:ed:90:4e:f9:d5:c2:a7:c0:86:e8:f2:76:ce:84:e3:90:cd:
         c4:08:be:5d:30:79:8f:b9:64:93:ce:4c:cb:89:c5:8c:0f:1e:
         77:20:c9:68:11:72:67:6c:85:12:9a:53:60:af:2d:ed:9a:c2:
         46:b4:bb:35:f0:0f:33:78:7f:40:6a:7c:e2:8c:84:4a:07:04:
         5b:17:73:ec:15:93:a9:cc:d2:2d:c6:c8:aa:7f:69:a5:48:26:
         f9:45:b5:3c:2f:85:f7:08:b2:80:3c:04:99:3f:d3:20:49:c4:
         1f:1e:9a:c7:db:24:91:e9:e9:8e:63:25:a5:c7:ff:80:ed:67:
         a7:12:37:1f:44:43:13:fd:88:72:9b:4f:98:42:f7:9c:a1:30:
         dc:6d:ac:4a:d8:6c:07:e5:35:97:cd:c7:35:15:50:dc:48:f5:
         38:64:d2:d9:81:8a:14:9d:39:9d:ec:19:3e:93:e6:f7:17:cc:
         9d:3c:ba:60:c3:16:4b:d4:3e:73:e3:09:29:f7:e5:d6:7a:6a:
         af:31:aa:72:bc:2d:3a:34:5c:f0:ae:bd:9a:ff:80:73:39:1e:
         bc:4e:31:fe:73:1a:23:35:aa:b3:53:89:dd:0a:5c:ac:9d:12:
         f4:bf:10:a3
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzKKw4hwpNkAEjZlkfbcx7IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzNDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjAzMTI5MjVjYzRiNDdjMTE5Njc4YTdjMTJmNDYwMjY1OTExMTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkl+T9YYOu3/+gZumPjDT37qH3VLx
xNRMNg12njsZKR+T17bsV2d4h4Oo7Hjned63WaJ5/b0DvyCUuxZXtnKS3JECfWIC
Jd6k9tg2tMuS6EeaYdrNkdeIWalB0JqeaBcfNGcVjscGEKrbL4ZoTj/2maqZh+eE
MSvfE8SHXkDqWpQXo4zLcstzKfmCUK78ziCSU3fD0R3nlkzDioEev/Ulvujw/vQk
VU9MYZ/NVXLVNuaMtWZbCr8qwKNdiv7wDaqksRNCEbfNq38uX22hCB+ocU2UyzXh
ZzcHXemwiFKEsbveV+li70LudVAc6xtIsdoa+xkgY95A9ecM9VdknBokSQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFGYDEpJcxLR8EZZ4p8EvRgJlkRFUMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk1L2FiYThl
Mi00MTg3LTQ0OTYtYjYwYS1jODQxMzRhMDg3NzAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTUvYWJhOGUy
LTQxODctNDQ5Ni1iNjBhLWM4NDEzNGEwODc3MC8xL1pnTVNrbHpFdEh3UmxuaW53
UzlHQW1XUkVWUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAW9SmMA0EAgACMAcDBQMqEixAMA0GCSqGSIb3
DQEBCwUAA4IBAQAP++wQhxzetnhkQLXCvPPvdnLT7ZBO+dXCp8CG6PJ2zoTjkM3E
CL5dMHmPuWSTzkzLicWMDx53IMloEXJnbIUSmlNgry3tmsJGtLs18A8zeH9Aanzi
jIRKBwRbF3PsFZOpzNItxsiqf2mlSCb5RbU8L4X3CLKAPASZP9MgScQfHprH2ySR
6emOYyWlx/+A7WenEjcfREMT/Yhym0+YQvecoTDcbaxK2GwH5TWXzcc1FVDcSPU4
ZNLZgYoUnTmd7Bk+k+b3F8ydPLpgwxZL1D5z4wkp9+XWemqvMapyvC06NFzwrr2a
/4BzOR68TjH+cxojNaqzU4ndClysnRL0vxCj
-----END CERTIFICATE-----