Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/_EjmUG7G1TxZFdyPKWREhd-S_Ok.cer
File:                     _EjmUG7G1TxZFdyPKWREhd-S_Ok.cer (raw, json)
Hash identifier:          61xt0gEiB15MDxw7dhPKpEfcQAztYf23e9h8BgjMj30=
Subject key identifier:   FC:48:E6:50:6E:C6:D5:3C:59:15:DC:8F:29:64:44:85:DF:92:FC:E9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B745F11A3AFA4014C3A98C8B9EC133
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6a/3ab6cf-99cd-4ac4-9013-f5bee16ed3a7/1/_EjmUG7G1TxZFdyPKWREhd-S_Ok.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6a/3ab6cf-99cd-4ac4-9013-f5bee16ed3a7/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:30:17 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.220.68.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:45:f1:1a:3a:fa:40:14:c3:a9:8c:8b:9e:c1:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc48e6506ec6d53c5915dc8f29644485df92fce9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:98:fb:25:85:32:e7:f3:37:66:b5:e2:36:f5:
                    f2:88:a7:c6:3d:50:eb:99:65:53:a0:21:47:a4:40:
                    30:bd:f3:6b:0f:bd:ce:61:2d:9a:41:27:99:77:3e:
                    7d:9a:40:5f:91:41:ac:06:00:d9:21:ed:44:37:89:
                    ee:6f:54:ed:47:23:34:11:a5:96:a2:81:ef:08:39:
                    35:5e:48:43:29:f9:d5:8a:3b:bc:ad:82:07:a9:35:
                    25:d2:e3:2e:38:16:1a:f7:1f:fa:6a:89:9d:d4:cc:
                    dd:94:de:7b:f8:a5:fc:7b:dd:9a:31:f2:d3:d5:d1:
                    67:e0:f6:0d:fb:c1:0e:a1:f7:a5:9d:34:12:57:31:
                    ed:b7:0a:38:f9:64:18:05:dc:52:88:85:e7:bd:7f:
                    80:c1:a4:ab:fe:e1:dd:96:25:75:41:6d:68:db:94:
                    39:40:16:a9:af:45:ca:2e:3b:b9:af:fa:fd:03:61:
                    9c:84:d2:53:64:96:76:29:0c:18:8c:6f:ba:a9:f3:
                    04:c5:b3:d7:ae:55:b6:00:b2:c2:01:4b:e1:9a:12:
                    bb:c5:e3:c9:86:20:15:04:d1:51:7a:03:e1:0d:e1:
                    08:52:e0:25:df:fc:cd:62:fb:8b:d6:15:07:28:0b:
                    c1:28:34:9f:61:12:75:cd:38:01:8a:fa:15:e0:ec:
                    6f:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:48:E6:50:6E:C6:D5:3C:59:15:DC:8F:29:64:44:85:DF:92:FC:E9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/3ab6cf-99cd-4ac4-9013-f5bee16ed3a7/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/3ab6cf-99cd-4ac4-9013-f5bee16ed3a7/1/_EjmUG7G1TxZFdyPKWREhd-S_Ok.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:04:32:7a:7a:da:6b:82:55:99:be:18:6c:ae:d0:70:7b:3b:
         ca:fd:35:e4:01:e3:1b:66:b1:8e:52:a4:db:bb:28:89:92:22:
         66:1f:cc:97:8c:fe:00:50:44:78:87:2f:ce:51:57:ae:66:5c:
         b5:22:0c:c8:41:42:77:43:a9:06:53:9f:7f:9b:9f:de:68:0f:
         76:97:06:ac:0f:ee:62:d6:4c:29:c2:c5:4f:c9:02:52:ab:81:
         3c:b8:00:e0:d3:d8:2e:18:80:39:32:9e:15:e3:82:40:2f:46:
         4d:e6:cf:66:40:d5:a3:ee:35:8a:82:b4:08:2b:52:02:6a:69:
         cd:24:26:97:65:4a:e9:9e:2a:4d:8e:f6:7b:34:f9:30:5c:f8:
         19:71:cd:6e:47:91:2b:85:84:b4:df:be:6e:bd:dc:da:9d:9e:
         93:30:b0:4f:46:1a:06:ba:2b:9f:15:45:8e:4e:09:5f:0f:a7:
         1e:f3:2d:a5:5f:61:85:bd:7e:a9:8b:e2:71:2b:30:b8:7a:77:
         63:90:42:f8:cc:44:de:d9:54:1d:2a:12:19:d4:0d:e7:02:d2:
         7b:41:76:7c:6e:7f:93:0b:e2:d4:0e:2e:49:9d:d0:56:d6:78:
         10:7d:ff:f2:6c:62:32:ae:da:1d:f5:71:6b:73:36:bf:6f:76:
         27:57:be:4b
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzDt0XxGjr6QBTDqYyLnsEzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzQ4ZTY1MDZlYzZkNTNjNTkxNWRjOGYyOTY0NDQ4NWRmOTJmY2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5j7JYUy5/M3ZrXiNvXyiKfGPVDr
mWVToCFHpEAwvfNrD73OYS2aQSeZdz59mkBfkUGsBgDZIe1EN4nub1TtRyM0EaWW
ooHvCDk1XkhDKfnViju8rYIHqTUl0uMuOBYa9x/6aomd1MzdlN57+KX8e92aMfLT
1dFn4PYN+8EOofelnTQSVzHttwo4+WQYBdxSiIXnvX+AwaSr/uHdliV1QW1o25Q5
QBapr0XKLju5r/r9A2GchNJTZJZ2KQwYjG+6qfMExbPXrlW2ALLCAUvhmhK7xePJ
hiAVBNFRegPhDeEIUuAl3/zNYvuL1hUHKAvBKDSfYRJ1zTgBivoV4OxvXQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFPxI5lBuxtU8WRXcjylkRIXfkvzpMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZhLzNhYjZj
Zi05OWNkLTRhYzQtOTAxMy1mNWJlZTE2ZWQzYTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmEvM2FiNmNm
LTk5Y2QtNGFjNC05MDEzLWY1YmVlMTZlZDNhNy8xL19Fam1VRzdHMVR4WkZkeVBL
V1JFaGQtU19Pay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9xEMA0GCSqGSIb3DQEBCwUAA4IBAQArBDJ6
etprglWZvhhsrtBwezvK/TXkAeMbZrGOUqTbuyiJkiJmH8yXjP4AUER4hy/OUVeu
Zly1IgzIQUJ3Q6kGU59/m5/eaA92lwasD+5i1kwpwsVPyQJSq4E8uADg09guGIA5
Mp4V44JAL0ZN5s9mQNWj7jWKgrQIK1ICamnNJCaXZUrpnipNjvZ7NPkwXPgZcc1u
R5ErhYS0375uvdzanZ6TMLBPRhoGuiufFUWOTglfD6ce8y2lX2GFvX6pi+JxKzC4
endjkEL4zETe2VQdKhIZ1A3nAtJ7QXZ8bn+TC+LUDi5JndBW1ngQff/ybGIyrtod
9XFrcza/b3YnV75L
-----END CERTIFICATE-----