Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/_J8k6-8Ri5Fl5S9hypk77kMGTsI.cer
File:                     _J8k6-8Ri5Fl5S9hypk77kMGTsI.cer (raw, json)
Hash identifier:          2MgHQNkQAHIaghWZDpuAXn12IOLQe+vs0WT5ssFWL0U=
Subject key identifier:   FC:9F:24:EB:EF:11:8B:91:65:E5:2F:61:CA:99:3B:EE:43:06:4E:C2
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC6B907C19B46A21F76436447FDADC0FE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/72/e6cb2b-df09-4007-8ad7-153bf7e7ec2a/1/_J8k6-8Ri5Fl5S9hypk77kMGTsI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/72/e6cb2b-df09-4007-8ad7-153bf7e7ec2a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 20:31:04 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.56.4.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:07:c1:9b:46:a2:1f:76:43:64:47:fd:ad:c0:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc9f24ebef118b9165e52f61ca993bee43064ec2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:35:ac:d1:aa:25:94:db:86:49:fa:9b:ad:fa:
                    fa:4f:a8:10:b7:5e:fd:db:9e:66:d5:79:79:3e:dc:
                    b2:af:82:9c:3f:f1:7a:1c:2e:60:5b:15:22:21:10:
                    b9:3c:d9:5c:07:c3:ed:d5:74:cd:b5:3d:92:0a:be:
                    ba:5c:ef:4e:ba:72:e6:85:c0:42:d0:52:7e:00:54:
                    f7:ed:88:1b:f2:50:5d:6b:9a:69:bc:81:39:b1:0a:
                    9f:01:77:ab:f7:8c:81:55:50:3b:6d:2e:7b:95:f6:
                    6c:bb:c0:14:cf:75:11:ef:71:0a:4a:4b:44:4a:ce:
                    c9:8e:2c:3a:41:a5:3e:37:e4:74:1e:8f:a8:e9:2e:
                    4b:7f:84:fe:08:90:66:58:88:7b:6d:98:b9:72:e0:
                    c5:9a:af:00:94:1f:e6:ff:2d:88:29:4d:6b:cd:13:
                    0e:f0:23:65:8a:dc:e4:cf:e1:5e:d9:f2:b1:16:b9:
                    8b:0d:aa:21:06:90:a1:1c:a0:eb:7b:22:3e:7e:91:
                    65:8d:e8:21:fd:68:c3:b4:6c:bc:b1:d7:15:7e:ec:
                    37:9e:34:76:05:9a:6c:50:d4:88:52:26:c3:4b:77:
                    df:5e:ad:ab:c3:09:2b:88:5a:51:a4:76:25:e4:9b:
                    33:6f:69:16:3f:f6:13:16:9e:d4:2f:9b:90:27:1e:
                    bc:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:9F:24:EB:EF:11:8B:91:65:E5:2F:61:CA:99:3B:EE:43:06:4E:C2
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/e6cb2b-df09-4007-8ad7-153bf7e7ec2a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/e6cb2b-df09-4007-8ad7-153bf7e7ec2a/1/_J8k6-8Ri5Fl5S9hypk77kMGTsI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:ab:26:7f:be:08:b0:99:8f:5c:a4:42:70:f6:04:e7:b4:5e:
         ce:95:3a:ed:10:3b:34:b9:cd:83:d2:c3:b8:f5:2e:16:7e:8e:
         17:a5:67:dc:08:dd:79:2d:90:f7:09:a0:81:f0:aa:9a:76:1d:
         da:15:72:a1:35:5a:a3:f8:00:e2:f8:68:f2:3d:4d:3d:f7:ae:
         44:0c:17:f5:67:f0:76:25:7b:1a:30:94:b6:2f:5c:56:fe:c2:
         46:09:3d:d7:8d:e8:84:95:9f:75:1b:50:83:c0:2e:8b:6e:04:
         6c:40:39:4b:71:1a:15:24:9d:f4:a5:59:58:d2:49:8a:ce:52:
         38:8f:9d:ff:8c:42:7c:09:8f:5b:07:52:87:9a:62:58:8a:62:
         24:df:b8:01:0b:94:39:14:ed:da:dd:49:bb:a2:a6:56:5c:7d:
         0a:90:78:1e:27:91:94:43:e6:6e:51:71:ff:48:81:f1:d2:f3:
         7e:aa:05:54:fe:36:19:5f:d8:5d:4b:7d:27:e5:8d:af:48:6a:
         1d:4e:31:53:85:4a:1b:44:13:d6:e0:40:8a:73:7e:f1:67:86:
         b5:65:d1:1a:b9:ab:81:54:07:32:06:f0:86:31:6e:8e:29:13:
         31:0c:aa:b7:60:25:61:45:00:a5:dc:c4:be:c8:4f:69:fd:3e:
         2b:87:df:58
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzGuQfBm0aiH3ZDZEf9rcD+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjAzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzlmMjRlYmVmMTE4YjkxNjVlNTJmNjFjYTk5M2JlZTQzMDY0ZWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTWs0aollNuGSfqbrfr6T6gQt179
255m1Xl5Ptyyr4KcP/F6HC5gWxUiIRC5PNlcB8Pt1XTNtT2SCr66XO9OunLmhcBC
0FJ+AFT37Ygb8lBda5ppvIE5sQqfAXer94yBVVA7bS57lfZsu8AUz3UR73EKSktE
Ss7Jjiw6QaU+N+R0Ho+o6S5Lf4T+CJBmWIh7bZi5cuDFmq8AlB/m/y2IKU1rzRMO
8CNlitzkz+Fe2fKxFrmLDaohBpChHKDreyI+fpFljegh/WjDtGy8sdcVfuw3njR2
BZpsUNSIUibDS3ffXq2rwwkriFpRpHYl5Jszb2kWP/YTFp7UL5uQJx68uwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFPyfJOvvEYuRZeUvYcqZO+5DBk7CMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzcyL2U2Y2Iy
Yi1kZjA5LTQwMDctOGFkNy0xNTNiZjdlN2VjMmEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzIvZTZjYjJi
LWRmMDktNDAwNy04YWQ3LTE1M2JmN2U3ZWMyYS8xL19KOGs2LThSaTVGbDVTOWh5
cGs3N2tNR1RzSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwTgEMA0GCSqGSIb3DQEBCwUAA4IBAQA0qyZ/
vgiwmY9cpEJw9gTntF7OlTrtEDs0uc2D0sO49S4Wfo4XpWfcCN15LZD3CaCB8Kqa
dh3aFXKhNVqj+ADi+GjyPU09965EDBf1Z/B2JXsaMJS2L1xW/sJGCT3XjeiElZ91
G1CDwC6LbgRsQDlLcRoVJJ30pVlY0kmKzlI4j53/jEJ8CY9bB1KHmmJYimIk37gB
C5Q5FO3a3Um7oqZWXH0KkHgeJ5GUQ+ZuUXH/SIHx0vN+qgVU/jYZX9hdS30n5Y2v
SGodTjFThUobRBPW4ECKc37xZ4a1ZdEauauBVAcyBvCGMW6OKRMxDKq3YCVhRQCl
3MS+yE9p/T4rh99Y
-----END CERTIFICATE-----