Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/_TrysG9KUBbg5avtGD9GXbFfQdU.cer
File:                     _TrysG9KUBbg5avtGD9GXbFfQdU.cer (raw, json)
Hash identifier:          WtDqCGi6Y2x1iiIuD/ttaBvOhhDMVRiQUczb4QeLcS8=
Subject key identifier:   FD:3A:F2:B0:6F:4A:50:16:E0:E5:AB:ED:18:3F:46:5D:B1:5F:41:D5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC725A1CFF7F2F1828EBDA68404C87F15
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/85/92262e-2276-4a88-a733-049bd7b1e119/1/_TrysG9KUBbg5avtGD9GXbFfQdU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/85/92262e-2276-4a88-a733-049bd7b1e119/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 22:29:41 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.145.160.0/22
                          IP: 2a07:4880::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:a1:cf:f7:f2:f1:82:8e:bd:a6:84:04:c8:7f:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd3af2b06f4a5016e0e5abed183f465db15f41d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d1:e4:c3:e1:31:a1:ae:38:71:ca:8d:f4:35:
                    c2:0f:2d:b1:b2:e9:80:0f:2c:0e:9b:5e:b5:65:e4:
                    54:93:8d:9e:e9:a1:8a:c4:1f:4c:88:4d:65:9f:71:
                    e9:e4:e7:7c:65:eb:41:d3:49:aa:95:39:6e:98:15:
                    ea:ba:38:63:b1:04:7e:58:fc:95:93:bb:ac:c5:ba:
                    2b:fa:f9:42:e1:74:6f:72:2f:64:46:cd:04:0f:3a:
                    47:c5:46:9e:73:46:59:6d:62:f3:d5:e0:92:81:7b:
                    8b:7c:6b:3c:d0:3a:90:71:5f:0d:6e:57:7e:9d:cf:
                    f1:fe:7d:f4:42:23:26:55:e6:68:1a:e5:df:ed:06:
                    5f:36:38:8b:d1:40:36:e8:e6:40:b8:84:aa:6f:4b:
                    16:15:13:08:3e:9c:ab:be:fb:2e:68:cc:95:8e:fc:
                    b8:ea:8d:fc:b7:36:2e:4a:cb:30:95:85:e2:eb:9f:
                    50:de:be:29:61:f3:48:51:7b:04:b8:df:91:9b:44:
                    57:c5:ff:0d:8c:e9:ff:65:3c:ae:05:f7:ee:d6:86:
                    27:30:69:b5:91:37:6d:48:9e:09:f7:62:8f:15:63:
                    f5:e0:d3:bb:22:94:ca:0f:c4:37:4a:5a:2d:0d:88:
                    1c:30:14:d2:ba:74:f9:9b:d2:9c:60:13:7e:c6:8f:
                    96:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:3A:F2:B0:6F:4A:50:16:E0:E5:AB:ED:18:3F:46:5D:B1:5F:41:D5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/92262e-2276-4a88-a733-049bd7b1e119/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/92262e-2276-4a88-a733-049bd7b1e119/1/_TrysG9KUBbg5avtGD9GXbFfQdU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.160.0/22
                IPv6:
                  2a07:4880::/29

    Signature Algorithm: sha256WithRSAEncryption
         3a:b0:cb:f8:05:dd:55:0d:a0:4a:58:ab:23:e8:18:2f:28:bf:
         9e:e2:ca:69:95:b0:e4:1f:d9:27:30:db:2e:60:a6:01:91:6c:
         37:84:4a:bb:59:05:8f:e2:e0:16:fd:45:14:00:57:89:9d:12:
         2d:a2:8c:22:7d:1e:16:b4:4b:9e:8c:9b:6e:bf:d8:07:19:98:
         23:19:a8:23:35:b8:c6:e1:fb:49:3e:c8:8c:95:b7:1b:db:df:
         4c:85:d1:02:99:2f:83:29:6c:af:11:e3:6d:c4:fe:f4:f8:95:
         3f:0f:0e:38:4f:27:16:b7:77:e3:35:ee:34:6c:11:3a:97:a5:
         18:84:25:05:bf:00:43:5b:cd:26:2d:00:ec:8c:78:d0:c6:9e:
         1a:29:84:19:a8:c7:3a:25:ed:99:4c:96:5a:ba:9c:43:73:bb:
         fa:5e:76:dc:3f:41:08:80:6b:d7:c9:d6:14:f8:2a:fc:94:33:
         70:1f:f9:b8:19:5c:a7:ee:12:06:6a:f2:dc:17:c2:48:42:60:
         98:0f:39:62:21:26:b9:7e:2a:e4:34:d5:78:03:95:08:43:15:
         34:4e:23:da:c0:dc:73:6c:47:7c:17:fd:6c:67:9d:6c:c6:16:
         6b:f5:e8:27:07:1d:d2:bf:3b:8a:bb:7b:b7:4f:35:77:88:c8:
         cd:1b:2f:d0
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzHJaHP9/Lxgo69poQEyH8VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDNhZjJiMDZmNGE1MDE2ZTBlNWFiZWQxODNmNDY1ZGIxNWY0MWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNHkw+Exoa44ccqN9DXCDy2xsumA
DywOm161ZeRUk42e6aGKxB9MiE1ln3Hp5Od8ZetB00mqlTlumBXqujhjsQR+WPyV
k7usxbor+vlC4XRvci9kRs0EDzpHxUaec0ZZbWLz1eCSgXuLfGs80DqQcV8Nbld+
nc/x/n30QiMmVeZoGuXf7QZfNjiL0UA26OZAuISqb0sWFRMIPpyrvvsuaMyVjvy4
6o38tzYuSsswlYXi659Q3r4pYfNIUXsEuN+Rm0RXxf8NjOn/ZTyuBffu1oYnMGm1
kTdtSJ4J92KPFWP14NO7IpTKD8Q3SlotDYgcMBTSunT5m9KcYBN+xo+WswIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFP068rBvSlAW4OWr7Rg/Rl2xX0HVMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg1LzkyMjYy
ZS0yMjc2LTRhODgtYTczMy0wNDliZDdiMWUxMTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODUvOTIyNjJl
LTIyNzYtNGE4OC1hNzMzLTA0OWJkN2IxZTExOS8xL19UcnlzRzlLVUJiZzVhdnRH
RDlHWGJGZlFkVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuZGgMA0EAgACMAcDBQMqB0iAMA0GCSqGSIb3
DQEBCwUAA4IBAQA6sMv4Bd1VDaBKWKsj6BgvKL+e4spplbDkH9knMNsuYKYBkWw3
hEq7WQWP4uAW/UUUAFeJnRItoowifR4WtEuejJtuv9gHGZgjGagjNbjG4ftJPsiM
lbcb299MhdECmS+DKWyvEeNtxP70+JU/Dw44TycWt3fjNe40bBE6l6UYhCUFvwBD
W80mLQDsjHjQxp4aKYQZqMc6Je2ZTJZaupxDc7v6XnbcP0EIgGvXydYU+Cr8lDNw
H/m4GVyn7hIGavLcF8JIQmCYDzliISa5firkNNV4A5UIQxU0TiPawNxzbEd8F/1s
Z51sxhZr9egnBx3SvzuKu3u3TzV3iMjNGy/Q
-----END CERTIFICATE-----