Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/_blB8vfFNAgOD3d6eumXmS4R4a8.cer
File:                     _blB8vfFNAgOD3d6eumXmS4R4a8.cer (raw, json)
Hash identifier:          kuBFO1X9wevLYdkevFYv5c/hMjXZpDM78c/17cyCU5g=
Subject key identifier:   FD:B9:41:F2:F7:C5:34:08:0E:0F:77:7A:7A:E9:97:99:2E:11:E1:AF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8014CBCD02CDFDC49E0A4A5608C1C7A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/56/178025-c7d9-423f-a53b-e23f408d189b/1/_blB8vfFNAgOD3d6eumXmS4R4a8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/56/178025-c7d9-423f-a53b-e23f408d189b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:29:37 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.247.74.0/23
                          IP: 193.247.126.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:4c:bc:d0:2c:df:dc:49:e0:a4:a5:60:8c:1c:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fdb941f2f7c534080e0f777a7ae997992e11e1af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:24:55:7f:9e:69:f4:2f:3b:b8:f7:a3:da:31:
                    9a:97:fe:e1:6e:a5:d3:7d:ae:05:fa:8e:ec:46:d9:
                    98:c9:3d:1c:1f:04:c4:b1:4a:34:77:cd:9a:7e:70:
                    74:54:55:78:ca:ba:ce:09:e6:f3:7d:44:90:b0:c9:
                    43:70:86:44:c9:c8:55:46:5a:ff:6e:89:0f:99:9f:
                    e8:52:09:e4:e1:0a:08:bf:da:e9:8e:47:9f:67:57:
                    50:f1:01:49:1e:3d:a1:85:31:cb:5c:18:25:15:91:
                    0c:20:7a:fb:30:4e:e2:ea:f8:8a:92:d7:ce:59:cd:
                    b2:65:f9:f9:84:d4:d1:22:df:ed:85:73:67:f6:d4:
                    67:93:58:ea:9e:12:91:32:5d:bc:a3:ae:fc:d0:0c:
                    47:e2:57:2e:31:e0:44:68:7a:ed:b5:b9:18:6f:c9:
                    b2:eb:9f:41:fa:43:d9:cb:e2:ab:58:42:9f:9f:a7:
                    65:e9:f3:62:81:54:9d:54:f6:06:0e:62:b0:db:23:
                    2e:6c:3b:e1:12:ad:23:39:7f:82:7e:08:40:75:cf:
                    02:12:de:a8:eb:5b:e5:1f:b0:33:6d:29:6b:ae:fd:
                    13:4a:56:70:44:2a:1f:b5:9f:92:6d:15:f5:42:7a:
                    17:b2:83:04:94:3f:e6:23:f8:14:18:d6:e4:c2:1c:
                    0f:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:B9:41:F2:F7:C5:34:08:0E:0F:77:7A:7A:E9:97:99:2E:11:E1:AF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/178025-c7d9-423f-a53b-e23f408d189b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/178025-c7d9-423f-a53b-e23f408d189b/1/_blB8vfFNAgOD3d6eumXmS4R4a8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.247.74.0/23
                  193.247.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         27:81:4a:5d:9c:5c:14:9d:d2:db:29:af:e1:9b:dd:93:16:77:
         15:a5:e3:48:a8:1f:46:72:60:a3:42:af:bb:a6:16:9e:f3:2c:
         3b:97:2b:88:51:4d:6c:f2:2a:60:56:55:1c:fc:0d:5d:d1:ac:
         34:68:a3:8a:60:df:9d:cd:06:bb:30:94:d7:2f:f7:d9:fa:89:
         f9:88:13:fa:40:c0:3d:33:8f:46:e6:a7:d1:e7:6d:00:f1:59:
         a9:3e:4a:e0:2b:db:42:14:6e:3e:b5:9e:66:0c:fc:f7:6e:a4:
         5e:f7:f7:ba:2d:63:a3:84:3a:79:45:b0:20:77:d1:07:df:09:
         50:72:e1:77:43:66:62:65:22:b3:e3:d6:96:10:fb:2f:f9:d8:
         8c:0b:e8:3b:b1:e4:21:58:ce:7d:7d:2c:d8:43:f3:58:72:0d:
         50:72:b1:08:fb:e3:29:44:3d:ae:9f:63:0c:d7:5b:dd:a4:3a:
         d4:79:1c:72:e9:3b:61:04:e1:49:69:6a:86:12:d5:d8:b5:ad:
         21:05:ff:bd:bf:f2:77:1d:00:97:84:0a:94:2d:a2:28:62:33:
         e1:50:eb:ab:c8:33:df:d5:5e:a0:2d:cc:81:09:ce:06:8a:9f:
         71:42:dd:80:2e:5b:36:c8:48:b2:57:52:f2:c6:9a:83:2d:83:
         ac:9a:eb:c5
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAYzIAUy80Czf3EngpKVgjBx6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGI5NDFmMmY3YzUzNDA4MGUwZjc3N2E3YWU5OTc5OTJlMTFlMWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAniRVf55p9C87uPej2jGal/7hbqXT
fa4F+o7sRtmYyT0cHwTEsUo0d82afnB0VFV4yrrOCebzfUSQsMlDcIZEychVRlr/
bokPmZ/oUgnk4QoIv9rpjkefZ1dQ8QFJHj2hhTHLXBglFZEMIHr7ME7i6viKktfO
Wc2yZfn5hNTRIt/thXNn9tRnk1jqnhKRMl28o6780AxH4lcuMeBEaHrttbkYb8my
659B+kPZy+KrWEKfn6dl6fNigVSdVPYGDmKw2yMubDvhEq0jOX+CfghAdc8CEt6o
61vlH7AzbSlrrv0TSlZwRCoftZ+SbRX1QnoXsoMElD/mI/gUGNbkwhwPLQIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFP25QfL3xTQIDg93enrpl5kuEeGvMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU2LzE3ODAy
NS1jN2Q5LTQyM2YtYTUzYi1lMjNmNDA4ZDE4OWIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTYvMTc4MDI1
LWM3ZDktNDIzZi1hNTNiLWUyM2Y0MDhkMTg5Yi8xL19ibEI4dmZGTkFnT0QzZDZl
dW1YbVM0UjRhOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQBwfdKAwQBwfd+MA0GCSqGSIb3DQEBCwUAA4IB
AQAngUpdnFwUndLbKa/hm92TFncVpeNIqB9GcmCjQq+7phae8yw7lyuIUU1s8ipg
VlUc/A1d0aw0aKOKYN+dzQa7MJTXL/fZ+on5iBP6QMA9M49G5qfR520A8VmpPkrg
K9tCFG4+tZ5mDPz3bqRe9/e6LWOjhDp5RbAgd9EH3wlQcuF3Q2ZiZSKz49aWEPsv
+diMC+g7seQhWM59fSzYQ/NYcg1QcrEI++MpRD2un2MM11vdpDrUeRxy6TthBOFJ
aWqGEtXYta0hBf+9v/J3HQCXhAqULaIoYjPhUOuryDPf1V6gLcyBCc4Gip9xQt2A
Lls2yEiyV1LyxpqDLYOsmuvF
-----END CERTIFICATE-----