Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/_nzo-_uEec-5drRDzDx84vcDq34.cer
File:                     _nzo-_uEec-5drRDzDx84vcDq34.cer (raw, json)
Hash identifier:          BnRO5LZBM6y65knyL67+cfkMei0tZpGWFRm0Fvl7b8s=
Subject key identifier:   FE:7C:E8:FB:FB:84:79:CF:B9:76:B4:43:CC:3C:7C:E2:F7:03:AB:7E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DB16775985E48C8925C6F8B75BC957
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/72/927638-fd47-4e56-bb9e-d7920ae44920/1/_nzo-_uEec-5drRDzDx84vcDq34.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/72/927638-fd47-4e56-bb9e-d7920ae44920/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:47 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.247.96.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:16:77:59:85:e4:8c:89:25:c6:f8:b7:5b:c9:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe7ce8fbfb8479cfb976b443cc3c7ce2f703ab7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:92:06:f3:f3:4f:07:a5:7e:e8:69:e7:3b:3e:
                    6d:64:d8:e5:6e:43:50:08:17:e1:2e:ce:9a:50:68:
                    fa:53:3a:9b:95:11:15:a7:2c:34:f0:5d:d2:7a:d6:
                    7d:b4:ad:9c:69:9f:a7:1c:2e:58:13:74:70:17:5a:
                    55:00:36:6d:9d:95:2c:d7:07:06:9a:c9:6f:69:77:
                    95:17:8d:d7:9d:a5:dd:dc:e5:41:70:a6:0f:1f:e9:
                    70:f5:64:d6:33:62:71:28:d3:d9:b1:a3:28:14:6a:
                    2c:b2:9f:90:62:b8:f1:3b:5a:d6:e3:2b:f1:7e:be:
                    bd:4b:8c:29:8a:66:2c:60:b8:e1:36:9f:4a:a9:44:
                    62:d3:c3:be:e7:36:fb:06:d4:b4:e7:05:23:50:d1:
                    b5:76:44:5f:71:92:5d:99:24:2f:51:77:1a:4b:ba:
                    43:81:9e:5c:d5:59:2c:06:7f:f7:39:5c:39:81:bd:
                    cd:1f:45:4b:0f:39:31:b4:78:b7:4b:5d:5f:71:bb:
                    68:22:da:34:ac:09:da:11:cf:ac:40:e6:b5:bf:94:
                    48:96:ae:d3:3d:92:b4:e4:64:08:af:7b:5e:4a:de:
                    37:b8:1c:32:b1:8e:78:a3:98:89:9f:32:06:19:6c:
                    c1:c0:23:a1:13:9c:29:28:90:34:2f:07:98:df:85:
                    5c:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:7C:E8:FB:FB:84:79:CF:B9:76:B4:43:CC:3C:7C:E2:F7:03:AB:7E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/927638-fd47-4e56-bb9e-d7920ae44920/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/927638-fd47-4e56-bb9e-d7920ae44920/1/_nzo-_uEec-5drRDzDx84vcDq34.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.247.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a0:a9:f6:68:c7:d6:bf:ea:5e:39:b9:be:0a:27:f3:93:40:16:
         95:ec:8c:18:c8:1e:49:e9:3c:6c:59:13:07:f3:a0:5f:f8:31:
         5b:ee:60:c4:f0:0a:9a:af:6d:bd:a3:d9:e4:65:9e:89:47:c2:
         99:52:71:27:64:43:1c:46:57:fc:10:02:6a:ac:a4:b6:e4:0a:
         0c:3d:9e:85:08:a9:3e:aa:8d:fe:8e:a7:6e:8d:dc:22:19:25:
         58:80:96:03:a1:1f:e2:02:bb:9b:cd:87:b9:f2:dc:55:f8:b4:
         a7:3d:81:f6:83:6f:a1:fe:6b:c9:ea:d3:90:60:13:df:cf:ec:
         a4:0d:c3:aa:86:d9:07:57:8f:54:a3:7f:d0:e9:da:46:48:86:
         ad:c5:8a:4a:5a:4e:60:c4:c2:61:51:c7:72:d8:4b:5b:d8:5c:
         9b:a1:fa:61:15:29:bc:5c:10:76:8d:be:87:9f:20:de:db:15:
         13:e0:c0:40:62:69:bf:ac:a8:55:d1:6b:29:77:f0:aa:61:7e:
         e7:51:2b:b9:d0:1a:d6:b3:1e:a9:3d:a8:02:8a:69:f7:44:9b:
         28:92:ab:a4:98:98:2a:57:49:9c:99:84:97:c8:c9:a8:fb:7f:
         79:33:69:a5:22:62:7d:e6:a7:6e:0f:fe:bf:e5:fb:e2:79:88:
         bb:6b:28:4b
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzC2xZ3WYXkjIklxvi3W8lXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTdjZThmYmZiODQ3OWNmYjk3NmI0NDNjYzNjN2NlMmY3MDNhYjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9JIG8/NPB6V+6GnnOz5tZNjlbkNQ
CBfhLs6aUGj6UzqblREVpyw08F3SetZ9tK2caZ+nHC5YE3RwF1pVADZtnZUs1wcG
mslvaXeVF43XnaXd3OVBcKYPH+lw9WTWM2JxKNPZsaMoFGossp+QYrjxO1rW4yvx
fr69S4wpimYsYLjhNp9KqURi08O+5zb7BtS05wUjUNG1dkRfcZJdmSQvUXcaS7pD
gZ5c1VksBn/3OVw5gb3NH0VLDzkxtHi3S11fcbtoIto0rAnaEc+sQOa1v5RIlq7T
PZK05GQIr3teSt43uBwysY54o5iJnzIGGWzBwCOhE5wpKJA0LweY34Vc7QIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFP586Pv7hHnPuXa0Q8w8fOL3A6t+MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzcyLzkyNzYz
OC1mZDQ3LTRlNTYtYmI5ZS1kNzkyMGFlNDQ5MjAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzIvOTI3NjM4
LWZkNDctNGU1Ni1iYjllLWQ3OTIwYWU0NDkyMC8xL19uem8tX3VFZWMtNWRyUkR6
RHg4NHZjRHEzNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwfdgMA0GCSqGSIb3DQEBCwUAA4IBAQCgqfZo
x9a/6l45ub4KJ/OTQBaV7IwYyB5J6TxsWRMH86Bf+DFb7mDE8Aqar229o9nkZZ6J
R8KZUnEnZEMcRlf8EAJqrKS25AoMPZ6FCKk+qo3+jqdujdwiGSVYgJYDoR/iArub
zYe58txV+LSnPYH2g2+h/mvJ6tOQYBPfz+ykDcOqhtkHV49Uo3/Q6dpGSIatxYpK
Wk5gxMJhUcdy2Etb2FybofphFSm8XBB2jb6HnyDe2xUT4MBAYmm/rKhV0Wspd/Cq
YX7nUSu50BrWsx6pPagCimn3RJsokqukmJgqV0mcmYSXyMmo+395M2mlImJ95qdu
D/6/5fvieYi7ayhL
-----END CERTIFICATE-----