Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/_tSpb-HtAo1ZEtd6UAsJR4vRgyI.cer
File:                     _tSpb-HtAo1ZEtd6UAsJR4vRgyI.cer (raw, json)
Hash identifier:          zyRvx39LpJpTTfOq5LXo8ZLJVoVDtKM/Lj7RLHn/VZs=
Subject key identifier:   FE:D4:A9:6F:E1:ED:02:8D:59:12:D7:7A:50:0B:09:47:8B:D1:83:22
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC795611BA52AD7D034C1CF88D4471B04
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c0/98183c-edc4-464d-bf45-8899d1058b64/1/_tSpb-HtAo1ZEtd6UAsJR4vRgyI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c0/98183c-edc4-464d-bf45-8899d1058b64/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:31:44 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 2.59.224.0/22
                          IP: 2a09:fb40::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:61:1b:a5:2a:d7:d0:34:c1:cf:88:d4:47:1b:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:31:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fed4a96fe1ed028d5912d77a500b09478bd18322
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:97:11:7f:99:9d:8c:7d:92:d8:8d:9b:36:be:
                    a5:8c:1e:a8:a6:e4:e6:72:7f:d4:72:84:f3:ef:58:
                    c6:53:d6:4c:1e:bb:09:8a:25:fd:1e:99:9d:87:27:
                    2b:84:ea:55:fa:38:16:45:38:d2:72:fc:51:62:61:
                    0e:61:88:b0:d5:14:64:2b:97:f6:70:4d:24:2d:25:
                    c2:ef:a6:4f:1d:ed:6f:6c:15:02:ee:f5:e9:9c:03:
                    bd:26:ec:cf:d5:02:9f:1f:45:1f:37:6d:c8:ba:e1:
                    5b:50:ce:66:28:02:35:ab:28:31:51:04:51:93:4a:
                    80:4b:de:07:4c:66:08:f0:b5:cc:88:c3:20:ff:7a:
                    12:77:e1:97:76:f0:4b:90:0d:f9:9a:da:c9:5a:7e:
                    c1:bd:84:7a:87:56:0c:a1:39:53:b8:40:20:6e:16:
                    3a:76:68:45:41:c8:c0:20:67:12:da:94:2c:b9:d1:
                    2f:e8:bd:bb:ae:60:99:ee:03:c4:73:52:7b:20:35:
                    cd:61:8d:48:8a:e4:dc:a3:c9:ce:e1:0e:58:42:d3:
                    99:a0:1e:0e:15:40:af:71:d0:c1:e0:c0:f1:0d:8f:
                    80:79:14:71:04:61:51:03:80:ce:55:b6:81:79:7f:
                    49:bb:bb:bb:04:60:f9:b0:56:0a:27:86:f5:60:6a:
                    9f:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:D4:A9:6F:E1:ED:02:8D:59:12:D7:7A:50:0B:09:47:8B:D1:83:22
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/98183c-edc4-464d-bf45-8899d1058b64/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/98183c-edc4-464d-bf45-8899d1058b64/1/_tSpb-HtAo1ZEtd6UAsJR4vRgyI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.224.0/22
                IPv6:
                  2a09:fb40::/29

    Signature Algorithm: sha256WithRSAEncryption
         17:84:5e:6f:4f:4b:be:e3:a7:b1:9b:b3:0d:64:79:fc:4c:9b:
         e6:cf:11:bd:58:07:0d:8f:c3:68:96:23:ad:6a:65:8a:ab:5f:
         7e:c5:f6:fb:f3:0d:a8:56:7e:03:86:66:d0:36:77:2c:d7:bf:
         86:86:8c:92:75:94:10:b9:d1:d3:74:15:95:9c:9f:c9:ce:fd:
         ed:89:9a:64:a8:d3:aa:3e:8d:52:15:c9:e6:ba:15:6b:df:e1:
         01:09:32:95:59:03:bc:7c:93:f4:c6:cc:3c:d6:7b:1b:49:18:
         70:8c:8d:bd:a8:c3:ba:33:bd:fd:10:55:6a:ad:0c:97:83:c1:
         7c:20:5a:03:37:3f:df:42:cf:51:ea:ef:91:c3:e8:09:2b:49:
         87:3a:d5:b5:cc:0b:0e:5e:bb:4d:36:74:1d:2e:9b:9e:5e:7f:
         24:9a:28:44:24:51:a9:a8:67:7a:77:9e:49:de:5d:2d:70:8c:
         10:1c:d9:db:ec:eb:98:65:af:f3:fe:1c:b4:1d:1b:23:31:05:
         4f:40:d9:06:96:31:2b:27:30:84:71:34:65:c7:ca:bd:4a:df:
         f4:26:b1:52:12:22:10:d2:94:0d:19:b2:6e:f2:de:81:13:fd:
         49:1d:f8:e4:a0:4b:43:35:20:32:d0:4c:55:f3:e6:14:eb:a0:
         3f:51:07:75
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzHlWEbpSrX0DTBz4jURxsEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWQ0YTk2ZmUxZWQwMjhkNTkxMmQ3N2E1MDBiMDk0NzhiZDE4MzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5cRf5mdjH2S2I2bNr6ljB6opuTm
cn/UcoTz71jGU9ZMHrsJiiX9HpmdhycrhOpV+jgWRTjScvxRYmEOYYiw1RRkK5f2
cE0kLSXC76ZPHe1vbBUC7vXpnAO9JuzP1QKfH0UfN23IuuFbUM5mKAI1qygxUQRR
k0qAS94HTGYI8LXMiMMg/3oSd+GXdvBLkA35mtrJWn7BvYR6h1YMoTlTuEAgbhY6
dmhFQcjAIGcS2pQsudEv6L27rmCZ7gPEc1J7IDXNYY1IiuTco8nO4Q5YQtOZoB4O
FUCvcdDB4MDxDY+AeRRxBGFRA4DOVbaBeX9Ju7u7BGD5sFYKJ4b1YGqfWQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFP7UqW/h7QKNWRLXelALCUeL0YMiMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MwLzk4MTgz
Yy1lZGM0LTQ2NGQtYmY0NS04ODk5ZDEwNThiNjQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzAvOTgxODNj
LWVkYzQtNDY0ZC1iZjQ1LTg4OTlkMTA1OGI2NC8xL190U3BiLUh0QW8xWkV0ZDZV
QXNKUjR2Umd5SS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCAjvgMA0EAgACMAcDBQMqCftAMA0GCSqGSIb3
DQEBCwUAA4IBAQAXhF5vT0u+46exm7MNZHn8TJvmzxG9WAcNj8NoliOtamWKq19+
xfb78w2oVn4DhmbQNncs17+GhoySdZQQudHTdBWVnJ/Jzv3tiZpkqNOqPo1SFcnm
uhVr3+EBCTKVWQO8fJP0xsw81nsbSRhwjI29qMO6M739EFVqrQyXg8F8IFoDNz/f
Qs9R6u+Rw+gJK0mHOtW1zAsOXrtNNnQdLpueXn8kmihEJFGpqGd6d55J3l0tcIwQ
HNnb7OuYZa/z/hy0HRsjMQVPQNkGljErJzCEcTRlx8q9St/0JrFSEiIQ0pQNGbJu
8t6BE/1JHfjkoEtDNSAy0ExV8+YU66A/UQd1
-----END CERTIFICATE-----