Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1fF3_cOv-Z6QA1V8lnbLDcZIZY.cer
File:                     a1fF3_cOv-Z6QA1V8lnbLDcZIZY.cer (raw, json)
Hash identifier:          xz4rHw+ox6E8a0nV2A89iyYZxyoo3K40nGZVh/9kRg0=
Subject key identifier:   6B:57:C5:DF:F7:0E:BF:E6:7A:40:0D:55:F2:59:DB:2C:37:19:21:96
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01910D1BF3B0405A882B1EBE429882B3D939
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fa/6ae58c-7618-41ba-a343-c46d7bac02fc/1/a1fF3_cOv-Z6QA1V8lnbLDcZIZY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fa/6ae58c-7618-41ba-a343-c46d7bac02fc/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Aug 2024 08:43:41 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.183.0.0/22
                          IP: 2a0a:fe80::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:0d:1b:f3:b0:40:5a:88:2b:1e:be:42:98:82:b3:d9:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Aug  1 08:43:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b57c5dff70ebfe67a400d55f259db2c37192196
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:47:76:2a:07:39:cd:32:7c:db:c6:0c:85:dd:
                    73:32:b0:9d:fa:ed:b9:b4:51:19:ff:57:d5:28:8b:
                    92:69:7b:9a:fd:c4:ef:27:ba:08:03:9f:43:ac:1a:
                    43:91:40:e5:02:84:21:f6:eb:26:03:1a:76:84:77:
                    0d:da:cf:e7:7b:89:3c:61:4c:ba:f7:2b:04:99:9b:
                    76:a4:ec:33:8d:7e:bd:e3:af:81:15:a7:d6:2b:56:
                    2f:92:44:af:7d:b1:c4:ec:48:40:d6:5f:5f:a8:c5:
                    e9:df:e3:5c:87:ea:87:b6:f4:0f:9b:a7:d8:a5:37:
                    eb:db:1b:3c:78:f8:71:db:f8:6f:4a:2c:63:e5:a5:
                    99:19:03:23:74:16:cd:0a:d2:1e:7a:5d:18:ca:07:
                    42:38:da:4b:58:c4:87:c6:99:9d:69:6a:52:67:e0:
                    69:26:ae:69:e1:b3:a0:83:28:42:c1:b8:08:fc:3f:
                    32:e9:0f:cd:fd:29:ae:72:c5:ac:ac:46:48:4e:22:
                    7f:4d:96:6a:2b:dd:d5:91:35:37:6c:70:b3:b9:28:
                    63:1a:b0:48:67:49:13:c9:76:77:2f:dc:c1:f8:72:
                    e0:90:35:de:a9:7f:fe:d5:0c:c7:a2:d6:35:20:5d:
                    05:43:4f:f4:f0:93:e2:19:d2:e6:f3:db:73:8c:e5:
                    52:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:57:C5:DF:F7:0E:BF:E6:7A:40:0D:55:F2:59:DB:2C:37:19:21:96
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/6ae58c-7618-41ba-a343-c46d7bac02fc/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/6ae58c-7618-41ba-a343-c46d7bac02fc/1/a1fF3_cOv-Z6QA1V8lnbLDcZIZY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.183.0.0/22
                IPv6:
                  2a0a:fe80::/29

    Signature Algorithm: sha256WithRSAEncryption
         81:58:d1:c4:6e:60:9d:b8:77:af:36:14:98:95:bf:a7:6a:26:
         79:39:dc:d8:66:6b:b4:95:79:05:25:f2:e4:62:a6:04:4f:a3:
         5b:fd:b2:3f:65:1d:48:27:dd:f5:a4:18:f2:e1:13:be:37:ee:
         e5:1d:94:bf:46:df:0b:4d:44:cb:94:ee:49:f8:48:fe:af:1b:
         9f:b1:58:b8:03:40:16:9e:89:63:3c:33:8e:37:a2:a1:e8:46:
         5c:7e:91:87:49:07:4f:2e:51:a0:5a:1b:f1:75:08:e6:2e:b9:
         0b:d8:c0:58:eb:30:54:47:30:01:25:04:a7:9b:6a:e9:7e:4b:
         e3:94:60:99:c7:89:17:7b:89:74:b2:ad:38:b8:fd:91:a6:a7:
         bb:7f:36:63:8a:92:f4:c1:63:f8:00:76:3e:35:9d:87:58:f5:
         a7:d0:71:78:ce:58:fb:9b:2b:99:08:18:fc:55:3e:15:60:2c:
         6d:00:44:34:6b:38:6e:12:e4:8b:c0:b8:21:f1:1d:48:f3:12:
         af:65:31:29:19:a3:95:80:4f:a1:02:56:8f:aa:6b:74:b3:83:
         65:e8:04:aa:b8:1f:d3:2e:ee:3d:50:57:a7:dd:c5:31:f7:78:
         a5:79:8f:45:76:0c:88:fd:d1:40:67:8c:62:b4:60:18:60:79:
         80:10:64:42
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZENG/OwQFqIKx6+QpiCs9k5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwODAxMDg0MzQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjU3YzVkZmY3MGViZmU2N2E0MDBkNTVmMjU5ZGIyYzM3MTkyMTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Ud2Kgc5zTJ828YMhd1zMrCd+u25
tFEZ/1fVKIuSaXua/cTvJ7oIA59DrBpDkUDlAoQh9usmAxp2hHcN2s/ne4k8YUy6
9ysEmZt2pOwzjX6946+BFafWK1YvkkSvfbHE7EhA1l9fqMXp3+Nch+qHtvQPm6fY
pTfr2xs8ePhx2/hvSixj5aWZGQMjdBbNCtIeel0YygdCONpLWMSHxpmdaWpSZ+Bp
Jq5p4bOggyhCwbgI/D8y6Q/N/SmucsWsrEZITiJ/TZZqK93VkTU3bHCzuShjGrBI
Z0kTyXZ3L9zB+HLgkDXeqX/+1QzHotY1IF0FQ0/08JPiGdLm89tzjOVS9QIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFGtXxd/3Dr/mekANVfJZ2yw3GSGWMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZhLzZhZTU4
Yy03NjE4LTQxYmEtYTM0My1jNDZkN2JhYzAyZmMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmEvNmFlNThj
LTc2MTgtNDFiYS1hMzQzLWM0NmQ3YmFjMDJmYy8xL2ExZkYzX2NPdi1aNlFBMVY4
bG5iTERjWklaWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCubcAMA0EAgACMAcDBQMqCv6AMA0GCSqGSIb3
DQEBCwUAA4IBAQCBWNHEbmCduHevNhSYlb+naiZ5OdzYZmu0lXkFJfLkYqYET6Nb
/bI/ZR1IJ931pBjy4RO+N+7lHZS/Rt8LTUTLlO5J+Ej+rxufsVi4A0AWnoljPDOO
N6Kh6EZcfpGHSQdPLlGgWhvxdQjmLrkL2MBY6zBURzABJQSnm2rpfkvjlGCZx4kX
e4l0sq04uP2Rpqe7fzZjipL0wWP4AHY+NZ2HWPWn0HF4zlj7myuZCBj8VT4VYCxt
AEQ0azhuEuSLwLgh8R1I8xKvZTEpGaOVgE+hAlaPqmt0s4Nl6ASquB/TLu49UFen
3cUx93ileY9FdgyI/dFAZ4xitGAYYHmAEGRC
-----END CERTIFICATE-----