Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aNogbIPVBeJUs-88dlD5-5NFNDU.cer
File:                     aNogbIPVBeJUs-88dlD5-5NFNDU.cer (raw, json)
Hash identifier:          Vccn+K2iVfR8n10nX/UeXJPwl9sEz7DOVMDeNGsJqP0=
Subject key identifier:   68:DA:20:6C:83:D5:05:E2:54:B3:EF:3C:76:50:F9:FB:93:45:34:35
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC64AEEE47FF06648FFF252AC70DEBC82
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/75/bb298b-3c39-49b2-abb1-11d636b56dab/1/aNogbIPVBeJUs-88dlD5-5NFNDU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/75/bb298b-3c39-49b2-abb1-11d636b56dab/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:30:48 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.73.32.0/22
                          IP: 2a05:3f40::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:ee:e4:7f:f0:66:48:ff:f2:52:ac:70:de:bc:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68da206c83d505e254b3ef3c7650f9fb93453435
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:67:7b:7a:ca:df:de:63:45:7d:59:52:cd:86:
                    29:43:64:cd:a7:56:d9:6b:71:39:99:5a:d3:a4:01:
                    b0:5d:b5:7f:b0:5b:d3:92:30:87:cc:72:45:d5:c4:
                    dc:a0:08:4e:83:a9:fd:13:c4:47:20:0f:97:00:94:
                    4a:df:62:b7:b3:2c:3c:4f:85:3c:d7:e2:c7:c6:2c:
                    10:e9:d6:1a:2a:af:30:e5:ec:67:89:f5:12:33:36:
                    c6:1b:39:58:a1:5f:66:74:94:e8:15:83:c5:92:94:
                    38:8c:46:13:7a:4f:7d:b5:0c:05:02:09:da:c7:c2:
                    38:24:7c:53:a4:7f:42:cc:95:b9:36:89:0b:d8:cf:
                    83:d7:7e:aa:c9:b4:6b:25:12:26:3e:1c:7a:21:24:
                    a5:7f:a5:f7:99:7d:15:df:d0:85:66:26:ce:ca:f2:
                    06:59:93:7a:25:48:d6:dd:21:63:ee:e2:3f:1a:00:
                    1f:ae:c2:74:e5:27:2a:5e:90:f8:63:8b:1c:b0:27:
                    f7:dd:19:49:2b:f1:5c:4b:bb:ca:1f:cb:e6:1e:51:
                    87:13:95:a7:80:d8:78:09:fd:df:45:e1:94:6b:76:
                    80:69:3e:cb:d2:38:d0:e5:0d:7b:16:fb:11:5f:e4:
                    a3:ea:6e:8c:07:f3:e2:c1:48:0c:a4:a3:e4:af:bf:
                    f1:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:DA:20:6C:83:D5:05:E2:54:B3:EF:3C:76:50:F9:FB:93:45:34:35
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/bb298b-3c39-49b2-abb1-11d636b56dab/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/bb298b-3c39-49b2-abb1-11d636b56dab/1/aNogbIPVBeJUs-88dlD5-5NFNDU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.32.0/22
                IPv6:
                  2a05:3f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         9d:ac:4d:48:44:49:91:c6:8a:b8:46:f8:b0:41:b1:4c:1d:a8:
         29:60:b9:6a:03:d4:c9:eb:7d:40:53:2d:01:10:31:49:70:9e:
         31:a1:c0:0f:66:c5:52:b1:50:3b:ff:d0:97:57:dd:d9:13:3b:
         b1:6b:e9:f7:15:ee:3e:82:3f:2a:cf:58:73:e4:57:62:2e:56:
         42:fb:4a:88:c5:3b:59:02:23:18:e4:d9:58:6a:09:ed:12:16:
         6b:b4:41:86:8e:17:80:3e:ab:37:a6:d2:e6:89:56:72:38:9b:
         b1:79:bc:a8:25:f4:39:2c:e4:7e:ff:b2:75:6a:35:dc:a1:f6:
         68:38:dc:5c:95:5d:74:ec:7f:fd:93:2e:93:04:ff:e7:7e:e9:
         3e:e0:22:71:46:3d:40:c7:95:70:6d:6a:8a:b1:05:36:37:49:
         91:bf:dc:ed:06:bb:6f:dd:b4:37:50:03:ec:3d:60:8e:35:59:
         78:80:41:bb:ad:09:8b:c7:7a:a3:7f:e5:8b:47:c5:d3:c5:fb:
         6c:8a:02:47:60:9d:75:d0:ac:33:f7:f5:75:d8:d2:88:f9:57:
         87:74:4b:f9:71:10:b7:ca:84:3d:b3:aa:03:19:45:4c:99:c5:
         02:a8:da:b8:4e:39:2a:2e:8a:a1:ee:96:b0:38:ff:4d:0f:48:
         15:cf:a1:95
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzGSu7kf/BmSP/yUqxw3ryCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGRhMjA2YzgzZDUwNWUyNTRiM2VmM2M3NjUwZjlmYjkzNDUzNDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomd7esrf3mNFfVlSzYYpQ2TNp1bZ
a3E5mVrTpAGwXbV/sFvTkjCHzHJF1cTcoAhOg6n9E8RHIA+XAJRK32K3syw8T4U8
1+LHxiwQ6dYaKq8w5exnifUSMzbGGzlYoV9mdJToFYPFkpQ4jEYTek99tQwFAgna
x8I4JHxTpH9CzJW5NokL2M+D136qybRrJRImPhx6ISSlf6X3mX0V39CFZibOyvIG
WZN6JUjW3SFj7uI/GgAfrsJ05ScqXpD4Y4scsCf33RlJK/FcS7vKH8vmHlGHE5Wn
gNh4Cf3fReGUa3aAaT7L0jjQ5Q17FvsRX+Sj6m6MB/PiwUgMpKPkr7/xxQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFGjaIGyD1QXiVLPvPHZQ+fuTRTQ1MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc1L2JiMjk4
Yi0zYzM5LTQ5YjItYWJiMS0xMWQ2MzZiNTZkYWIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzUvYmIyOThi
LTNjMzktNDliMi1hYmIxLTExZDYzNmI1NmRhYi8xL2FOb2diSVBWQmVKVXMtODhk
bEQ1LTVORk5EVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuUkgMA0EAgACMAcDBQMqBT9AMA0GCSqGSIb3
DQEBCwUAA4IBAQCdrE1IREmRxoq4RviwQbFMHagpYLlqA9TJ631AUy0BEDFJcJ4x
ocAPZsVSsVA7/9CXV93ZEzuxa+n3Fe4+gj8qz1hz5FdiLlZC+0qIxTtZAiMY5NlY
agntEhZrtEGGjheAPqs3ptLmiVZyOJuxebyoJfQ5LOR+/7J1ajXcofZoONxclV10
7H/9ky6TBP/nfuk+4CJxRj1Ax5VwbWqKsQU2N0mRv9ztBrtv3bQ3UAPsPWCONVl4
gEG7rQmLx3qjf+WLR8XTxftsigJHYJ110Kwz9/V12NKI+VeHdEv5cRC3yoQ9s6oD
GUVMmcUCqNq4TjkqLoqh7pawOP9ND0gVz6GV
-----END CERTIFICATE-----