Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1eSq4t1mqdzA42SB3qZvPjYGqA.cer
File:                     b1eSq4t1mqdzA42SB3qZvPjYGqA.cer (raw, json)
Hash identifier:          b89km51xO/wEZTKQOdXSpWj74LlxC5Jvezaih5jj+kw=
Subject key identifier:   6F:57:92:AB:8B:75:9A:A7:73:03:8D:92:07:7A:99:BC:F8:D8:1A:A0
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2BB1C6DD0FF838383B7CDC88F3D3B1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/56/7f9978-1fe4-4b99-8143-5d1b1ecb99bf/1/b1eSq4t1mqdzA42SB3qZvPjYGqA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/56/7f9978-1fe4-4b99-8143-5d1b1ecb99bf/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:35:10 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.22.173.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:b1:c6:dd:0f:f8:38:38:3b:7c:dc:88:f3:d3:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:35:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f5792ab8b759aa773038d92077a99bcf8d81aa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:12:62:23:8b:36:fa:5b:ad:4b:15:8f:f4:d2:
                    98:9e:b6:b4:5a:7d:e5:d6:2b:d2:05:f4:3a:f9:6b:
                    4b:29:2b:d0:56:6e:60:7e:b5:0c:59:6e:6a:9a:e1:
                    fa:a4:a6:1c:fb:81:e0:9a:50:a3:5d:c1:82:04:65:
                    bf:5e:62:90:23:20:26:5e:1d:47:74:56:dd:d6:3f:
                    b8:f6:07:b6:71:b6:d2:cc:88:28:ab:15:bf:02:c6:
                    0d:a0:46:c1:5c:f4:78:d8:14:d0:bb:e0:93:70:f9:
                    26:7a:e1:e9:d6:0d:36:42:9f:0d:e0:77:0c:1c:2d:
                    15:6f:1b:a0:7e:35:f8:95:0d:69:a0:b6:4b:43:6e:
                    00:a9:eb:3e:b3:df:29:5f:cf:b3:16:5b:e8:be:69:
                    49:bf:4b:05:50:13:22:63:93:c8:29:af:14:d4:22:
                    97:f3:7d:e3:09:a2:cc:78:b9:ec:f7:99:a5:36:03:
                    44:eb:af:72:59:70:b4:47:b3:c6:03:48:f7:61:1b:
                    c6:8b:24:d4:b1:ca:b8:9f:aa:12:92:18:e0:50:9a:
                    2a:14:a4:f5:63:a6:76:d0:eb:96:3c:bc:8f:22:ba:
                    74:1e:db:f0:94:1f:a4:5a:f5:5d:5b:e5:e6:53:b2:
                    b2:61:89:75:ac:d3:80:92:09:63:23:de:12:11:55:
                    76:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:57:92:AB:8B:75:9A:A7:73:03:8D:92:07:7A:99:BC:F8:D8:1A:A0
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/7f9978-1fe4-4b99-8143-5d1b1ecb99bf/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/7f9978-1fe4-4b99-8143-5d1b1ecb99bf/1/b1eSq4t1mqdzA42SB3qZvPjYGqA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:2c:6e:d4:88:be:1d:22:9b:49:b4:23:5f:0f:4f:f6:10:a2:
         3c:6d:b8:c5:a5:90:d1:32:f6:52:14:6a:2f:9a:55:09:7f:e9:
         0b:7f:b7:15:53:31:b8:84:0c:d7:ae:7d:b0:da:f1:c7:35:bf:
         9d:cd:da:5f:2e:6e:2b:b7:ec:19:8e:20:73:59:f8:ad:ec:a7:
         0a:4e:6e:50:39:58:29:4b:07:08:e7:be:b0:7e:c5:77:eb:3b:
         2a:71:ef:2b:08:ff:55:aa:2a:a2:9c:37:70:c9:b9:6a:ec:f1:
         39:55:0a:17:4f:71:55:41:ef:b0:8d:a7:d1:e8:cf:6d:7a:65:
         74:08:0d:8c:07:7c:ab:39:4d:da:c3:b9:23:51:d6:f3:2c:1f:
         b4:8a:6c:cb:06:29:9a:c8:1b:e0:be:53:55:90:dc:a1:d9:00:
         a1:f9:5a:a6:ae:79:59:ca:d9:91:04:41:70:0d:e9:03:7c:46:
         96:aa:94:fd:ef:f6:c2:18:7b:7c:ae:d2:02:e4:2c:ef:0a:08:
         84:f9:e5:2d:1b:8b:b5:13:b8:31:9a:90:f7:5b:d6:82:67:57:
         29:ec:22:fc:35:b2:a4:2a:9d:29:bb:4f:b5:8b:f2:22:79:0c:
         97:2c:15:89:4b:02:13:77:99:f8:f1:7c:9b:d7:eb:0a:e7:61:
         de:b2:9c:59
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzKK7HG3Q/4ODg7fNyI89OxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjU3OTJhYjhiNzU5YWE3NzMwMzhkOTIwNzdhOTliY2Y4ZDgxYWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxJiI4s2+lutSxWP9NKYnra0Wn3l
1ivSBfQ6+WtLKSvQVm5gfrUMWW5qmuH6pKYc+4HgmlCjXcGCBGW/XmKQIyAmXh1H
dFbd1j+49ge2cbbSzIgoqxW/AsYNoEbBXPR42BTQu+CTcPkmeuHp1g02Qp8N4HcM
HC0VbxugfjX4lQ1poLZLQ24Aqes+s98pX8+zFlvovmlJv0sFUBMiY5PIKa8U1CKX
833jCaLMeLns95mlNgNE669yWXC0R7PGA0j3YRvGiyTUscq4n6oSkhjgUJoqFKT1
Y6Z20OuWPLyPIrp0HtvwlB+kWvVdW+XmU7KyYYl1rNOAkgljI94SEVV2VwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFG9XkquLdZqncwONkgd6mbz42BqgMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU2LzdmOTk3
OC0xZmU0LTRiOTktODE0My01ZDFiMWVjYjk5YmYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTYvN2Y5OTc4
LTFmZTQtNGI5OS04MTQzLTVkMWIxZWNiOTliZi8xL2IxZVNxNHQxbXFkekE0MlNC
M3FadlBqWUdxQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwRatMA0GCSqGSIb3DQEBCwUAA4IBAQCALG7U
iL4dIptJtCNfD0/2EKI8bbjFpZDRMvZSFGovmlUJf+kLf7cVUzG4hAzXrn2w2vHH
Nb+dzdpfLm4rt+wZjiBzWfit7KcKTm5QOVgpSwcI576wfsV36zsqce8rCP9Vqiqi
nDdwyblq7PE5VQoXT3FVQe+wjafR6M9temV0CA2MB3yrOU3aw7kjUdbzLB+0imzL
BimayBvgvlNVkNyh2QCh+VqmrnlZytmRBEFwDekDfEaWqpT97/bCGHt8rtIC5Czv
CgiE+eUtG4u1E7gxmpD3W9aCZ1cp7CL8NbKkKp0pu0+1i/IieQyXLBWJSwITd5n4
8Xyb1+sK52HespxZ
-----END CERTIFICATE-----