Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bTZfDZvuSEwIXPP-M4rQNcP5hHk.cer
File:                     bTZfDZvuSEwIXPP-M4rQNcP5hHk.cer (raw, json)
Hash identifier:          Qofpt0K46dzF4AA0H5UxJOj9JvpJ0wUw1avGt11DNvg=
Subject key identifier:   6D:36:5F:0D:9B:EE:48:4C:08:5C:F3:FE:33:8A:D0:35:C3:F9:84:79
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018D405F54CF7474A1432F0D864D1E67DF3F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f1/1b4bdf-67ad-4f0e-81ed-9e5c85af93a5/1/bTZfDZvuSEwIXPP-M4rQNcP5hHk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f1/1b4bdf-67ad-4f0e-81ed-9e5c85af93a5/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 25 Jan 2024 11:26:45 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 176.53.145.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:40:5f:54:cf:74:74:a1:43:2f:0d:86:4d:1e:67:df:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 25 11:26:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d365f0d9bee484c085cf3fe338ad035c3f98479
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:fe:f2:37:b9:18:6d:c3:16:7b:4b:a1:a8:e6:
                    48:f6:73:58:1a:d3:c0:ad:f5:2f:fc:88:4f:4d:2c:
                    25:3d:98:e0:c9:1a:a5:61:89:4b:87:4c:7d:b1:28:
                    0b:b1:bc:7f:b6:c9:8e:b6:f4:3e:a4:db:24:a3:12:
                    6e:66:59:07:77:79:9b:b3:01:c8:f1:4a:6a:f9:6d:
                    b2:5c:d2:3c:17:f2:fa:56:9d:50:08:7e:32:f0:16:
                    ac:d9:e1:f9:9b:99:4d:ae:33:22:32:28:7b:fb:30:
                    a6:aa:3e:83:49:76:52:f3:50:4e:6d:b8:b2:5d:8a:
                    f9:39:0b:67:32:e7:3c:54:3d:66:ab:b1:0d:89:bd:
                    22:52:5e:44:3e:5e:5a:f0:00:b1:fb:99:f9:62:d6:
                    18:28:34:89:c2:f2:54:16:95:61:c1:10:2b:44:10:
                    52:24:71:79:d8:6f:73:62:c9:e2:68:df:d9:cb:c5:
                    f5:98:18:41:26:2c:44:05:5d:43:94:39:d5:ae:f2:
                    b3:ae:ad:a8:4e:35:4b:f0:7c:6c:c0:66:66:64:c3:
                    93:78:8f:56:16:5f:73:8e:e8:ed:ac:6a:04:ab:e1:
                    bf:cd:d6:7a:90:6b:ba:4f:a8:52:69:b9:39:57:df:
                    b1:86:6b:93:56:40:7c:9f:af:96:23:a5:de:1a:d2:
                    0c:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:36:5F:0D:9B:EE:48:4C:08:5C:F3:FE:33:8A:D0:35:C3:F9:84:79
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/1b4bdf-67ad-4f0e-81ed-9e5c85af93a5/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/1b4bdf-67ad-4f0e-81ed-9e5c85af93a5/1/bTZfDZvuSEwIXPP-M4rQNcP5hHk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.53.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:ad:1a:83:c6:8e:13:cd:4c:c6:02:18:57:0f:72:41:69:8e:
         b0:39:b3:4d:33:a6:7c:37:61:04:37:59:c1:90:83:fd:70:b6:
         e6:98:af:d7:c5:14:74:96:0b:b6:14:f6:0a:e6:ff:75:7e:17:
         77:a7:c9:3d:89:db:1b:cb:30:50:37:af:bc:d9:e6:4c:54:a8:
         3e:71:30:09:1c:1a:a2:ee:4d:ac:3b:47:5e:05:99:d4:fd:ea:
         e1:a6:ba:4d:1f:ef:c3:81:ec:b9:81:5d:70:b5:f8:1d:3b:d8:
         6d:84:6d:8a:09:41:bb:2d:b3:26:f6:d9:90:af:7e:9e:f0:ab:
         ca:5f:89:5f:31:14:9c:36:2d:14:4d:50:ee:a5:e9:18:56:72:
         4e:b1:c9:94:79:72:2e:bf:80:63:e8:b2:30:45:44:51:f2:d0:
         07:98:c2:65:2d:aa:7d:66:95:b6:60:63:13:70:f0:bc:e1:7d:
         fb:71:b1:d8:c4:9b:46:58:8a:5e:42:6a:9a:72:2c:67:a8:15:
         aa:ef:70:df:d4:5c:33:d9:b1:ff:20:20:d0:79:4d:80:8d:bb:
         fb:72:85:cd:d3:e2:1e:0d:7e:52:8d:9e:e9:5a:5f:a9:63:02:
         05:c3:6d:06:7b:83:ec:af:de:ba:5f:8e:36:80:57:5a:e8:a6:
         1a:9f:be:d7
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAY1AX1TPdHShQy8Nhk0eZ98/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTI1MTEyNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDM2NWYwZDliZWU0ODRjMDg1Y2YzZmUzMzhhZDAzNWMzZjk4NDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxP7yN7kYbcMWe0uhqOZI9nNYGtPA
rfUv/IhPTSwlPZjgyRqlYYlLh0x9sSgLsbx/tsmOtvQ+pNskoxJuZlkHd3mbswHI
8Upq+W2yXNI8F/L6Vp1QCH4y8Bas2eH5m5lNrjMiMih7+zCmqj6DSXZS81BObbiy
XYr5OQtnMuc8VD1mq7ENib0iUl5EPl5a8ACx+5n5YtYYKDSJwvJUFpVhwRArRBBS
JHF52G9zYsniaN/Zy8X1mBhBJixEBV1DlDnVrvKzrq2oTjVL8HxswGZmZMOTeI9W
Fl9zjujtrGoEq+G/zdZ6kGu6T6hSabk5V9+xhmuTVkB8n6+WI6XeGtIMXQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFG02Xw2b7khMCFzz/jOK0DXD+YR5MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YxLzFiNGJk
Zi02N2FkLTRmMGUtODFlZC05ZTVjODVhZjkzYTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjEvMWI0YmRm
LTY3YWQtNGYwZS04MWVkLTllNWM4NWFmOTNhNS8xL2JUWmZEWnZ1U0V3SVhQUC1N
NHJRTmNQNWhIay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAsDWRMA0GCSqGSIb3DQEBCwUAA4IBAQCErRqD
xo4TzUzGAhhXD3JBaY6wObNNM6Z8N2EEN1nBkIP9cLbmmK/XxRR0lgu2FPYK5v91
fhd3p8k9idsbyzBQN6+82eZMVKg+cTAJHBqi7k2sO0deBZnU/erhprpNH+/Dgey5
gV1wtfgdO9hthG2KCUG7LbMm9tmQr36e8KvKX4lfMRScNi0UTVDupekYVnJOscmU
eXIuv4Bj6LIwRURR8tAHmMJlLap9ZpW2YGMTcPC84X37cbHYxJtGWIpeQmqacixn
qBWq73Df1Fwz2bH/ICDQeU2Ajbv7coXN0+IeDX5SjZ7pWl+pYwIFw20Ge4Psr966
X442gFda6KYan77X
-----END CERTIFICATE-----