Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/byDBquA8J08ClCjuoKRCQgjU8-0.cer
File:                     byDBquA8J08ClCjuoKRCQgjU8-0.cer (raw, json)
Hash identifier:          Trbmhcuj4Fpud/1t1KAk2t/TSrJUs5c6DzEKfyJLaDw=
Subject key identifier:   6F:20:C1:AA:E0:3C:27:4F:02:94:28:EE:A0:A4:42:42:08:D4:F3:ED
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC348925265EEA13596144E02C8E2D4F3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/35/7e4ba7-f592-4eec-bcae-095d0bd2555f/1/byDBquA8J08ClCjuoKRCQgjU8-0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/35/7e4ba7-f592-4eec-bcae-095d0bd2555f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:29:22 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.245.144.0/22
                          IP: 2a12:bcc0::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:92:52:65:ee:a1:35:96:14:4e:02:c8:e2:d4:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f20c1aae03c274f029428eea0a4424208d4f3ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:c4:9a:05:1f:51:7f:49:c6:e1:d9:81:47:2c:
                    fc:66:c4:61:de:a3:f1:d2:9d:81:02:c6:4c:d6:cd:
                    bb:f0:b6:2d:56:df:9a:d5:13:e4:89:9c:1a:29:b3:
                    8e:8c:eb:46:df:74:35:f2:5d:e5:a4:43:d7:2a:8d:
                    e7:0d:10:ea:1e:ba:e7:85:0d:09:59:81:c8:12:6d:
                    3b:85:f2:ec:ed:4a:f5:2f:6c:f6:f4:9c:c7:2e:6e:
                    61:4b:ff:cc:2a:a8:fc:4d:02:7e:32:fe:e9:4f:6c:
                    f8:0b:85:21:3d:e1:4b:b9:02:55:1e:fb:3e:03:5f:
                    2d:51:db:8d:02:5f:81:3e:44:8e:80:7e:f7:1b:66:
                    7b:e7:00:7b:c8:34:2c:97:e7:34:f7:fd:3c:74:5b:
                    41:ae:c5:6c:7e:fc:ba:cd:8c:d7:f2:bd:6f:cf:fa:
                    53:db:a8:94:5f:e7:9e:ec:ba:5a:26:f2:79:e3:fd:
                    1e:44:90:8a:cb:1a:c7:b2:f2:83:dd:c0:98:e2:00:
                    48:a3:1e:a6:36:df:8e:1f:08:df:20:40:bb:56:9a:
                    6b:11:d4:2b:9f:07:62:77:03:f2:b1:4d:7c:91:7c:
                    d5:94:d5:d7:97:39:14:33:e1:ce:98:2b:8a:8d:0e:
                    99:29:cf:32:e2:2e:ba:67:ef:0c:b1:04:63:4f:fe:
                    85:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:20:C1:AA:E0:3C:27:4F:02:94:28:EE:A0:A4:42:42:08:D4:F3:ED
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/7e4ba7-f592-4eec-bcae-095d0bd2555f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/7e4ba7-f592-4eec-bcae-095d0bd2555f/1/byDBquA8J08ClCjuoKRCQgjU8-0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.144.0/22
                IPv6:
                  2a12:bcc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6e:1f:fe:ea:76:fd:35:70:f1:a9:bb:1b:90:39:cf:2b:0d:f3:
         3f:46:29:fb:1a:ab:77:33:f2:da:a7:0d:b1:33:1f:d7:43:17:
         99:3b:0c:bb:af:48:e4:d7:72:c8:0e:ab:dc:87:ce:d8:a4:26:
         70:ff:78:3e:af:31:03:0d:44:c1:0f:c6:08:c4:7e:67:71:bf:
         b9:96:89:57:4a:09:fa:4c:68:f0:ae:f1:a1:2f:cc:95:1a:07:
         85:80:66:0f:9c:57:9a:fc:95:4e:7c:34:cf:3c:8f:a5:3a:5a:
         7d:1e:2c:fa:7e:c6:5f:89:35:2c:37:c8:1a:1e:c7:ff:4f:2f:
         e1:33:3e:2b:26:e9:22:39:a5:70:65:14:5c:0b:6f:bc:d1:24:
         71:6d:68:6b:30:c1:0d:6c:c8:d0:ff:a4:97:61:af:78:11:26:
         38:71:ff:15:8e:ea:3a:6f:7c:4d:08:d3:cb:cf:fb:0c:a4:bb:
         ac:10:76:6a:8b:05:f0:07:4d:21:63:0e:52:54:d2:f8:25:96:
         f2:d1:4a:19:8d:e0:4c:12:3d:87:aa:4f:24:08:c7:f3:22:b4:
         2c:c2:4c:31:7a:9d:5a:b4:99:bf:c7:62:d2:71:7d:c6:f4:be:
         20:66:ba:bf:2c:a4:1c:d2:0d:9d:50:5e:d7:e4:82:7c:f1:bb:
         44:7e:b0:f3
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzDSJJSZe6hNZYUTgLI4tTzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjIwYzFhYWUwM2MyNzRmMDI5NDI4ZWVhMGE0NDI0MjA4ZDRmM2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMSaBR9Rf0nG4dmBRyz8ZsRh3qPx
0p2BAsZM1s278LYtVt+a1RPkiZwaKbOOjOtG33Q18l3lpEPXKo3nDRDqHrrnhQ0J
WYHIEm07hfLs7Ur1L2z29JzHLm5hS//MKqj8TQJ+Mv7pT2z4C4UhPeFLuQJVHvs+
A18tUduNAl+BPkSOgH73G2Z75wB7yDQsl+c09/08dFtBrsVsfvy6zYzX8r1vz/pT
26iUX+ee7LpaJvJ54/0eRJCKyxrHsvKD3cCY4gBIox6mNt+OHwjfIEC7VpprEdQr
nwdidwPysU18kXzVlNXXlzkUM+HOmCuKjQ6ZKc8y4i66Z+8MsQRjT/6FiQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFG8gwargPCdPApQo7qCkQkII1PPtMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM1LzdlNGJh
Ny1mNTkyLTRlZWMtYmNhZS0wOTVkMGJkMjU1NWYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzUvN2U0YmE3
LWY1OTItNGVlYy1iY2FlLTA5NWQwYmQyNTU1Zi8xL2J5REJxdUE4SjA4Q2xDanVv
S1JDUWdqVTgtMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCufWQMA0EAgACMAcDBQMqErzAMA0GCSqGSIb3
DQEBCwUAA4IBAQBuH/7qdv01cPGpuxuQOc8rDfM/Rin7Gqt3M/Lapw2xMx/XQxeZ
Owy7r0jk13LIDqvch87YpCZw/3g+rzEDDUTBD8YIxH5ncb+5lolXSgn6TGjwrvGh
L8yVGgeFgGYPnFea/JVOfDTPPI+lOlp9Hiz6fsZfiTUsN8gaHsf/Ty/hMz4rJuki
OaVwZRRcC2+80SRxbWhrMMENbMjQ/6SXYa94ESY4cf8Vjuo6b3xNCNPLz/sMpLus
EHZqiwXwB00hYw5SVNL4JZby0UoZjeBMEj2Hqk8kCMfzIrQswkwxep1atJm/x2LS
cX3G9L4gZrq/LKQc0g2dUF7X5IJ88btEfrDz
-----END CERTIFICATE-----