Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9CjqymaZZjTK8dUUAIYiHlbPSs.cer
File:                     c9CjqymaZZjTK8dUUAIYiHlbPSs.cer (raw, json)
Hash identifier:          XCvvAfiE7CbVsEiUjExwUdsiivP9SqPgd3FYlFtXMnI=
Subject key identifier:   73:D0:A3:AB:29:9A:65:98:D3:2B:C7:54:50:02:18:88:79:5B:3D:2B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC64B746F677807301E3B90E27A5CC6F3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/3d/2be7bb-ab98-4ed3-b5ee-10cf65948a56/1/c9CjqymaZZjTK8dUUAIYiHlbPSs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/3d/2be7bb-ab98-4ed3-b5ee-10cf65948a56/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:31:22 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.33.157.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:74:6f:67:78:07:30:1e:3b:90:e2:7a:5c:c6:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73d0a3ab299a6598d32bc75450021888795b3d2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:f3:e5:c2:df:52:a0:b4:c2:32:5e:cb:4e:9e:
                    9e:0b:89:23:33:f7:d3:be:5d:85:16:a6:e0:44:bd:
                    50:14:50:78:61:5d:9b:75:0c:8e:61:83:a5:8d:4f:
                    31:15:5a:25:e3:00:6a:74:1d:1b:12:9b:87:e5:7a:
                    49:a9:ce:ca:d3:78:87:25:6d:49:74:2b:45:75:9c:
                    3a:cf:6c:2f:9e:14:3f:14:b0:e7:51:10:4b:b4:a5:
                    a1:6f:a1:f0:84:7c:ba:9f:b1:dc:7f:ec:43:cd:d9:
                    5d:45:d8:b8:ff:46:86:46:27:31:8a:82:b7:bd:53:
                    42:fd:a1:54:4c:36:11:fe:57:cf:e1:f4:b5:53:d5:
                    27:ae:93:98:49:d1:dc:40:ba:30:45:bd:f1:a0:27:
                    aa:28:12:31:5e:a3:75:d9:0b:fe:0d:91:e9:2f:86:
                    9a:45:d2:a5:4f:64:de:91:2f:be:91:25:00:07:c1:
                    35:ec:5c:84:9f:08:04:dc:a5:87:89:27:47:34:76:
                    ae:90:53:15:37:bd:76:10:e0:95:6c:2f:f6:bc:7c:
                    47:db:2e:51:d4:3a:89:18:a1:7a:70:c2:ba:04:01:
                    07:b6:9a:7e:41:17:67:da:9b:92:8b:2b:29:80:20:
                    18:a8:4b:6b:52:49:26:ba:4e:87:f6:84:17:26:92:
                    2a:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:D0:A3:AB:29:9A:65:98:D3:2B:C7:54:50:02:18:88:79:5B:3D:2B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/2be7bb-ab98-4ed3-b5ee-10cf65948a56/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/2be7bb-ab98-4ed3-b5ee-10cf65948a56/1/c9CjqymaZZjTK8dUUAIYiHlbPSs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:4c:76:3f:e0:cb:5b:e2:92:dc:1c:a5:bf:c4:0f:b2:7d:a8:
         7a:4c:93:41:9b:84:78:1c:e5:e1:e4:ad:54:52:a7:69:b8:65:
         29:80:9f:aa:a2:f5:a8:56:7b:04:07:d0:46:f7:82:72:28:47:
         4d:87:1c:da:3b:62:5e:d7:11:2c:d1:4f:dd:e1:2e:06:ab:05:
         6d:1e:78:ed:04:60:4a:a3:c5:33:76:fa:0a:47:eb:c9:df:c1:
         a7:0c:78:82:0a:02:27:06:7b:3f:99:1e:33:1c:b5:4c:03:39:
         b2:6b:3e:ef:42:44:b2:e1:14:6d:e0:b4:4a:95:c6:f2:90:44:
         f4:9d:9e:33:3d:7f:5b:cb:5f:18:b8:4d:94:31:a7:5c:07:5c:
         66:2a:b5:37:04:cf:37:f3:96:24:5e:94:c5:88:5b:39:b8:83:
         4a:57:12:74:99:47:a2:5e:69:27:71:39:fd:36:45:ef:67:ee:
         20:5d:d3:6f:f9:89:5e:bb:aa:e0:a6:51:ef:fa:5a:b1:24:7b:
         da:fd:65:ad:cd:b7:ce:8a:12:6e:9a:08:7c:04:a9:30:11:fc:
         04:f5:64:da:f9:e1:d9:50:8c:aa:75:33:62:19:bd:77:4d:ce:
         8e:6f:93:71:82:25:ca:da:fe:24:11:9d:29:5c:14:e5:9a:4c:
         40:45:1e:e8
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzGS3RvZ3gHMB47kOJ6XMbzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2QwYTNhYjI5OWE2NTk4ZDMyYmM3NTQ1MDAyMTg4ODc5NWIzZDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2vPlwt9SoLTCMl7LTp6eC4kjM/fT
vl2FFqbgRL1QFFB4YV2bdQyOYYOljU8xFVol4wBqdB0bEpuH5XpJqc7K03iHJW1J
dCtFdZw6z2wvnhQ/FLDnURBLtKWhb6HwhHy6n7Hcf+xDzdldRdi4/0aGRicxioK3
vVNC/aFUTDYR/lfP4fS1U9UnrpOYSdHcQLowRb3xoCeqKBIxXqN12Qv+DZHpL4aa
RdKlT2TekS++kSUAB8E17FyEnwgE3KWHiSdHNHaukFMVN712EOCVbC/2vHxH2y5R
1DqJGKF6cMK6BAEHtpp+QRdn2puSiyspgCAYqEtrUkkmuk6H9oQXJpIqPwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFHPQo6spmmWY0yvHVFACGIh5Wz0rMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNkLzJiZTdi
Yi1hYjk4LTRlZDMtYjVlZS0xMGNmNjU5NDhhNTYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2QvMmJlN2Ji
LWFiOTgtNGVkMy1iNWVlLTEwY2Y2NTk0OGE1Ni8xL2M5Q2pxeW1hWlpqVEs4ZFVV
QUlZaUhsYlBTcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwSGdMA0GCSqGSIb3DQEBCwUAA4IBAQBxTHY/
4Mtb4pLcHKW/xA+yfah6TJNBm4R4HOXh5K1UUqdpuGUpgJ+qovWoVnsEB9BG94Jy
KEdNhxzaO2Je1xEs0U/d4S4GqwVtHnjtBGBKo8UzdvoKR+vJ38GnDHiCCgInBns/
mR4zHLVMAzmyaz7vQkSy4RRt4LRKlcbykET0nZ4zPX9by18YuE2UMadcB1xmKrU3
BM8385YkXpTFiFs5uINKVxJ0mUeiXmkncTn9NkXvZ+4gXdNv+Yleu6rgplHv+lqx
JHva/WWtzbfOihJumgh8BKkwEfwE9WTa+eHZUIyqdTNiGb13Tc6Ob5NxgiXK2v4k
EZ0pXBTlmkxARR7o
-----END CERTIFICATE-----