Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cH89q67iT8Q7hlqvo_PJwvNkv8k.cer
File:                     cH89q67iT8Q7hlqvo_PJwvNkv8k.cer (raw, json)
Hash identifier:          fz503GT3VjL6mbOGRAJY7BqAfW7SMYK+wWG5K6GN4fQ=
Subject key identifier:   70:7F:3D:AB:AE:E2:4F:C4:3B:86:5A:AF:A3:F3:C9:C2:F3:64:BF:C9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC801A28673AE642D5973058BF28711E7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/eb/88cc50-2273-45ff-adb5-eccd665f1f03/1/cH89q67iT8Q7hlqvo_PJwvNkv8k.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/eb/88cc50-2273-45ff-adb5-eccd665f1f03/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:29:59 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.23.168.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:a2:86:73:ae:64:2d:59:73:05:8b:f2:87:11:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=707f3dabaee24fc43b865aafa3f3c9c2f364bfc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:55:b8:e3:c6:31:6c:a3:93:c1:3d:74:10:dd:
                    57:e4:9f:ec:72:c8:2e:7c:74:13:8b:6a:d3:53:c0:
                    e5:f7:0f:27:3a:ea:7d:97:e6:d9:b6:86:9c:e2:b8:
                    7b:d1:35:d0:a1:cd:ba:e3:77:d3:f7:6a:3a:64:63:
                    0e:ae:05:dc:57:5a:69:11:44:c8:53:0f:9e:2a:39:
                    f5:fe:54:d4:9a:4a:cf:8c:8b:59:27:ad:54:a1:1d:
                    9f:7d:1c:3d:be:db:59:90:fa:30:1a:99:04:a5:f4:
                    c1:62:35:24:e4:c7:c3:f2:61:f8:c7:fd:a8:46:82:
                    c6:a5:1b:1c:5a:33:ff:ba:62:86:dc:a0:5f:2b:9c:
                    68:9b:1c:b0:dd:16:31:a9:fa:1b:54:9d:75:81:59:
                    48:8b:53:03:7a:08:53:55:de:4e:f3:7a:5d:53:48:
                    45:88:f6:a4:02:c2:96:9e:08:57:03:25:0d:eb:db:
                    0f:b8:8c:76:2c:17:c2:2e:79:81:b1:cf:83:a0:a1:
                    13:cc:33:84:8e:48:6d:a2:bd:95:c3:ad:30:48:c5:
                    f6:64:19:b3:6a:de:f1:2f:b6:67:60:db:a2:50:29:
                    4a:bf:72:d0:fe:4f:44:cb:42:b5:e7:31:c9:bf:f3:
                    f4:ae:55:6d:5e:3a:b6:06:65:16:d1:e8:6e:4e:1a:
                    39:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:7F:3D:AB:AE:E2:4F:C4:3B:86:5A:AF:A3:F3:C9:C2:F3:64:BF:C9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/88cc50-2273-45ff-adb5-eccd665f1f03/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/88cc50-2273-45ff-adb5-eccd665f1f03/1/cH89q67iT8Q7hlqvo_PJwvNkv8k.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a8:4e:fc:5d:26:f6:93:b0:40:4c:72:e2:5c:f9:8c:5f:37:e6:
         19:32:30:34:28:22:70:07:2e:20:bf:c3:ba:5a:44:99:68:d4:
         ed:fc:2a:25:44:73:50:fd:9d:4b:e3:88:fd:45:4b:37:0b:03:
         d5:0d:c0:02:49:ef:a5:04:b3:3e:ab:60:92:e6:79:9f:5d:85:
         78:1e:e7:e0:eb:45:f5:3f:86:86:9e:6c:c8:85:14:78:30:d0:
         e9:16:26:18:fb:c1:90:5d:99:ad:a3:5b:f9:18:36:17:7b:db:
         a6:e7:32:4a:88:72:84:5a:ca:35:6b:e3:2d:8c:c5:71:aa:aa:
         5b:9a:31:5e:84:c2:23:04:13:a3:8f:86:01:87:2c:1e:0f:0e:
         4b:af:57:6e:4a:08:d3:12:41:d9:e3:e2:2f:a4:c0:29:4e:5f:
         72:1b:06:7d:73:3e:44:8e:d8:a3:48:32:f0:7c:94:82:c6:fd:
         20:6c:90:f7:73:8b:7c:91:79:89:d9:8a:99:49:a9:4b:7e:61:
         02:2b:c3:cf:c1:7d:56:27:99:f4:d9:32:d3:fd:ee:12:51:f7:
         2c:c3:86:23:83:1b:a7:fc:3e:6b:af:86:49:50:58:73:6d:ac:
         da:00:0a:5a:b2:ed:27:4c:3d:6b:56:9d:8e:eb:30:d0:c6:fc:
         5f:9a:e9:a8
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzIAaKGc65kLVlzBYvyhxHnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDdmM2RhYmFlZTI0ZmM0M2I4NjVhYWZhM2YzYzljMmYzNjRiZmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA41W448YxbKOTwT10EN1X5J/scsgu
fHQTi2rTU8Dl9w8nOup9l+bZtoac4rh70TXQoc2643fT92o6ZGMOrgXcV1ppEUTI
Uw+eKjn1/lTUmkrPjItZJ61UoR2ffRw9vttZkPowGpkEpfTBYjUk5MfD8mH4x/2o
RoLGpRscWjP/umKG3KBfK5xomxyw3RYxqfobVJ11gVlIi1MDeghTVd5O83pdU0hF
iPakAsKWnghXAyUN69sPuIx2LBfCLnmBsc+DoKETzDOEjkhtor2Vw60wSMX2ZBmz
at7xL7ZnYNuiUClKv3LQ/k9Ey0K15zHJv/P0rlVtXjq2BmUW0ehuTho5pQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFHB/Pauu4k/EO4Zar6PzycLzZL/JMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ViLzg4Y2M1
MC0yMjczLTQ1ZmYtYWRiNS1lY2NkNjY1ZjFmMDMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWIvODhjYzUw
LTIyNzMtNDVmZi1hZGI1LWVjY2Q2NjVmMWYwMy8xL2NIODlxNjdpVDhRN2hscXZv
X1BKd3ZOa3Y4ay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwReoMA0GCSqGSIb3DQEBCwUAA4IBAQCoTvxd
JvaTsEBMcuJc+YxfN+YZMjA0KCJwBy4gv8O6WkSZaNTt/ColRHNQ/Z1L44j9RUs3
CwPVDcACSe+lBLM+q2CS5nmfXYV4Hufg60X1P4aGnmzIhRR4MNDpFiYY+8GQXZmt
o1v5GDYXe9um5zJKiHKEWso1a+MtjMVxqqpbmjFehMIjBBOjj4YBhyweDw5Lr1du
SgjTEkHZ4+IvpMApTl9yGwZ9cz5EjtijSDLwfJSCxv0gbJD3c4t8kXmJ2YqZSalL
fmECK8PPwX1WJ5n02TLT/e4SUfcsw4Yjgxun/D5rr4ZJUFhzbazaAApasu0nTD1r
Vp2O6zDQxvxfmumo
-----END CERTIFICATE-----