Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cMuWVD9-GVcj5tEiwpR4v92gPsw.cer
File:                     cMuWVD9-GVcj5tEiwpR4v92gPsw.cer (raw, json)
Hash identifier:          Umg8+YJOQC0Ofn2EcP4gvXbn8Xfk4kX+mok2AyPm9FY=
Subject key identifier:   70:CB:96:54:3F:7E:19:57:23:E6:D1:22:C2:94:78:BF:DD:A0:3E:CC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5DCCFF864958ADC61A5F019107BB89A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/dc/b7e4ac-8508-4d6b-a2bc-274cd6caa3f3/1/cMuWVD9-GVcj5tEiwpR4v92gPsw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/dc/b7e4ac-8508-4d6b-a2bc-274cd6caa3f3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 16:30:31 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.239.186.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:cf:f8:64:95:8a:dc:61:a5:f0:19:10:7b:b8:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 16:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70cb96543f7e195723e6d122c29478bfdda03ecc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d5:4a:e6:99:b1:a9:b5:0b:a2:0b:48:f6:e2:
                    b5:09:a0:66:ce:4c:51:da:95:4f:2f:d5:1d:07:7d:
                    3e:a8:2b:05:b0:de:85:96:b7:60:1b:53:f2:04:e8:
                    db:8c:48:5a:6d:c8:37:6c:13:4e:08:70:51:11:52:
                    4d:75:ce:10:43:a9:81:b8:91:7d:87:95:13:8b:85:
                    2c:a8:5c:be:29:10:22:46:11:ce:19:29:36:12:76:
                    f4:3f:51:c8:4d:e0:f6:9a:bc:1c:d2:94:ae:a8:78:
                    fc:4f:2d:48:a6:c6:7b:b9:23:7c:de:5d:4c:c8:04:
                    a8:84:b0:ae:ec:d7:08:ae:83:a7:69:45:3d:c0:81:
                    c1:50:e7:29:26:7c:85:f0:a4:e9:31:f6:ca:e7:9a:
                    8a:ea:4b:27:a7:d8:b7:6b:31:81:36:68:1a:4b:ce:
                    7e:f3:44:a3:17:2b:41:8f:29:3f:46:52:b1:ed:e6:
                    a7:38:0a:bd:39:94:84:a6:3a:fa:78:c3:71:5a:e8:
                    93:f5:55:58:50:b2:c4:92:3c:b6:47:f6:fe:81:90:
                    40:57:34:c2:3b:97:c5:cc:b5:37:41:13:77:ca:c6:
                    1f:b5:6f:ad:87:95:6e:55:0e:1b:e8:5b:0f:61:fc:
                    ff:e7:a3:a9:55:e3:6f:41:43:fc:3a:e6:04:1e:21:
                    89:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:CB:96:54:3F:7E:19:57:23:E6:D1:22:C2:94:78:BF:DD:A0:3E:CC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/b7e4ac-8508-4d6b-a2bc-274cd6caa3f3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/b7e4ac-8508-4d6b-a2bc-274cd6caa3f3/1/cMuWVD9-GVcj5tEiwpR4v92gPsw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:82:9b:f4:88:96:67:54:56:51:a5:d7:04:c7:9a:0e:65:03:
         eb:8f:ce:a9:9e:96:1e:e1:49:b2:cd:a3:49:97:4e:e5:9b:ed:
         e9:2a:38:83:78:ec:e7:40:1d:c5:ef:b4:d9:38:c4:d6:d5:e5:
         0b:6a:86:97:bd:cb:ca:cd:86:9a:6a:16:44:60:ee:26:a7:0e:
         05:4a:43:85:e9:bb:af:ab:55:1e:dd:a4:86:0d:f4:ec:db:ad:
         c4:26:54:68:4b:61:77:a1:e9:a1:b4:19:a6:85:39:e7:0c:35:
         d7:4b:84:64:a4:2e:65:a6:4c:9d:fc:e4:20:5f:5d:37:c4:15:
         73:21:31:d9:50:af:d6:05:67:fc:07:c1:c6:4b:1f:de:2c:73:
         c0:d7:2d:fe:b0:02:3c:2c:79:32:be:e2:0f:8b:a7:31:de:1c:
         9c:d6:bb:bb:2c:3f:ee:9b:ac:ff:77:90:5b:ae:31:b1:97:a5:
         1c:9a:0d:b5:06:04:6b:f3:1c:9a:91:cb:45:4e:09:d6:ca:a1:
         a1:48:0d:cb:69:34:ee:fb:72:86:3a:90:f4:f6:69:ed:b9:7e:
         e8:7c:06:5a:4c:cf:e6:07:81:21:d6:87:5d:2d:9e:c6:fb:c5:
         dc:b1:b0:36:41:f1:ed:09:14:4c:81:cd:5b:8e:ed:e1:ee:fd:
         f4:23:0c:ca
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzF3M/4ZJWK3GGl8BkQe7iaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTYzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGNiOTY1NDNmN2UxOTU3MjNlNmQxMjJjMjk0NzhiZmRkYTAzZWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNVK5pmxqbULogtI9uK1CaBmzkxR
2pVPL9UdB30+qCsFsN6FlrdgG1PyBOjbjEhabcg3bBNOCHBREVJNdc4QQ6mBuJF9
h5UTi4UsqFy+KRAiRhHOGSk2Enb0P1HITeD2mrwc0pSuqHj8Ty1IpsZ7uSN83l1M
yASohLCu7NcIroOnaUU9wIHBUOcpJnyF8KTpMfbK55qK6ksnp9i3azGBNmgaS85+
80SjFytBjyk/RlKx7eanOAq9OZSEpjr6eMNxWuiT9VVYULLEkjy2R/b+gZBAVzTC
O5fFzLU3QRN3ysYftW+th5VuVQ4b6FsPYfz/56OpVeNvQUP8OuYEHiGJRQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFHDLllQ/fhlXI+bRIsKUeL/doD7MMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2RjL2I3ZTRh
Yy04NTA4LTRkNmItYTJiYy0yNzRjZDZjYWEzZjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGMvYjdlNGFj
LTg1MDgtNGQ2Yi1hMmJjLTI3NGNkNmNhYTNmMy8xL2NNdVdWRDktR1ZjajV0RWl3
cFI0djkyZ1Bzdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW++6MA0GCSqGSIb3DQEBCwUAA4IBAQALgpv0
iJZnVFZRpdcEx5oOZQPrj86pnpYe4UmyzaNJl07lm+3pKjiDeOznQB3F77TZOMTW
1eULaoaXvcvKzYaaahZEYO4mpw4FSkOF6buvq1Ue3aSGDfTs263EJlRoS2F3oemh
tBmmhTnnDDXXS4RkpC5lpkyd/OQgX103xBVzITHZUK/WBWf8B8HGSx/eLHPA1y3+
sAI8LHkyvuIPi6cx3hyc1ru7LD/um6z/d5BbrjGxl6Ucmg21BgRr8xyakctFTgnW
yqGhSA3LaTTu+3KGOpD09mntuX7ofAZaTM/mB4Eh1oddLZ7G+8XcsbA2QfHtCRRM
gc1bju3h7v30IwzK
-----END CERTIFICATE-----