Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/crJdhZ_wa-HryXrdXewF02_Nyi0.cer
File:                     crJdhZ_wa-HryXrdXewF02_Nyi0.cer (raw, json)
Hash identifier:          aaBFVQy9ddtxLPhefmUcmstopaPWlw5Ot8BM/ZoQRvY=
Subject key identifier:   72:B2:5D:85:9F:F0:6B:E1:EB:C9:7A:DD:5D:EC:05:D3:6F:CD:CA:2D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC64A8DE7602E9F22C17571337F23EBBF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a6/2f833f-a7e8-4f9d-a383-123fa2ab9408/1/crJdhZ_wa-HryXrdXewF02_Nyi0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a6/2f833f-a7e8-4f9d-a383-123fa2ab9408/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:30:23 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 2001:678:980::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:8d:e7:60:2e:9f:22:c1:75:71:33:7f:23:eb:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72b25d859ff06be1ebc97add5dec05d36fcdca2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:df:00:e0:f8:6e:57:0f:4e:b1:25:7c:55:b2:
                    e3:eb:b8:8d:ab:6a:7c:49:31:96:23:3b:5e:f5:39:
                    e3:3d:bb:cc:d2:fe:c2:27:e8:8f:18:5a:67:38:95:
                    87:11:7a:b7:c7:97:ff:ef:e7:73:22:74:d0:e0:b7:
                    40:7a:13:8e:fb:b0:2e:ed:90:a3:09:46:f6:75:1b:
                    ac:f3:10:37:56:6f:b6:a1:02:ee:2f:ba:8e:3d:cd:
                    0e:e4:0f:15:ec:c8:cb:c0:82:a5:e7:c7:bf:70:4b:
                    82:05:5f:5f:4a:dc:40:68:3a:94:9a:11:5a:f8:31:
                    86:c1:0d:95:c8:bb:c3:a6:d7:e2:df:6a:c0:06:54:
                    11:f5:a4:40:c5:ce:78:90:f2:b4:67:49:ba:a0:79:
                    32:ce:4f:74:e8:d8:64:5b:f8:99:54:35:c3:ba:d0:
                    bf:43:47:e0:ca:1e:1d:bc:25:79:6f:bc:b6:22:62:
                    41:39:c3:47:88:a9:37:95:c2:f6:9d:82:a2:1e:53:
                    df:d7:ab:e0:e2:6e:79:12:78:34:c3:67:cc:08:9e:
                    85:39:c3:de:08:b0:d6:1d:91:5a:a9:b5:b4:f3:c0:
                    ba:0e:72:94:f3:ad:7d:0c:3f:ae:c1:38:f4:48:5b:
                    04:56:6a:a4:fe:2f:6b:99:a4:d6:30:6c:0e:a2:a0:
                    e0:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:B2:5D:85:9F:F0:6B:E1:EB:C9:7A:DD:5D:EC:05:D3:6F:CD:CA:2D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/2f833f-a7e8-4f9d-a383-123fa2ab9408/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/2f833f-a7e8-4f9d-a383-123fa2ab9408/1/crJdhZ_wa-HryXrdXewF02_Nyi0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:980::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:08:3a:8a:28:bc:5c:ad:75:b7:fe:9d:a2:67:a2:08:da:0f:
         3c:04:d6:3b:fb:bc:ad:3b:c1:e1:4b:70:94:14:ee:45:24:a6:
         12:69:fa:c4:4f:a6:66:49:45:5a:2e:f9:9e:f7:62:95:f4:61:
         91:b1:79:84:96:5b:9b:77:1a:2e:70:ff:45:26:f9:fa:d8:51:
         28:3d:59:1a:ac:f3:20:e0:25:17:43:e4:8a:4b:a4:e3:41:13:
         5f:d4:ed:9a:17:31:52:e3:d7:ca:78:3e:b0:07:d0:0d:3c:62:
         86:3d:1e:11:bf:09:fb:88:94:36:52:c1:1d:cf:3c:13:12:2b:
         ba:ce:bd:ea:b7:c5:ed:35:6b:e4:1e:7c:ed:01:95:38:af:45:
         52:2a:f2:4d:d6:6c:03:6e:1f:fd:0b:b6:c3:30:5b:5a:dd:c8:
         45:94:e9:e2:bf:a1:a3:0c:4d:d7:5d:3d:74:a4:ce:df:e3:85:
         28:f3:60:f1:24:86:61:0b:a3:ee:f1:68:98:00:e1:2b:70:4f:
         80:0d:4b:e8:d5:52:03:e5:cf:f2:f9:e8:f6:49:2f:51:48:11:
         22:13:e2:a2:d1:6d:99:81:d5:fd:85:79:e8:dd:6f:f7:9a:a6:
         33:a4:23:67:d9:fc:b3:9b:f5:b8:40:4b:84:64:51:de:8f:c4:
         25:da:0f:11
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgISAYzGSo3nYC6fIsF1cTN/I+u/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmIyNWQ4NTlmZjA2YmUxZWJjOTdhZGQ1ZGVjMDVkMzZmY2RjYTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAst8A4PhuVw9OsSV8VbLj67iNq2p8
STGWIzte9TnjPbvM0v7CJ+iPGFpnOJWHEXq3x5f/7+dzInTQ4LdAehOO+7Au7ZCj
CUb2dRus8xA3Vm+2oQLuL7qOPc0O5A8V7MjLwIKl58e/cEuCBV9fStxAaDqUmhFa
+DGGwQ2VyLvDptfi32rABlQR9aRAxc54kPK0Z0m6oHkyzk906NhkW/iZVDXDutC/
Q0fgyh4dvCV5b7y2ImJBOcNHiKk3lcL2nYKiHlPf16vg4m55Eng0w2fMCJ6FOcPe
CLDWHZFaqbW088C6DnKU8619DD+uwTj0SFsEVmqk/i9rmaTWMGwOoqDgFQIDAQAB
o4IChzCCAoMwHQYDVR0OBBYEFHKyXYWf8Gvh68l63V3sBdNvzcotMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2E2LzJmODMz
Zi1hN2U4LTRmOWQtYTM4My0xMjNmYTJhYjk0MDgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTYvMmY4MzNm
LWE3ZTgtNGY5ZC1hMzgzLTEyM2ZhMmFiOTQwOC8xL2NySmRoWl93YS1IcnlYcmRY
ZXdGMDJfTnlpMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAmAMA0GCSqGSIb3DQEBCwUAA4IBAQAa
CDqKKLxcrXW3/p2iZ6II2g88BNY7+7ytO8HhS3CUFO5FJKYSafrET6ZmSUVaLvme
92KV9GGRsXmEllubdxoucP9FJvn62FEoPVkarPMg4CUXQ+SKS6TjQRNf1O2aFzFS
49fKeD6wB9ANPGKGPR4Rvwn7iJQ2UsEdzzwTEiu6zr3qt8XtNWvkHnztAZU4r0VS
KvJN1mwDbh/9C7bDMFta3chFlOniv6GjDE3XXT10pM7f44Uo82DxJIZhC6Pu8WiY
AOErcE+ADUvo1VID5c/y+ej2SS9RSBEiE+Ki0W2ZgdX9hXno3W/3mqYzpCNn2fyz
m/W4QEuEZFHej8Ql2g8R
-----END CERTIFICATE-----