Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/csZGC0-x70a8dFf_DPRjvcTgP6k.cer
File:                     csZGC0-x70a8dFf_DPRjvcTgP6k.cer (raw, json)
Hash identifier:          ZmIaSEb3a/6Icq8bICwAblsSgAPkrMY/+Z9ZgKqMc5g=
Subject key identifier:   72:C6:46:0B:4F:B1:EF:46:BC:74:57:FF:0C:F4:63:BD:C4:E0:3F:A9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8DE5004FC23C78E25E42DEE99D88B43
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6e/a5ce7e-7d1d-48ef-8f36-0b740a36a8ee/1/csZGC0-x70a8dFf_DPRjvcTgP6k.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6e/a5ce7e-7d1d-48ef-8f36-0b740a36a8ee/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 06:31:01 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 46.253.134.0/24
                          IP: 185.81.120.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:50:04:fc:23:c7:8e:25:e4:2d:ee:99:d8:8b:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72c6460b4fb1ef46bc7457ff0cf463bdc4e03fa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:00:48:6c:3b:27:2f:3c:3d:c0:d7:05:fc:10:
                    87:63:14:be:59:03:0d:93:a6:49:a1:8e:2c:d9:b1:
                    ba:ba:7a:3e:6b:e9:14:dd:47:f3:75:84:a5:33:34:
                    45:cb:e7:28:00:77:6f:98:8f:ed:0a:98:b2:24:3a:
                    0f:d5:d1:1b:a4:78:5f:a0:f4:b1:b3:9f:bd:41:4c:
                    9d:db:fd:75:b7:76:6e:ae:40:08:d4:2b:16:05:57:
                    46:ee:c8:1d:c1:42:43:db:04:6c:4b:dc:d3:c3:40:
                    e5:0e:35:e1:a7:11:5e:a8:1d:b4:ff:0e:64:45:1d:
                    ce:5a:11:01:05:be:4b:a9:5d:12:d1:f2:e6:19:2f:
                    91:2d:81:31:fe:e5:fb:e9:36:b8:c2:52:2c:9c:24:
                    67:d8:90:23:b4:89:8e:28:c5:e9:70:b6:d4:8b:10:
                    19:27:f4:d6:7b:69:18:2a:ad:44:26:33:1f:4d:fe:
                    db:d2:8b:c2:98:7b:59:f9:6e:c3:31:70:f1:f7:31:
                    8e:ed:fd:1d:17:66:0a:9e:9b:5b:b8:6c:57:e2:39:
                    73:3d:7a:af:0b:de:4b:98:52:8a:fa:36:02:df:8b:
                    9b:10:e4:15:40:54:7f:8e:a3:30:57:88:04:59:75:
                    fa:18:94:7a:29:e5:35:19:7b:3b:54:73:5b:9c:07:
                    4e:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:C6:46:0B:4F:B1:EF:46:BC:74:57:FF:0C:F4:63:BD:C4:E0:3F:A9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a5ce7e-7d1d-48ef-8f36-0b740a36a8ee/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a5ce7e-7d1d-48ef-8f36-0b740a36a8ee/1/csZGC0-x70a8dFf_DPRjvcTgP6k.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.253.134.0/24
                  185.81.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:51:b7:9e:b9:3d:50:08:33:9a:28:78:93:f5:3d:7e:e6:fb:
         78:63:c8:da:60:88:46:96:65:25:d5:db:b5:37:6a:1a:76:71:
         ce:38:eb:9b:01:0d:68:b0:2b:e8:8c:b9:4c:c7:78:0a:d2:2d:
         bf:09:7d:e6:9c:a3:f9:9a:69:66:89:3d:57:11:a4:e9:54:9e:
         b0:3f:54:76:73:1d:5b:ba:fb:37:50:0d:63:b2:b2:09:49:10:
         e8:69:06:fd:8c:bc:6b:0f:e4:a3:9a:79:e2:69:f1:e8:80:ee:
         2e:4a:af:6b:fc:9b:09:45:f2:30:37:8e:27:bf:e2:7b:3c:7c:
         10:3d:00:6a:21:68:a9:7e:bf:1a:6c:42:22:21:3b:e1:3b:69:
         a7:de:cb:b1:ba:89:6f:98:de:2a:3e:e2:ae:a4:b3:ab:69:9d:
         67:2f:27:ee:d7:66:af:d9:80:69:20:b9:d4:fc:a1:b5:cb:15:
         12:0f:15:83:c9:c3:c9:be:70:8a:3e:6a:0e:e1:70:60:b5:0e:
         e4:28:12:3c:f8:34:9b:1d:b5:d6:8c:d5:70:a8:5a:4d:b9:ae:
         7f:c8:aa:8d:dd:a6:d9:11:ec:a0:50:57:cb:22:09:cd:7a:59:
         5a:df:24:24:af:83:66:c1:03:10:d8:b6:2f:ae:95:51:ea:e6:
         6c:44:f3:33
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAYzI3lAE/CPHjiXkLe6Z2ItDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDYzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmM2NDYwYjRmYjFlZjQ2YmM3NDU3ZmYwY2Y0NjNiZGM0ZTAzZmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgBIbDsnLzw9wNcF/BCHYxS+WQMN
k6ZJoY4s2bG6uno+a+kU3UfzdYSlMzRFy+coAHdvmI/tCpiyJDoP1dEbpHhfoPSx
s5+9QUyd2/11t3ZurkAI1CsWBVdG7sgdwUJD2wRsS9zTw0DlDjXhpxFeqB20/w5k
RR3OWhEBBb5LqV0S0fLmGS+RLYEx/uX76Ta4wlIsnCRn2JAjtImOKMXpcLbUixAZ
J/TWe2kYKq1EJjMfTf7b0ovCmHtZ+W7DMXDx9zGO7f0dF2YKnptbuGxX4jlzPXqv
C95LmFKK+jYC34ubEOQVQFR/jqMwV4gEWXX6GJR6KeU1GXs7VHNbnAdOPwIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFHLGRgtPse9GvHRX/wz0Y73E4D+pMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZlL2E1Y2U3
ZS03ZDFkLTQ4ZWYtOGYzNi0wYjc0MGEzNmE4ZWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmUvYTVjZTdl
LTdkMWQtNDhlZi04ZjM2LTBiNzQwYTM2YThlZS8xL2NzWkdDMC14NzBhOGRGZl9E
UFJqdmNUZ1A2ay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQALv2GAwQCuVF4MA0GCSqGSIb3DQEBCwUAA4IB
AQCBUbeeuT1QCDOaKHiT9T1+5vt4Y8jaYIhGlmUl1du1N2oadnHOOOubAQ1osCvo
jLlMx3gK0i2/CX3mnKP5mmlmiT1XEaTpVJ6wP1R2cx1buvs3UA1jsrIJSRDoaQb9
jLxrD+SjmnniafHogO4uSq9r/JsJRfIwN44nv+J7PHwQPQBqIWipfr8abEIiITvh
O2mn3suxuolvmN4qPuKupLOraZ1nLyfu12av2YBpILnU/KG1yxUSDxWDycPJvnCK
PmoO4XBgtQ7kKBI8+DSbHbXWjNVwqFpNua5/yKqN3abZEeygUFfLIgnNella3yQk
r4NmwQMQ2LYvrpVR6uZsRPMz
-----END CERTIFICATE-----