Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dMf46RuB_mSHMHxSJusET5I5bOo.cer
File:                     dMf46RuB_mSHMHxSJusET5I5bOo.cer (raw, json)
Hash identifier:          eoYRt7+ruewOr3dl45YefX0W/lxmZeHo6v3GlK6hVGQ=
Subject key identifier:   74:C7:F8:E9:1B:81:FE:64:87:30:7C:52:26:EB:04:4F:92:39:6C:EA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC42562E93324583EA45C24670481B8B2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f6/a9c6ac-f9a2-4462-8aaa-8b64f7c3a76e/1/dMf46RuB_mSHMHxSJusET5I5bOo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f6/a9c6ac-f9a2-4462-8aaa-8b64f7c3a76e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 08:30:33 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.176.136.0/21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:62:e9:33:24:58:3e:a4:5c:24:67:04:81:b8:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 08:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74c7f8e91b81fe6487307c5226eb044f92396cea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:d4:a7:dd:51:d8:25:aa:1d:b3:05:33:c7:4c:
                    64:d1:f3:ae:7e:9d:36:d3:c4:d8:96:0e:9d:3b:ee:
                    36:f4:4e:d9:72:2c:eb:cc:33:17:f3:9b:dd:82:dc:
                    cc:ed:15:f2:c7:b1:48:f5:01:5a:af:9a:41:20:6f:
                    83:5d:80:49:46:e9:f7:f8:d7:d3:99:a6:9c:ec:7c:
                    54:e6:76:d5:18:97:2d:c6:6d:d2:09:c3:c4:69:0f:
                    aa:95:90:4b:8c:a4:e8:f5:76:49:ac:85:42:58:ed:
                    ad:4c:04:e1:b6:3c:0b:7d:f6:ff:26:dc:15:ff:1d:
                    82:40:10:6b:09:a8:e2:49:42:7a:f4:6d:c6:9f:ab:
                    75:04:7e:c2:f8:31:d2:0d:07:ca:cd:89:57:22:4e:
                    d9:00:4b:d9:7f:4e:3f:36:5a:c7:47:1b:56:78:76:
                    18:14:06:f9:f8:eb:3f:a7:a0:5a:5f:d7:55:c7:13:
                    09:b2:0b:95:e7:3a:b1:c4:e7:d3:73:14:9b:d6:0f:
                    35:d9:cc:47:1b:1f:54:d9:05:10:f5:70:6c:4d:9b:
                    49:c6:61:3b:21:46:67:d4:ae:1f:62:bd:76:5a:2a:
                    c7:cd:32:a6:ab:71:a4:3a:fe:8c:91:1f:d7:38:a4:
                    e4:4d:de:fa:21:95:dd:dd:d6:a2:24:52:f9:7b:2f:
                    ae:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:C7:F8:E9:1B:81:FE:64:87:30:7C:52:26:EB:04:4F:92:39:6C:EA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/a9c6ac-f9a2-4462-8aaa-8b64f7c3a76e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/a9c6ac-f9a2-4462-8aaa-8b64f7c3a76e/1/dMf46RuB_mSHMHxSJusET5I5bOo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         83:66:ee:0b:c5:3f:d4:43:19:89:c9:65:e3:21:6e:1d:1c:e5:
         bf:69:d1:c6:81:98:c1:31:08:71:2b:d9:3e:6c:d2:6b:3f:fb:
         97:9b:54:ac:b2:20:aa:e7:44:4b:34:19:2d:01:1c:1c:2a:97:
         80:90:6e:c4:6d:31:4e:58:f0:4c:ab:b7:36:01:c4:19:60:b6:
         49:32:39:d7:81:1b:85:78:79:8b:b3:f5:d5:0b:c4:29:fa:fd:
         80:67:2e:43:43:0a:42:e4:72:53:e8:a1:99:76:44:32:7a:66:
         ae:8c:eb:fa:15:f0:d0:5b:00:bd:bd:ba:7c:a7:7a:fe:80:b5:
         a5:21:aa:5b:8d:9d:cb:3e:ef:2e:82:6f:95:e0:fc:ef:0b:33:
         ce:83:4e:93:0d:33:c4:2f:12:60:18:4e:07:97:91:b6:3c:4b:
         97:f2:a0:62:f0:ca:a7:39:96:5d:cf:e8:a7:2f:e1:e6:ec:59:
         f1:5e:15:2f:0f:a7:32:09:c7:4d:8d:c4:d1:7a:26:b0:05:45:
         b9:c5:6e:1e:3a:17:da:b3:c9:43:15:36:09:33:ff:7e:75:e7:
         dc:04:25:bd:54:9d:bb:a6:e7:7a:90:de:53:57:22:b8:69:a4:
         34:9a:69:ca:d9:6d:3c:16:15:3c:87:72:a1:ab:1a:0e:5e:34:
         7e:1d:85:d1
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzEJWLpMyRYPqRcJGcEgbiyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDgzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGM3ZjhlOTFiODFmZTY0ODczMDdjNTIyNmViMDQ0ZjkyMzk2Y2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9Sn3VHYJaodswUzx0xk0fOufp02
08TYlg6dO+429E7ZcizrzDMX85vdgtzM7RXyx7FI9QFar5pBIG+DXYBJRun3+NfT
maac7HxU5nbVGJctxm3SCcPEaQ+qlZBLjKTo9XZJrIVCWO2tTAThtjwLffb/JtwV
/x2CQBBrCajiSUJ69G3Gn6t1BH7C+DHSDQfKzYlXIk7ZAEvZf04/NlrHRxtWeHYY
FAb5+Os/p6BaX9dVxxMJsguV5zqxxOfTcxSb1g812cxHGx9U2QUQ9XBsTZtJxmE7
IUZn1K4fYr12WirHzTKmq3GkOv6MkR/XOKTkTd76IZXd3daiJFL5ey+uTQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFHTH+Okbgf5khzB8UibrBE+SOWzqMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y2L2E5YzZh
Yy1mOWEyLTQ0NjItOGFhYS04YjY0ZjdjM2E3NmUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjYvYTljNmFj
LWY5YTItNDQ2Mi04YWFhLThiNjRmN2MzYTc2ZS8xL2RNZjQ2UnVCX21TSE1IeFNK
dXNFVDVJNWJPby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQDwbCIMA0GCSqGSIb3DQEBCwUAA4IBAQCDZu4L
xT/UQxmJyWXjIW4dHOW/adHGgZjBMQhxK9k+bNJrP/uXm1SssiCq50RLNBktARwc
KpeAkG7EbTFOWPBMq7c2AcQZYLZJMjnXgRuFeHmLs/XVC8Qp+v2AZy5DQwpC5HJT
6KGZdkQyemaujOv6FfDQWwC9vbp8p3r+gLWlIapbjZ3LPu8ugm+V4PzvCzPOg06T
DTPELxJgGE4Hl5G2PEuX8qBi8MqnOZZdz+inL+Hm7FnxXhUvD6cyCcdNjcTReiaw
BUW5xW4eOhfas8lDFTYJM/9+defcBCW9VJ27pud6kN5TVyK4aaQ0mmnK2W08FhU8
h3KhqxoOXjR+HYXR
-----END CERTIFICATE-----