Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dNAyUoux0Vl2bNed5HhtzZYqH7s.cer
File:                     dNAyUoux0Vl2bNed5HhtzZYqH7s.cer (raw, json)
Hash identifier:          EBHmK7nTALWMnEgLCPXSNmRrqJ6xipfMhv4PLCGT9s8=
Subject key identifier:   74:D0:32:52:8B:B1:D1:59:76:6C:D7:9D:E4:78:6D:CD:96:2A:1F:BB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC79513DAC9B6AB7F3433CCB7165CE139
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c7/29a422-a791-4dcf-90fb-2c9127ab48c3/1/dNAyUoux0Vl2bNed5HhtzZYqH7s.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c7/29a422-a791-4dcf-90fb-2c9127ab48c3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:31:25 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.146.92.0/22
                          IP: 2a07:4f40::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:13:da:c9:b6:ab:7f:34:33:cc:b7:16:5c:e1:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74d032528bb1d159766cd79de4786dcd962a1fbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:30:99:a1:5c:29:c7:3d:5c:7f:8d:4c:aa:c8:
                    27:aa:08:65:a8:33:e7:66:85:4f:d2:bb:37:63:2a:
                    b2:10:35:0a:34:44:20:65:4a:0a:04:7b:bf:ab:9a:
                    50:31:8b:6c:24:c4:9b:ff:19:5d:03:c7:7d:70:f8:
                    df:4b:0b:63:79:1a:ec:3e:dc:a6:7c:a7:87:33:3c:
                    b8:e7:d3:59:a2:c0:5b:e4:be:3a:e5:9d:ae:77:71:
                    7e:72:b3:14:70:f6:ce:b4:2d:71:b7:52:35:cc:69:
                    48:3b:2b:c0:bb:ec:0c:be:02:c9:24:8c:29:04:69:
                    c9:50:2b:ef:95:a4:c3:b7:c2:73:f3:e8:81:a9:80:
                    0b:17:ff:97:b5:24:2f:59:ec:e9:c5:bf:34:70:f9:
                    32:bf:a2:dc:35:03:64:cd:97:d7:de:09:25:62:e8:
                    af:80:63:a7:97:4b:79:0e:66:15:22:f6:a3:dd:7d:
                    ef:3f:6c:6c:84:b4:dd:83:0c:ec:ce:47:5d:3a:76:
                    5e:69:08:ab:cd:cc:0c:aa:af:e2:80:94:57:d2:dc:
                    28:6f:76:8c:80:bf:d8:28:ac:b8:bc:b1:39:2b:84:
                    b2:00:c1:bb:02:2a:b1:40:23:4a:4d:a7:a6:d1:b9:
                    ea:9f:1d:ca:ab:66:2a:9d:22:2c:6a:e6:33:c4:e4:
                    79:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:D0:32:52:8B:B1:D1:59:76:6C:D7:9D:E4:78:6D:CD:96:2A:1F:BB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29a422-a791-4dcf-90fb-2c9127ab48c3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29a422-a791-4dcf-90fb-2c9127ab48c3/1/dNAyUoux0Vl2bNed5HhtzZYqH7s.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.92.0/22
                IPv6:
                  2a07:4f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         61:84:6e:3f:2b:88:27:76:2f:08:e3:df:37:f7:6f:19:ab:30:
         20:a7:de:cd:77:b3:82:38:74:9e:21:f7:fb:50:bd:ac:7f:47:
         15:f6:e2:49:dd:92:9e:9b:53:46:1d:7a:b2:df:ff:6b:da:db:
         b2:5e:0e:95:26:d3:0b:c9:db:93:9b:aa:0b:2f:67:b1:fa:2d:
         01:be:6e:88:a0:b2:18:e3:99:31:f6:38:6d:7a:e1:88:84:dd:
         dd:d7:33:01:ee:7c:8b:b6:bb:5e:7b:44:b1:49:26:4d:41:a2:
         ac:a0:c9:53:d5:51:5a:82:55:70:7a:87:ed:f4:30:41:7d:97:
         64:4b:dd:e6:30:c4:9d:32:67:7f:1d:03:23:d5:6e:01:8a:0f:
         c2:00:5a:50:bd:f0:b5:d5:0b:47:c8:bd:c9:f3:fb:fb:9b:59:
         e1:d4:dd:56:8a:36:75:35:e1:d5:3c:89:6f:05:6b:5a:15:f2:
         bd:5c:08:f8:77:bf:1c:6a:1b:52:91:9a:86:6d:cf:50:2b:8b:
         ee:23:a1:92:37:f2:ff:28:ac:46:54:81:1b:24:27:3b:a0:db:
         9a:0e:56:8e:a5:12:b9:78:d5:d0:50:06:ec:95:e8:49:ad:a6:
         36:dc:b3:ef:3d:bc:ec:ef:6c:94:a3:9e:42:56:8b:6c:ad:8c:
         9a:b1:13:2f
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzHlRPaybarfzQzzLcWXOE5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGQwMzI1MjhiYjFkMTU5NzY2Y2Q3OWRlNDc4NmRjZDk2MmExZmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9jCZoVwpxz1cf41MqsgnqghlqDPn
ZoVP0rs3YyqyEDUKNEQgZUoKBHu/q5pQMYtsJMSb/xldA8d9cPjfSwtjeRrsPtym
fKeHMzy459NZosBb5L465Z2ud3F+crMUcPbOtC1xt1I1zGlIOyvAu+wMvgLJJIwp
BGnJUCvvlaTDt8Jz8+iBqYALF/+XtSQvWezpxb80cPkyv6LcNQNkzZfX3gklYuiv
gGOnl0t5DmYVIvaj3X3vP2xshLTdgwzszkddOnZeaQirzcwMqq/igJRX0twob3aM
gL/YKKy4vLE5K4SyAMG7AiqxQCNKTaem0bnqnx3Kq2YqnSIsauYzxOR5/wIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFHTQMlKLsdFZdmzXneR4bc2WKh+7MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M3LzI5YTQy
Mi1hNzkxLTRkY2YtOTBmYi0yYzkxMjdhYjQ4YzMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzcvMjlhNDIy
LWE3OTEtNGRjZi05MGZiLTJjOTEyN2FiNDhjMy8xL2ROQXlVb3V4MFZsMmJOZWQ1
SGh0elpZcUg3cy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuZJcMA0EAgACMAcDBQMqB09AMA0GCSqGSIb3
DQEBCwUAA4IBAQBhhG4/K4gndi8I4983928ZqzAgp97Nd7OCOHSeIff7UL2sf0cV
9uJJ3ZKem1NGHXqy3/9r2tuyXg6VJtMLyduTm6oLL2ex+i0Bvm6IoLIY45kx9jht
euGIhN3d1zMB7nyLtrtee0SxSSZNQaKsoMlT1VFaglVweoft9DBBfZdkS93mMMSd
Mmd/HQMj1W4Big/CAFpQvfC11QtHyL3J8/v7m1nh1N1WijZ1NeHVPIlvBWtaFfK9
XAj4d78cahtSkZqGbc9QK4vuI6GSN/L/KKxGVIEbJCc7oNuaDlaOpRK5eNXQUAbs
lehJraY23LPvPbzs72yUo55CVotsrYyasRMv
-----END CERTIFICATE-----