Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db3TijiDJA5GxLGsi7-DF96P-IU.cer
File:                     db3TijiDJA5GxLGsi7-DF96P-IU.cer (raw, json)
Hash identifier:          eXKSZCr7yitcYOgKp1QftIu4mWk3PGXkJRwva54n49s=
Subject key identifier:   75:BD:D3:8A:38:83:24:0E:46:C4:B1:AC:8B:BF:83:17:DE:8F:F8:85
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2B0EC6E9AD90206E2F27D6FC7255C5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b3/c3a4f7-2d0a-4924-8cdb-8da60535e6a0/1/db3TijiDJA5GxLGsi7-DF96P-IU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b3/c3a4f7-2d0a-4924-8cdb-8da60535e6a0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:34:28 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.132.116.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:0e:c6:e9:ad:90:20:6e:2f:27:d6:fc:72:55:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:34:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75bdd38a3883240e46c4b1ac8bbf8317de8ff885
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:ea:21:97:07:e6:d6:74:58:7c:a1:49:a3:1b:
                    88:3b:6d:96:40:72:62:34:28:e1:75:fa:a5:7d:09:
                    32:f9:e9:68:00:07:c7:7b:77:62:06:69:7f:52:1a:
                    71:4b:7e:f4:c7:4b:1e:b1:55:3a:00:c9:c4:bd:19:
                    dc:30:f0:4c:af:3b:f8:c4:6e:c6:a8:10:8c:09:c3:
                    31:08:69:06:0b:35:43:eb:2c:b0:8e:a1:5f:f6:2c:
                    96:5c:49:fb:f9:4f:b3:17:21:cf:3e:a1:34:c8:62:
                    15:0a:58:22:cc:a4:6e:b5:b8:7f:5b:7f:9f:07:4a:
                    df:36:68:e9:e1:14:bc:d5:2e:51:e8:09:be:05:48:
                    d7:ca:2f:a8:b4:6c:47:88:8f:03:2c:d9:76:b0:ae:
                    31:a8:d9:30:d1:81:98:91:10:66:97:ae:dd:bb:75:
                    fa:c0:52:b7:ff:ed:9d:38:8b:e3:bd:42:29:4e:6c:
                    8a:ec:e2:84:d7:43:4a:92:f5:57:d2:7e:f8:67:47:
                    b7:3c:a3:85:5f:03:ff:43:f1:84:47:44:45:4b:0e:
                    71:81:0c:92:09:22:f9:a1:2c:4d:86:10:d2:3d:9f:
                    37:77:80:ee:d2:05:b6:b4:73:74:92:5e:df:a6:69:
                    2c:e4:63:b7:d2:ca:fa:b8:c2:15:61:a8:8c:7b:ee:
                    a1:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:BD:D3:8A:38:83:24:0E:46:C4:B1:AC:8B:BF:83:17:DE:8F:F8:85
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/c3a4f7-2d0a-4924-8cdb-8da60535e6a0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/c3a4f7-2d0a-4924-8cdb-8da60535e6a0/1/db3TijiDJA5GxLGsi7-DF96P-IU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.132.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:3f:a8:51:d8:6d:14:c6:50:e2:09:03:3b:82:8f:27:3a:03:
         f5:8b:83:56:01:44:e1:30:b0:4b:8f:54:8c:b1:66:55:80:9c:
         64:5c:b0:e6:2f:98:96:7b:f4:0b:da:b1:54:2e:55:f3:64:2e:
         68:4c:2c:b3:62:c8:15:f9:df:62:1f:fa:ba:c0:e2:9e:de:45:
         c8:ea:12:01:bc:ae:bb:d1:e5:84:60:50:1b:fe:49:1f:87:a7:
         2e:87:08:39:6b:51:e8:d1:c0:7e:7b:78:70:1f:7b:58:15:ba:
         d2:8f:ce:ee:c4:3a:90:fa:51:2e:82:70:ac:60:04:40:ef:5c:
         6a:09:a6:89:4a:87:0e:b9:f5:e0:d9:55:36:1b:36:99:3e:1e:
         6a:90:cd:dd:95:e1:ef:e8:83:79:dd:13:31:8d:e0:4f:45:65:
         28:21:99:09:88:2d:ff:2d:bc:99:52:b3:1a:55:32:7c:7c:d2:
         91:66:a5:ea:d9:0c:cc:fd:b3:90:43:8f:97:f1:5e:bb:9d:38:
         38:6d:ff:7b:c9:46:ad:db:cf:de:da:df:0d:dc:6b:04:8b:98:
         8b:25:9a:58:2f:54:83:b1:13:43:a4:e5:db:78:61:a4:ec:8e:
         3c:ea:67:55:d9:d9:d9:53:e9:e7:b9:cc:f5:94:af:16:c6:21:
         1b:34:df:11
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzKKw7G6a2QIG4vJ9b8clXFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzNDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWJkZDM4YTM4ODMyNDBlNDZjNGIxYWM4YmJmODMxN2RlOGZmODg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0eohlwfm1nRYfKFJoxuIO22WQHJi
NCjhdfqlfQky+eloAAfHe3diBml/UhpxS370x0sesVU6AMnEvRncMPBMrzv4xG7G
qBCMCcMxCGkGCzVD6yywjqFf9iyWXEn7+U+zFyHPPqE0yGIVClgizKRutbh/W3+f
B0rfNmjp4RS81S5R6Am+BUjXyi+otGxHiI8DLNl2sK4xqNkw0YGYkRBml67du3X6
wFK3/+2dOIvjvUIpTmyK7OKE10NKkvVX0n74Z0e3PKOFXwP/Q/GER0RFSw5xgQyS
CSL5oSxNhhDSPZ83d4Du0gW2tHN0kl7fpmks5GO30sr6uMIVYaiMe+6hsQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFHW904o4gyQORsSxrIu/gxfej/iFMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2IzL2MzYTRm
Ny0yZDBhLTQ5MjQtOGNkYi04ZGE2MDUzNWU2YTAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjMvYzNhNGY3
LTJkMGEtNDkyNC04Y2RiLThkYTYwNTM1ZTZhMC8xL2RiM1RpamlESkE1R3hMR3Np
Ny1ERjk2UC1JVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwYR0MA0GCSqGSIb3DQEBCwUAA4IBAQBgP6hR
2G0UxlDiCQM7go8nOgP1i4NWAUThMLBLj1SMsWZVgJxkXLDmL5iWe/QL2rFULlXz
ZC5oTCyzYsgV+d9iH/q6wOKe3kXI6hIBvK670eWEYFAb/kkfh6cuhwg5a1Ho0cB+
e3hwH3tYFbrSj87uxDqQ+lEugnCsYARA71xqCaaJSocOufXg2VU2GzaZPh5qkM3d
leHv6IN53RMxjeBPRWUoIZkJiC3/LbyZUrMaVTJ8fNKRZqXq2QzM/bOQQ4+X8V67
nTg4bf97yUat28/e2t8N3GsEi5iLJZpYL1SDsRNDpOXbeGGk7I486mdV2dnZU+nn
ucz1lK8WxiEbNN8R
-----END CERTIFICATE-----