Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eRmmrv08qPUPyPNKs9FHklbbnXg.cer
File:                     eRmmrv08qPUPyPNKs9FHklbbnXg.cer (raw, json)
Hash identifier:          YfO78HGHLyyD8Fr0epiVLm91ER2FxyMjpEm2b3PCTjQ=
Subject key identifier:   79:19:A6:AE:FD:3C:A8:F5:0F:C8:F3:4A:B3:D1:47:92:56:DB:9D:78
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC7945FC6D1F9AF442B09A75F94470E9D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/60/150a36-e59e-48da-ac60-911e83904ca1/1/eRmmrv08qPUPyPNKs9FHklbbnXg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/60/150a36-e59e-48da-ac60-911e83904ca1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:30:39 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 2001:67c:1554::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:5f:c6:d1:f9:af:44:2b:09:a7:5f:94:47:0e:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7919a6aefd3ca8f50fc8f34ab3d1479256db9d78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ca:5c:c4:ef:6c:2f:4e:b4:a4:b6:77:c9:d0:
                    b2:30:ef:0d:bd:87:e3:3b:ce:3c:34:0a:b4:a1:8d:
                    5d:63:c4:87:98:1b:aa:ec:5c:6c:43:ec:49:db:bf:
                    5d:13:89:3f:77:4a:59:53:db:cd:65:0b:6c:8c:54:
                    64:c4:ab:cf:e0:07:8d:cc:06:16:67:a3:45:c1:b3:
                    c7:9e:e7:a4:7b:e1:ff:63:2c:9c:0d:49:92:5b:43:
                    50:74:48:a9:8f:55:f9:4d:41:a3:8d:a4:9d:4f:32:
                    4b:70:b9:f9:82:5e:7a:8d:24:e3:f2:ec:3e:b7:34:
                    d7:58:e4:90:01:f8:21:39:bb:74:46:95:3a:b6:df:
                    93:b3:eb:13:58:2d:a6:1f:5f:e5:83:15:51:aa:e0:
                    a6:88:ab:b9:ee:6d:66:52:15:fc:ec:d4:fc:69:7c:
                    37:99:a6:4c:92:22:32:86:5f:3f:5b:80:39:64:28:
                    3a:f9:82:3b:e5:71:0e:82:bf:50:e0:df:e8:ae:0a:
                    85:58:3c:39:a0:ce:8d:46:d5:c9:67:4f:89:64:af:
                    2c:a5:f9:03:59:e0:1a:b3:fb:78:4e:e4:00:d8:02:
                    39:bf:87:59:6e:d6:de:9c:53:b7:01:70:ac:de:a9:
                    0d:d3:88:a7:56:6f:e8:4e:f3:64:ea:b0:84:f4:b6:
                    a2:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:19:A6:AE:FD:3C:A8:F5:0F:C8:F3:4A:B3:D1:47:92:56:DB:9D:78
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/150a36-e59e-48da-ac60-911e83904ca1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/150a36-e59e-48da-ac60-911e83904ca1/1/eRmmrv08qPUPyPNKs9FHklbbnXg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1554::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:2e:c3:10:b4:ef:af:3c:94:ed:79:96:4d:b4:c3:11:ca:8c:
         d9:af:8e:1b:4e:9c:31:96:c9:d7:14:e1:54:2f:04:ba:48:79:
         ce:49:e0:8c:2d:3b:27:02:bd:c8:2d:0c:03:2f:73:3e:12:f4:
         f2:bd:3e:6d:3f:d5:5e:44:11:74:98:e9:4d:3d:d0:9a:92:c7:
         00:82:c6:41:ed:c6:41:c4:16:e7:ad:59:c0:62:83:6f:27:e6:
         28:95:5e:61:08:e2:62:5b:e8:a8:91:5d:6d:38:aa:6f:20:80:
         c7:5c:3a:2c:35:6f:1c:ef:86:6d:b1:5c:64:20:4b:6e:c4:04:
         a1:d2:de:a2:aa:41:7f:13:01:3f:31:22:c5:78:8e:4f:bb:ed:
         c9:1d:d9:9f:69:dd:49:91:eb:7e:62:2f:c0:87:57:83:7f:33:
         cd:3a:a3:ce:4d:92:ce:39:d0:00:f4:ae:bc:d7:51:92:76:35:
         dc:0b:15:30:68:17:b2:6c:b2:7e:19:6b:a2:92:06:0a:bb:f0:
         78:b4:3c:47:06:88:0a:f7:2d:bb:7d:1e:5e:12:14:34:52:e3:
         72:67:51:dc:28:02:76:0f:6b:25:36:65:dd:5d:52:c8:2b:c4:
         2d:92:e4:17:00:00:7f:c9:df:05:38:bf:71:88:08:3d:d4:08:
         89:58:22:28
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgISAYzHlF/G0fmvRCsJp1+URw6dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTE5YTZhZWZkM2NhOGY1MGZjOGYzNGFiM2QxNDc5MjU2ZGI5ZDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMpcxO9sL060pLZ3ydCyMO8NvYfj
O848NAq0oY1dY8SHmBuq7FxsQ+xJ279dE4k/d0pZU9vNZQtsjFRkxKvP4AeNzAYW
Z6NFwbPHnueke+H/YyycDUmSW0NQdEipj1X5TUGjjaSdTzJLcLn5gl56jSTj8uw+
tzTXWOSQAfghObt0RpU6tt+Ts+sTWC2mH1/lgxVRquCmiKu57m1mUhX87NT8aXw3
maZMkiIyhl8/W4A5ZCg6+YI75XEOgr9Q4N/orgqFWDw5oM6NRtXJZ0+JZK8spfkD
WeAas/t4TuQA2AI5v4dZbtbenFO3AXCs3qkN04inVm/oTvNk6rCE9Lai/QIDAQAB
o4IChzCCAoMwHQYDVR0OBBYEFHkZpq79PKj1D8jzSrPRR5JW2514MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzYwLzE1MGEz
Ni1lNTllLTQ4ZGEtYWM2MC05MTFlODM5MDRjYTEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjAvMTUwYTM2
LWU1OWUtNDhkYS1hYzYwLTkxMWU4MzkwNGNhMS8xL2VSbW1ydjA4cVBVUHlQTktz
OUZIa2xiYm5YZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBVUMA0GCSqGSIb3DQEBCwUAA4IBAQBr
LsMQtO+vPJTteZZNtMMRyozZr44bTpwxlsnXFOFULwS6SHnOSeCMLTsnAr3ILQwD
L3M+EvTyvT5tP9VeRBF0mOlNPdCakscAgsZB7cZBxBbnrVnAYoNvJ+YolV5hCOJi
W+iokV1tOKpvIIDHXDosNW8c74ZtsVxkIEtuxASh0t6iqkF/EwE/MSLFeI5Pu+3J
Hdmfad1Jket+Yi/Ah1eDfzPNOqPOTZLOOdAA9K6811GSdjXcCxUwaBeybLJ+GWui
kgYKu/B4tDxHBogK9y27fR5eEhQ0UuNyZ1HcKAJ2D2slNmXdXVLIK8QtkuQXAAB/
yd8FOL9xiAg91AiJWCIo
-----END CERTIFICATE-----