Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eXAA1nyN62Ji4Ampr_QioQOPRIk.cer
File:                     eXAA1nyN62Ji4Ampr_QioQOPRIk.cer (raw, json)
Hash identifier:          XrB0suz4oiv6TMa2RO2v0z7axG+XNzBjzj33Fo+ihNI=
Subject key identifier:   79:70:00:D6:7C:8D:EB:62:62:E0:09:A9:AF:F4:22:A1:03:8F:44:89
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8DF27F32F40383F13640833CF0D3A6E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/86/e2cdac-8901-4052-9554-bae9d2b29601/1/eXAA1nyN62Ji4Ampr_QioQOPRIk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/86/e2cdac-8901-4052-9554-bae9d2b29601/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 06:31:57 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 2.57.160.0/22
                          IP: 2a09:ce40::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:27:f3:2f:40:38:3f:13:64:08:33:cf:0d:3a:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=797000d67c8deb6262e009a9aff422a1038f4489
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:44:ee:aa:26:f9:32:66:ad:88:a6:f6:46:c4:
                    4f:3a:93:5c:37:61:ee:99:da:ad:0e:ca:33:63:7f:
                    cc:86:72:e7:39:41:40:f7:8e:fe:eb:40:ef:c3:09:
                    6c:f8:95:f6:ea:d3:aa:ef:f4:71:1b:6a:7c:b6:e9:
                    fc:57:df:50:e9:9b:92:0e:1d:d4:11:1b:eb:af:d2:
                    96:3d:37:b9:12:94:96:83:d5:5c:b7:66:db:8a:89:
                    a9:92:17:fc:93:e6:66:47:58:dc:b7:48:69:da:9f:
                    2c:c5:b2:dc:51:98:7d:08:8c:6c:05:ef:6c:82:b5:
                    e3:58:91:51:88:9b:14:66:d3:cc:9b:7c:3e:02:7c:
                    a5:c0:c0:8a:3f:48:9f:11:a4:ce:14:ed:4c:ba:60:
                    83:15:b7:ee:b6:6e:d8:50:45:41:d7:10:87:2d:33:
                    08:6a:84:bc:b7:49:b9:19:36:2c:62:a5:bb:d7:25:
                    b4:1c:5f:c2:aa:27:86:b3:47:11:46:93:7b:73:18:
                    35:46:ba:95:6a:08:7f:a6:f4:1a:4d:e0:27:bd:fe:
                    58:c0:02:61:4e:ee:cf:ae:88:a7:7a:10:8f:94:25:
                    24:1b:d0:33:64:d3:c7:12:93:2a:b3:fd:7f:70:c6:
                    f4:b0:22:69:d3:d6:e3:ef:d7:44:72:fe:55:e7:a8:
                    a1:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:70:00:D6:7C:8D:EB:62:62:E0:09:A9:AF:F4:22:A1:03:8F:44:89
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/e2cdac-8901-4052-9554-bae9d2b29601/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/e2cdac-8901-4052-9554-bae9d2b29601/1/eXAA1nyN62Ji4Ampr_QioQOPRIk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.160.0/22
                IPv6:
                  2a09:ce40::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:f1:bd:74:c7:87:3e:d3:5a:53:a5:94:37:5c:21:78:4a:a5:
         48:05:68:80:12:a7:ea:eb:4f:b3:8f:f7:d9:2c:c9:96:a6:37:
         c9:3d:49:61:85:ec:35:fb:e9:96:2e:ab:d1:96:7d:3d:ef:ee:
         5e:ed:b7:d5:7e:a2:38:2b:65:a5:27:2f:b3:0b:6d:ca:00:21:
         cc:09:cb:d7:06:44:b6:7c:18:8c:30:c6:b2:f0:78:59:cd:7d:
         70:a8:73:5b:b3:b2:9d:ab:ba:68:c8:ae:f0:5d:aa:55:e9:6b:
         ed:b4:e8:5f:ae:0a:7a:04:72:52:11:71:7c:8b:40:a2:1c:10:
         90:b1:17:3e:fe:a2:a2:93:eb:68:95:ef:0a:a5:31:fb:c8:0f:
         fa:e0:0f:c4:10:72:0f:96:00:11:a6:09:12:9b:35:53:df:82:
         91:c6:40:ab:23:36:b1:b4:16:27:82:5c:cf:94:a9:eb:71:f2:
         37:e0:fb:f2:dd:0a:1e:ed:77:6b:4b:9e:29:2d:a9:52:b6:6a:
         08:6d:83:fc:81:30:29:c4:91:5c:29:60:72:3b:d0:af:da:65:
         2a:d7:25:74:2d:46:b6:26:8a:72:51:ed:bf:43:f1:cc:b2:b8:
         d0:df:02:d5:3e:44:38:a5:77:21:ed:d2:94:4e:1b:00:0f:e4:
         ef:20:3e:b1
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzI3yfzL0A4PxNkCDPPDTpuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDYzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTcwMDBkNjdjOGRlYjYyNjJlMDA5YTlhZmY0MjJhMTAzOGY0NDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUTuqib5MmatiKb2RsRPOpNcN2Hu
mdqtDsozY3/MhnLnOUFA947+60Dvwwls+JX26tOq7/RxG2p8tun8V99Q6ZuSDh3U
ERvrr9KWPTe5EpSWg9Vct2bbiompkhf8k+ZmR1jct0hp2p8sxbLcUZh9CIxsBe9s
grXjWJFRiJsUZtPMm3w+AnylwMCKP0ifEaTOFO1MumCDFbfutm7YUEVB1xCHLTMI
aoS8t0m5GTYsYqW71yW0HF/CqieGs0cRRpN7cxg1RrqVagh/pvQaTeAnvf5YwAJh
Tu7ProinehCPlCUkG9AzZNPHEpMqs/1/cMb0sCJp09bj79dEcv5V56iheQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFHlwANZ8jetiYuAJqa/0IqEDj0SJMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg2L2UyY2Rh
Yy04OTAxLTQwNTItOTU1NC1iYWU5ZDJiMjk2MDEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODYvZTJjZGFj
LTg5MDEtNDA1Mi05NTU0LWJhZTlkMmIyOTYwMS8xL2VYQUExbnlONjJKaTRBbXBy
X1Fpb1FPUFJJay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCAjmgMA0EAgACMAcDBQMqCc5AMA0GCSqGSIb3
DQEBCwUAA4IBAQB78b10x4c+01pTpZQ3XCF4SqVIBWiAEqfq60+zj/fZLMmWpjfJ
PUlhhew1++mWLqvRln097+5e7bfVfqI4K2WlJy+zC23KACHMCcvXBkS2fBiMMMay
8HhZzX1wqHNbs7Kdq7poyK7wXapV6WvttOhfrgp6BHJSEXF8i0CiHBCQsRc+/qKi
k+tole8KpTH7yA/64A/EEHIPlgARpgkSmzVT34KRxkCrIzaxtBYnglzPlKnrcfI3
4Pvy3Qoe7XdrS54pLalStmoIbYP8gTApxJFcKWByO9Cv2mUq1yV0LUa2JopyUe2/
Q/HMsrjQ3wLVPkQ4pXch7dKUThsAD+TvID6x
-----END CERTIFICATE-----