Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fG9Mjzo3f0bFUiAJZ4841hVxxso.cer
File:                     fG9Mjzo3f0bFUiAJZ4841hVxxso.cer (raw, json)
Hash identifier:          0CZZ+B1CRI4wy3CiPO1JEbmMjbl1X6Mj9jDBEJcDd44=
Subject key identifier:   7C:6F:4C:8F:3A:37:7F:46:C5:52:20:09:67:8F:38:D6:15:71:C6:CA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC6B788172ED3205EF27CA4C1570B8986
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/5c/5c6c9f-691f-4284-b84d-1d367a5f86d4/1/fG9Mjzo3f0bFUiAJZ4841hVxxso.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/5c/5c6c9f-691f-4284-b84d-1d367a5f86d4/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 20:29:25 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 29080
                          IP: 195.68.200.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:88:17:2e:d3:20:5e:f2:7c:a4:c1:57:0b:89:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c6f4c8f3a377f46c5522009678f38d61571c6ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:89:88:e9:c5:dd:51:c4:90:b6:ea:7d:7f:1f:
                    02:ad:db:54:35:56:93:0e:e0:81:c9:67:d9:0f:21:
                    fb:73:de:45:64:8c:5b:bc:14:bf:1a:60:77:a1:6a:
                    fb:51:76:63:bb:0d:4e:ec:d4:55:83:fe:59:61:c6:
                    14:e8:67:d6:04:5f:0a:77:91:bd:33:97:3b:9d:c9:
                    32:ef:c6:5b:a1:9c:21:f7:6a:d7:95:3c:b3:b5:c7:
                    2e:33:3d:da:7e:50:96:86:ed:d1:9b:19:98:94:f2:
                    f2:e1:29:36:8a:ac:06:22:6b:e0:9c:16:40:42:4b:
                    13:78:31:11:62:de:29:0c:19:00:84:01:c0:5c:af:
                    21:2a:7f:20:5b:fa:fb:0a:7d:3b:3a:67:47:ac:a6:
                    fe:e7:95:f1:cf:b9:e4:91:a9:2a:e9:6b:a8:04:2c:
                    48:e0:ee:5a:4d:9b:57:b9:65:ce:fd:b6:3b:e4:28:
                    ff:e7:21:05:93:4e:c2:01:6f:8f:fe:27:d3:94:69:
                    1c:54:86:34:29:38:b5:fe:1f:d2:47:d9:63:f0:75:
                    0f:3a:49:fc:e1:63:0a:d1:75:bd:72:c0:bf:6b:2f:
                    4e:f4:1e:ab:cb:92:5e:4e:ec:3d:10:8c:7a:7e:bf:
                    4e:ef:a7:05:66:72:95:f9:4c:f4:28:86:01:6b:f1:
                    a2:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:6F:4C:8F:3A:37:7F:46:C5:52:20:09:67:8F:38:D6:15:71:C6:CA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/5c6c9f-691f-4284-b84d-1d367a5f86d4/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/5c6c9f-691f-4284-b84d-1d367a5f86d4/1/fG9Mjzo3f0bFUiAJZ4841hVxxso.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.68.200.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  29080

    Signature Algorithm: sha256WithRSAEncryption
         71:20:7a:30:c1:31:ed:fb:ae:03:a0:0f:3b:a9:f3:61:5c:84:
         b4:eb:c4:5c:37:c5:b7:f3:4a:84:72:51:e3:7d:0b:8c:e5:66:
         89:d0:d3:93:05:79:96:9b:ca:85:03:39:64:94:fb:76:ed:9d:
         3f:ac:be:e5:a8:4a:a3:a1:ee:e1:2b:09:74:e6:2e:ca:65:be:
         61:1a:03:bd:3e:d3:3b:a6:86:84:cc:a1:3f:c0:f3:12:35:b2:
         79:9b:56:64:69:29:6b:8a:7a:2a:58:2f:19:b1:93:c7:e9:58:
         4f:62:42:da:59:9b:96:5b:5c:38:45:3a:89:ba:d4:26:c8:74:
         1c:01:39:1a:55:be:f7:ee:ac:d4:ff:2f:d9:7f:a2:45:3e:97:
         c6:78:1b:95:55:fb:99:f2:9b:33:85:56:c0:a8:cf:97:d6:19:
         28:2b:6b:40:08:73:8d:64:d6:d9:79:3e:73:ea:e2:eb:90:c6:
         ae:d9:df:38:85:94:91:e6:61:82:75:09:44:ef:4c:5f:40:ab:
         f6:51:ce:8f:18:bb:0a:70:cc:77:f7:06:fe:8d:dd:48:b8:cd:
         f0:2e:ad:86:0e:97:d5:f8:fb:3b:75:61:4e:7b:bf:48:16:17:
         57:b1:fb:ba:e7:66:46:e5:d4:f4:1a:08:dd:09:e0:cc:03:0c:
         7d:86:2b:16
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAYzGt4gXLtMgXvJ8pMFXC4mGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzZmNGM4ZjNhMzc3ZjQ2YzU1MjIwMDk2NzhmMzhkNjE1NzFjNmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApImI6cXdUcSQtup9fx8CrdtUNVaT
DuCByWfZDyH7c95FZIxbvBS/GmB3oWr7UXZjuw1O7NRVg/5ZYcYU6GfWBF8Kd5G9
M5c7ncky78ZboZwh92rXlTyztccuMz3aflCWhu3RmxmYlPLy4Sk2iqwGImvgnBZA
QksTeDERYt4pDBkAhAHAXK8hKn8gW/r7Cn07OmdHrKb+55Xxz7nkkakq6WuoBCxI
4O5aTZtXuWXO/bY75Cj/5yEFk07CAW+P/ifTlGkcVIY0KTi1/h/SR9lj8HUPOkn8
4WMK0XW9csC/ay9O9B6ry5JeTuw9EIx6fr9O76cFZnKV+Uz0KIYBa/GisQIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFHxvTI86N39GxVIgCWePONYVccbKMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVjLzVjNmM5
Zi02OTFmLTQyODQtYjg0ZC0xZDM2N2E1Zjg2ZDQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWMvNWM2Yzlm
LTY5MWYtNDI4NC1iODRkLTFkMzY3YTVmODZkNC8xL2ZHOU1qem8zZjBiRlVpQUpa
NDg0MWhWeHhzby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBw0TIMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AnGYMA0GCSqGSIb3DQEBCwUAA4IBAQBxIHowwTHt+64DoA87qfNhXIS068RcN8W3
80qEclHjfQuM5WaJ0NOTBXmWm8qFAzlklPt27Z0/rL7lqEqjoe7hKwl05i7KZb5h
GgO9PtM7poaEzKE/wPMSNbJ5m1ZkaSlrinoqWC8ZsZPH6VhPYkLaWZuWW1w4RTqJ
utQmyHQcATkaVb737qzU/y/Zf6JFPpfGeBuVVfuZ8pszhVbAqM+X1hkoK2tACHON
ZNbZeT5z6uLrkMau2d84hZSR5mGCdQlE70xfQKv2Uc6PGLsKcMx39wb+jd1IuM3w
Lq2GDpfV+Ps7dWFOe79IFhdXsfu652ZG5dT0GgjdCeDMAwx9hisW
-----END CERTIFICATE-----