Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fsYQ0hXTiRNCvDKHKlD00M-p3J8.cer
File:                     fsYQ0hXTiRNCvDKHKlD00M-p3J8.cer (raw, json)
Hash identifier:          LRdHka0HbTE+nxrarehZOrGy9oDXp+0p7IKQd+kwkT8=
Subject key identifier:   7E:C6:10:D2:15:D3:89:13:42:BC:32:87:2A:50:F4:D0:CF:A9:DC:9F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B6B064D234B6789B66714DACA17264
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/91/22911c-ce51-438b-86cf-e856613d2b10/1/fsYQ0hXTiRNCvDKHKlD00M-p3J8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/91/22911c-ce51-438b-86cf-e856613d2b10/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:29:39 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 2.57.72.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:b0:64:d2:34:b6:78:9b:66:71:4d:ac:a1:72:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ec610d215d3891342bc32872a50f4d0cfa9dc9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d1:8e:56:a4:1b:62:6b:5f:ca:8a:28:90:66:
                    d3:52:bf:b8:81:b0:82:a8:b7:d6:9e:15:4b:b8:d7:
                    bf:44:37:dd:46:63:bf:3c:d0:3c:16:69:5f:7e:a9:
                    57:b5:4f:17:02:27:e5:8b:63:b4:13:de:d5:e9:86:
                    92:30:fc:76:04:12:43:b5:cb:f8:98:14:55:ec:a9:
                    3d:f2:d7:e3:f4:c0:39:f9:b4:9f:e6:2a:4d:ff:3a:
                    a9:27:88:86:12:bd:d2:72:3b:e7:e3:a2:13:c0:47:
                    36:58:b3:93:7b:87:ac:41:f2:ce:76:fc:26:a9:aa:
                    cc:c3:d7:2b:b6:92:dc:9e:e8:ff:ab:66:ad:a2:90:
                    5c:c0:1f:f8:78:9b:87:0f:00:0b:f2:d5:f4:05:9b:
                    c7:0c:2e:6b:3d:d3:ba:22:fb:6d:c6:fa:a7:bb:92:
                    aa:42:d8:06:07:73:0c:df:0c:59:9b:a0:bf:45:02:
                    42:da:a8:b6:81:56:42:8a:2a:3c:ba:62:0c:bf:eb:
                    ee:99:08:31:27:81:de:51:62:8c:93:6d:e8:d7:a5:
                    01:1e:38:66:7d:5b:1c:3d:ac:46:22:0d:0a:e3:e5:
                    cd:8f:ba:0b:47:ef:b1:3c:da:26:de:01:ad:4c:b6:
                    d2:57:2e:cd:a7:7c:47:24:dc:4a:4b:99:1b:51:97:
                    0b:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:C6:10:D2:15:D3:89:13:42:BC:32:87:2A:50:F4:D0:CF:A9:DC:9F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/22911c-ce51-438b-86cf-e856613d2b10/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/22911c-ce51-438b-86cf-e856613d2b10/1/fsYQ0hXTiRNCvDKHKlD00M-p3J8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a1:3e:22:9a:88:95:07:04:bf:c7:4a:b0:8e:f4:83:3a:c6:c9:
         2d:73:07:16:d3:4b:1c:10:2f:3b:61:a4:3e:d7:25:1b:9e:d7:
         30:08:39:f7:58:cb:8c:be:ae:92:f2:8d:f3:cd:e0:dd:16:3d:
         ae:04:1e:63:ec:61:19:eb:cf:30:e8:3b:00:52:bc:f0:20:0b:
         db:fc:26:2e:ec:c2:9a:fe:3c:d2:b5:72:4e:96:93:ae:00:be:
         59:38:cb:67:99:11:16:86:24:66:05:b9:06:42:6f:de:72:09:
         4d:1a:49:5d:f1:22:db:74:6f:67:e7:dc:7d:32:f0:73:50:b6:
         95:65:a8:32:3c:f8:97:d8:8d:91:00:35:1e:5c:60:1c:29:6e:
         77:aa:f8:91:2d:47:cd:b9:aa:cd:88:fb:b1:cb:9b:6f:6d:56:
         9e:aa:85:0e:d6:d3:fb:fc:db:2b:dd:32:55:56:08:1d:a8:ef:
         08:66:2d:5d:07:62:03:d1:de:8e:65:93:c9:93:04:86:01:19:
         12:99:e6:9f:36:dd:d5:84:ce:ba:99:1e:9d:bc:06:6c:0f:4f:
         90:55:65:cd:86:60:af:a7:b2:22:03:28:02:d8:d2:f6:f4:79:
         17:71:e7:0a:b6:e9:1e:1f:98:78:ad:31:e3:ec:0b:fd:7a:31:
         40:8a:ae:a7
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzDtrBk0jS2eJtmcU2soXJkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWM2MTBkMjE1ZDM4OTEzNDJiYzMyODcyYTUwZjRkMGNmYTlkYzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNGOVqQbYmtfyoookGbTUr+4gbCC
qLfWnhVLuNe/RDfdRmO/PNA8FmlffqlXtU8XAifli2O0E97V6YaSMPx2BBJDtcv4
mBRV7Kk98tfj9MA5+bSf5ipN/zqpJ4iGEr3Scjvn46ITwEc2WLOTe4esQfLOdvwm
qarMw9crtpLcnuj/q2atopBcwB/4eJuHDwAL8tX0BZvHDC5rPdO6Ivttxvqnu5Kq
QtgGB3MM3wxZm6C/RQJC2qi2gVZCiio8umIMv+vumQgxJ4HeUWKMk23o16UBHjhm
fVscPaxGIg0K4+XNj7oLR++xPNom3gGtTLbSVy7Np3xHJNxKS5kbUZcLZQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFH7GENIV04kTQrwyhypQ9NDPqdyfMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkxLzIyOTEx
Yy1jZTUxLTQzOGItODZjZi1lODU2NjEzZDJiMTAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTEvMjI5MTFj
LWNlNTEtNDM4Yi04NmNmLWU4NTY2MTNkMmIxMC8xL2ZzWVEwaFhUaVJOQ3ZES0hL
bEQwME0tcDNKOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCAjlIMA0GCSqGSIb3DQEBCwUAA4IBAQChPiKa
iJUHBL/HSrCO9IM6xsktcwcW00scEC87YaQ+1yUbntcwCDn3WMuMvq6S8o3zzeDd
Fj2uBB5j7GEZ688w6DsAUrzwIAvb/CYu7MKa/jzStXJOlpOuAL5ZOMtnmREWhiRm
BbkGQm/ecglNGkld8SLbdG9n59x9MvBzULaVZagyPPiX2I2RADUeXGAcKW53qviR
LUfNuarNiPuxy5tvbVaeqoUO1tP7/Nsr3TJVVggdqO8IZi1dB2ID0d6OZZPJkwSG
ARkSmeafNt3VhM66mR6dvAZsD0+QVWXNhmCvp7IiAygC2NL29HkXcecKtukeH5h4
rTHj7Av9ejFAiq6n
-----END CERTIFICATE-----