Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/gMbVVQG8JnJJjE_0UkqKnxXsLos.cer
File:                     gMbVVQG8JnJJjE_0UkqKnxXsLos.cer (raw, json)
Hash identifier:          JR+UJGZeUuA3aF/yIzE+C4WctTi6Yc/oFkVZefZ9C58=
Subject key identifier:   80:C6:D5:55:01:BC:26:72:49:8C:4F:F4:52:4A:8A:9F:15:EC:2E:8B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018D8496C52B0AC65E3557E7423F2FF69DFE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7d/f9e644-4ff1-490f-bd30-9d87771b8fd6/1/gMbVVQG8JnJJjE_0UkqKnxXsLos.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7d/f9e644-4ff1-490f-bd30-9d87771b8fd6/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 07 Feb 2024 17:21:29 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 45.84.76.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:84:96:c5:2b:0a:c6:5e:35:57:e7:42:3f:2f:f6:9d:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Feb  7 17:21:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80c6d55501bc2672498c4ff4524a8a9f15ec2e8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:a6:1c:f1:01:ec:42:d9:d3:05:6f:3d:12:ab:
                    f8:aa:d6:a4:af:6f:64:4a:bc:9b:84:c7:87:57:22:
                    66:94:29:6d:3a:92:2d:d9:f6:f9:45:9f:fd:c9:c0:
                    d0:f3:52:05:5d:6b:12:a3:7e:d4:d4:29:41:a0:c8:
                    3e:30:f2:d4:46:5c:47:54:c5:b0:0a:f7:27:68:1b:
                    c8:a3:f3:4e:5f:8f:84:88:4e:93:d0:f7:31:21:fa:
                    15:c1:83:29:50:5f:d7:e4:57:eb:b4:ce:cb:bb:fd:
                    de:d7:f3:5a:6a:15:b2:23:7d:61:30:d4:73:cd:a3:
                    57:e4:92:51:06:b0:1b:42:71:21:e4:5a:ef:92:b1:
                    6a:70:a3:04:e7:b8:1c:8c:66:5f:99:93:f7:df:95:
                    41:a4:e5:f9:60:03:77:15:66:50:4c:21:09:b8:c9:
                    6c:71:8a:67:1d:55:06:ce:0e:b0:4e:c7:33:d7:e7:
                    f2:83:c7:7f:d9:b5:97:dc:cf:c5:90:b5:ae:b0:13:
                    c5:e0:ce:4f:1c:f9:8d:e5:15:04:6a:0b:cf:e9:11:
                    fb:1f:e5:4f:df:b5:b3:48:92:d5:4c:87:d1:8a:8d:
                    30:6a:02:17:7e:8f:6f:12:8b:ff:66:f5:f7:f5:4c:
                    7f:db:61:20:34:a9:3a:b7:d0:cd:5f:4f:95:87:72:
                    1c:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:C6:D5:55:01:BC:26:72:49:8C:4F:F4:52:4A:8A:9F:15:EC:2E:8B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/f9e644-4ff1-490f-bd30-9d87771b8fd6/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/f9e644-4ff1-490f-bd30-9d87771b8fd6/1/gMbVVQG8JnJJjE_0UkqKnxXsLos.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:d0:d8:7e:ab:0c:9c:85:41:73:4e:0e:01:c5:07:41:f2:57:
         26:f8:e0:7e:f0:28:d8:1c:7c:2f:26:3b:5a:10:b6:22:a7:51:
         e5:b2:e2:d2:88:80:49:ba:84:c7:04:dd:e1:00:26:4e:27:d8:
         08:32:df:b5:04:4f:eb:f9:5c:22:ad:4e:be:13:6a:e4:f1:c5:
         41:ac:71:ea:6d:9f:6f:12:d6:51:e0:7b:aa:b9:4f:3e:74:a0:
         78:f1:4d:87:37:dd:c0:7c:f6:48:9f:b5:01:33:a4:06:0a:59:
         88:f7:a2:e9:b8:62:bd:24:0a:a0:a1:b4:01:22:3c:98:e4:6c:
         53:c1:fc:19:95:12:0e:53:78:c0:fb:4f:a4:73:4d:2b:6c:f1:
         21:d0:5d:e4:40:3c:71:4d:b5:ed:9d:d3:9a:03:90:fe:31:df:
         de:dc:4c:ce:6c:6e:55:e4:95:9c:4d:7f:e8:dc:97:47:2f:19:
         f5:69:e5:c8:bd:d1:57:13:ae:e2:56:0d:09:c6:6e:1e:8a:c2:
         58:aa:71:65:b4:5a:99:9f:ef:70:ff:ec:6b:3f:ab:76:ff:8e:
         18:e8:75:7f:d0:7d:08:98:f4:f9:61:d7:f4:15:15:57:b8:58:
         f5:36:20:6a:f6:45:5d:5d:5a:06:dd:c7:7c:1b:7d:04:90:ab:
         0f:03:c7:14
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAY2ElsUrCsZeNVfnQj8v9p3+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMjA3MTcyMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGM2ZDU1NTAxYmMyNjcyNDk4YzRmZjQ1MjRhOGE5ZjE1ZWMyZThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlKYc8QHsQtnTBW89Eqv4qtakr29k
SrybhMeHVyJmlCltOpIt2fb5RZ/9ycDQ81IFXWsSo37U1ClBoMg+MPLURlxHVMWw
CvcnaBvIo/NOX4+EiE6T0PcxIfoVwYMpUF/X5FfrtM7Lu/3e1/NaahWyI31hMNRz
zaNX5JJRBrAbQnEh5FrvkrFqcKME57gcjGZfmZP335VBpOX5YAN3FWZQTCEJuMls
cYpnHVUGzg6wTscz1+fyg8d/2bWX3M/FkLWusBPF4M5PHPmN5RUEagvP6RH7H+VP
37WzSJLVTIfRio0wagIXfo9vEov/ZvX39Ux/22EgNKk6t9DNX0+Vh3IcqwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFIDG1VUBvCZySYxP9FJKip8V7C6LMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdkL2Y5ZTY0
NC00ZmYxLTQ5MGYtYmQzMC05ZDg3NzcxYjhmZDYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2QvZjllNjQ0
LTRmZjEtNDkwZi1iZDMwLTlkODc3NzFiOGZkNi8xL2dNYlZWUUc4Sm5KSmpFXzBV
a3FLbnhYc0xvcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCLVRMMA0GCSqGSIb3DQEBCwUAA4IBAQBi0Nh+
qwychUFzTg4BxQdB8lcm+OB+8CjYHHwvJjtaELYip1HlsuLSiIBJuoTHBN3hACZO
J9gIMt+1BE/r+VwirU6+E2rk8cVBrHHqbZ9vEtZR4HuquU8+dKB48U2HN93AfPZI
n7UBM6QGClmI96LpuGK9JAqgobQBIjyY5GxTwfwZlRIOU3jA+0+kc00rbPEh0F3k
QDxxTbXtndOaA5D+Md/e3EzObG5V5JWcTX/o3JdHLxn1aeXIvdFXE67iVg0Jxm4e
isJYqnFltFqZn+9w/+xrP6t2/44Y6HV/0H0ImPT5Ydf0FRVXuFj1NiBq9kVdXVoG
3cd8G30EkKsPA8cU
-----END CERTIFICATE-----