Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/gTADAN5QBa2iu2bCaJmKQMM60js.cer
File:                     gTADAN5QBa2iu2bCaJmKQMM60js.cer (raw, json)
Hash identifier:          m+EjggMnddAhTvv51VM5P2eVx01gbIPFBt10I2CPwYY=
Subject key identifier:   81:30:03:00:DE:50:05:AD:A2:BB:66:C2:68:99:8A:40:C3:3A:D2:3B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC87026D154C97DF8ED684D3A86A8C94D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/5c/dbad88-f818-431e-87a6-dfee984037ac/1/gTADAN5QBa2iu2bCaJmKQMM60js.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/5c/dbad88-f818-431e-87a6-dfee984037ac/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 04:30:42 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.141.176.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:26:d1:54:c9:7d:f8:ed:68:4d:3a:86:a8:c9:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81300300de5005ada2bb66c268998a40c33ad23b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:5a:b8:22:25:b6:a8:53:e1:c2:60:7d:0d:11:
                    c1:df:fc:f3:26:fb:39:28:88:cd:80:b2:8f:09:b1:
                    2a:48:dc:67:56:f9:80:7a:6a:62:ee:4a:f8:f5:14:
                    fe:ee:d8:0e:66:d7:30:b7:5b:00:e2:f0:81:50:66:
                    1c:94:c5:7c:e7:5f:9a:1b:b8:01:8a:f2:75:7d:1b:
                    b0:45:89:78:a3:a0:21:53:e2:c9:c6:ed:83:14:ab:
                    5f:df:d6:26:b6:3c:7c:29:35:d0:68:18:e6:70:6c:
                    0b:ba:ab:a5:6a:f0:13:44:e6:b4:25:9b:5e:67:39:
                    d9:cd:f3:b7:95:67:94:4e:de:de:41:ed:13:c4:c1:
                    8d:46:26:af:b8:c3:80:ea:51:33:a6:3a:46:0a:07:
                    fe:66:20:98:21:a4:71:09:61:98:be:ec:f7:86:50:
                    3c:82:e2:a9:8d:5e:c6:7a:4f:45:b8:73:22:28:66:
                    02:ec:97:08:97:48:13:33:5a:62:b9:63:48:6e:2a:
                    d1:58:9e:d9:42:3f:a0:7b:8f:e5:0f:ae:25:6b:01:
                    20:77:0b:aa:4c:2f:fe:66:74:b5:f0:88:20:03:a6:
                    85:84:ac:48:e5:f7:74:43:90:d9:24:7a:2e:ec:43:
                    69:32:4f:b1:77:cb:c2:0f:ab:5e:2c:e3:36:3b:cf:
                    32:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:30:03:00:DE:50:05:AD:A2:BB:66:C2:68:99:8A:40:C3:3A:D2:3B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/dbad88-f818-431e-87a6-dfee984037ac/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/dbad88-f818-431e-87a6-dfee984037ac/1/gTADAN5QBa2iu2bCaJmKQMM60js.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.141.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:c3:4e:fd:56:1e:c6:a5:36:05:31:74:c4:81:9c:92:48:37:
         6e:99:69:5b:cc:22:c1:21:39:58:d6:73:e0:e5:a7:84:76:b4:
         bd:01:17:3e:86:c4:06:b3:ad:d9:f8:8b:2e:25:99:ae:80:62:
         5e:a1:60:ed:34:6f:67:53:97:e1:01:06:ef:d9:e7:7e:e2:fb:
         d1:cb:77:30:7d:fd:71:3d:c8:25:4b:40:88:8a:0e:94:06:87:
         ec:71:5f:9e:5b:c4:88:07:56:c1:5b:24:f6:fa:db:6a:41:54:
         40:e9:ee:99:73:37:57:f1:15:be:5b:78:c1:e4:ac:fa:d2:73:
         ec:47:13:e2:18:9b:11:32:1c:94:9e:a0:91:6e:a4:c9:89:a8:
         11:ec:bf:74:c5:a8:8c:d5:18:77:92:11:f8:2e:ea:aa:ac:54:
         b9:35:22:3f:f9:ef:7b:ca:93:3e:23:25:43:83:49:75:ac:9c:
         b4:7f:2c:91:1c:50:20:df:27:f7:6c:98:e2:65:e9:61:7c:a0:
         4b:1c:f7:3a:c5:7d:8a:6c:fb:ca:1f:8e:29:80:cb:af:83:cf:
         3a:0b:44:78:1d:16:e5:e9:a0:b7:d1:38:6d:3b:b4:d2:96:a5:
         c4:78:7b:3e:fd:d8:65:3b:23:90:98:8e:5c:af:c8:bb:ec:4f:
         6e:50:1a:c3
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzIcCbRVMl9+O1oTTqGqMlNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDQzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTMwMDMwMGRlNTAwNWFkYTJiYjY2YzI2ODk5OGE0MGMzM2FkMjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmFq4IiW2qFPhwmB9DRHB3/zzJvs5
KIjNgLKPCbEqSNxnVvmAempi7kr49RT+7tgOZtcwt1sA4vCBUGYclMV851+aG7gB
ivJ1fRuwRYl4o6AhU+LJxu2DFKtf39Ymtjx8KTXQaBjmcGwLuqulavATROa0JZte
ZznZzfO3lWeUTt7eQe0TxMGNRiavuMOA6lEzpjpGCgf+ZiCYIaRxCWGYvuz3hlA8
guKpjV7Gek9FuHMiKGYC7JcIl0gTM1piuWNIbirRWJ7ZQj+ge4/lD64lawEgdwuq
TC/+ZnS18IggA6aFhKxI5fd0Q5DZJHou7ENpMk+xd8vCD6teLOM2O88yBwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFIEwAwDeUAWtortmwmiZikDDOtI7MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVjL2RiYWQ4
OC1mODE4LTQzMWUtODdhNi1kZmVlOTg0MDM3YWMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWMvZGJhZDg4
LWY4MTgtNDMxZS04N2E2LWRmZWU5ODQwMzdhYy8xL2dUQURBTjVRQmEyaXUyYkNh
Sm1LUU1NNjBqcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwY2wMA0GCSqGSIb3DQEBCwUAA4IBAQCpw079
Vh7GpTYFMXTEgZySSDdumWlbzCLBITlY1nPg5aeEdrS9ARc+hsQGs63Z+IsuJZmu
gGJeoWDtNG9nU5fhAQbv2ed+4vvRy3cwff1xPcglS0CIig6UBofscV+eW8SIB1bB
WyT2+ttqQVRA6e6ZczdX8RW+W3jB5Kz60nPsRxPiGJsRMhyUnqCRbqTJiagR7L90
xaiM1Rh3khH4LuqqrFS5NSI/+e97ypM+IyVDg0l1rJy0fyyRHFAg3yf3bJjiZelh
fKBLHPc6xX2KbPvKH44pgMuvg886C0R4HRbl6aC30ThtO7TSlqXEeHs+/dhlOyOQ
mI5cr8i77E9uUBrD
-----END CERTIFICATE-----