Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/geTmB1l46pR2tkHOAIx4erKOXRM.cer
File:                     geTmB1l46pR2tkHOAIx4erKOXRM.cer (raw, json)
Hash identifier:          +RoOGG2grVvm7lSGzyAAFfpkMl5uIIX2aQUZeCwxJ6g=
Subject key identifier:   81:E4:E6:07:59:78:EA:94:76:B6:41:CE:00:8C:78:7A:B2:8E:5D:13
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC94C23DBD3D1BF9ECF5FD0A5266AC79E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4d/793709-ee58-4f76-b308-862b86b6e642/1/geTmB1l46pR2tkHOAIx4erKOXRM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4d/793709-ee58-4f76-b308-862b86b6e642/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 08:30:59 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.65.188.0/22
                          IP: 2a03:1c20::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:23:db:d3:d1:bf:9e:cf:5f:d0:a5:26:6a:c7:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81e4e6075978ea9476b641ce008c787ab28e5d13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:8f:32:c1:14:e5:1a:09:4d:db:15:4e:35:23:
                    ed:c3:ef:4a:38:f8:36:69:06:55:56:37:7c:b9:d0:
                    28:9d:4d:25:6d:48:e6:9f:15:cf:59:5e:2e:d2:80:
                    10:00:a0:9e:23:dc:8e:7b:de:ae:c7:62:75:b6:16:
                    61:70:83:dc:48:ff:78:94:b6:d5:c6:b9:77:d3:02:
                    6a:4b:37:23:16:c7:40:a1:18:4d:e1:c4:8d:7c:21:
                    7d:5f:0e:a4:97:45:47:85:91:54:4a:6d:36:09:e2:
                    e5:04:ba:d2:70:d7:0a:e3:74:a2:9c:a8:06:a3:4f:
                    8b:3a:1f:dd:b5:92:5d:e4:07:4e:e6:4a:68:6b:f9:
                    47:e8:51:b6:c9:e7:16:62:a5:6b:a3:40:eb:97:62:
                    82:8b:6c:cb:12:f5:9d:a6:f4:af:38:5b:32:f0:15:
                    96:d7:bb:85:0b:52:0f:9a:9f:d4:f1:ad:a0:5d:c9:
                    a6:6d:8c:af:95:63:5f:e3:5f:de:0c:92:1c:82:6f:
                    4c:c2:73:52:15:bf:31:74:02:95:ee:94:a9:16:76:
                    bf:cf:7e:db:ac:41:02:f1:5d:76:91:71:00:47:00:
                    f7:b1:60:ad:12:cd:e1:7a:10:1e:df:6d:a1:95:7e:
                    74:db:e9:be:5b:33:32:d8:6b:45:a8:16:22:a1:0a:
                    1c:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:E4:E6:07:59:78:EA:94:76:B6:41:CE:00:8C:78:7A:B2:8E:5D:13
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/793709-ee58-4f76-b308-862b86b6e642/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/793709-ee58-4f76-b308-862b86b6e642/1/geTmB1l46pR2tkHOAIx4erKOXRM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.188.0/22
                IPv6:
                  2a03:1c20::/32

    Signature Algorithm: sha256WithRSAEncryption
         18:29:be:8e:ba:aa:5d:0b:b6:fa:df:e3:c5:a3:7b:f1:d8:f1:
         f2:7c:37:a9:5c:21:d0:f5:4f:6d:60:5a:3a:b6:d0:18:b6:78:
         25:0b:7d:ba:f0:03:12:f7:a4:34:1f:88:f9:bb:8d:06:01:88:
         07:2c:7f:89:a9:67:ac:e4:dc:76:c3:c4:17:0f:a5:6e:3e:4f:
         ac:73:9a:8c:67:06:ad:ab:a7:16:78:6a:dc:26:1f:d9:0c:7b:
         b8:42:61:74:39:59:18:db:a1:ef:dc:60:e1:d7:9d:04:a5:4d:
         c8:11:d7:50:e1:17:25:5c:f6:cb:bf:12:69:20:4b:32:e3:1b:
         49:81:4c:97:75:9a:90:c6:9e:4d:e1:a4:21:16:aa:a8:47:fe:
         d9:8b:32:1a:3f:03:eb:4d:95:67:d4:c6:69:c6:45:80:4c:7b:
         c5:4f:cd:76:cc:28:7e:d6:1c:36:80:78:44:7b:47:0e:23:e1:
         fa:0b:a0:70:10:9c:50:cf:33:22:65:cb:78:c3:e8:bf:76:82:
         4e:a0:d7:fb:70:a1:01:0f:dc:71:5e:ed:a4:d8:ab:fc:4c:ae:
         37:70:06:84:f0:50:34:f5:72:03:e2:db:e1:c1:22:90:88:02:
         13:e6:17:6b:e4:74:6c:d3:b8:bd:cd:33:4f:9b:b9:95:3d:0a:
         d7:65:d6:d3
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzJTCPb09G/ns9f0KUmaseeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDgzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWU0ZTYwNzU5NzhlYTk0NzZiNjQxY2UwMDhjNzg3YWIyOGU1ZDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2I8ywRTlGglN2xVONSPtw+9KOPg2
aQZVVjd8udAonU0lbUjmnxXPWV4u0oAQAKCeI9yOe96ux2J1thZhcIPcSP94lLbV
xrl30wJqSzcjFsdAoRhN4cSNfCF9Xw6kl0VHhZFUSm02CeLlBLrScNcK43SinKgG
o0+LOh/dtZJd5AdO5kpoa/lH6FG2yecWYqVro0Drl2KCi2zLEvWdpvSvOFsy8BWW
17uFC1IPmp/U8a2gXcmmbYyvlWNf41/eDJIcgm9MwnNSFb8xdAKV7pSpFna/z37b
rEEC8V12kXEARwD3sWCtEs3hehAe322hlX502+m+WzMy2GtFqBYioQocdwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFIHk5gdZeOqUdrZBzgCMeHqyjl0TMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRkLzc5Mzcw
OS1lZTU4LTRmNzYtYjMwOC04NjJiODZiNmU2NDIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGQvNzkzNzA5
LWVlNTgtNGY3Ni1iMzA4LTg2MmI4NmI2ZTY0Mi8xL2dlVG1CMWw0NnBSMnRrSE9B
SXg0ZXJLT1hSTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuUG8MA0EAgACMAcDBQAqAxwgMA0GCSqGSIb3
DQEBCwUAA4IBAQAYKb6OuqpdC7b63+PFo3vx2PHyfDepXCHQ9U9tYFo6ttAYtngl
C3268AMS96Q0H4j5u40GAYgHLH+JqWes5Nx2w8QXD6VuPk+sc5qMZwatq6cWeGrc
Jh/ZDHu4QmF0OVkY26Hv3GDh150EpU3IEddQ4RclXPbLvxJpIEsy4xtJgUyXdZqQ
xp5N4aQhFqqoR/7ZizIaPwPrTZVn1MZpxkWATHvFT812zCh+1hw2gHhEe0cOI+H6
C6BwEJxQzzMiZct4w+i/doJOoNf7cKEBD9xxXu2k2Kv8TK43cAaE8FA09XID4tvh
wSKQiAIT5hdr5HRs07i9zTNPm7mVPQrXZdbT
-----END CERTIFICATE-----