Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ggYltmnomnWueN8AgdbwG2fHs88.cer
File:                     ggYltmnomnWueN8AgdbwG2fHs88.cer (raw, json)
Hash identifier:          cBW8VTq+mOksPR3mT3ZhrXYSKlUSCvhrhSB/Pxh+C/U=
Subject key identifier:   82:06:25:B6:69:E8:9A:75:AE:78:DF:00:81:D6:F0:1B:67:C7:B3:CF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC26D0F146A689BC9E3F9AF7C831122AC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d4/50013a-fb19-45cf-ad8a-326c1e370bcf/1/ggYltmnomnWueN8AgdbwG2fHs88.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d4/50013a-fb19-45cf-ad8a-326c1e370bcf/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 00:29:36 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 194.110.207.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:0f:14:6a:68:9b:c9:e3:f9:af:7c:83:11:22:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=820625b669e89a75ae78df0081d6f01b67c7b3cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:c4:e5:7b:01:0f:2d:73:eb:04:61:dc:f5:73:
                    cd:8a:b5:f5:04:a0:fa:46:21:7a:74:7c:1a:4a:c1:
                    1d:59:af:67:5f:ea:a4:ab:37:46:bf:85:52:16:01:
                    af:2b:32:f6:9c:b4:7a:d6:b2:ef:86:52:a9:3e:8e:
                    c4:7c:20:59:98:d7:e3:be:84:53:09:1b:18:d0:d0:
                    94:81:66:ba:51:a1:ce:0c:2b:9c:4c:53:79:ca:7c:
                    52:9c:d0:d5:ef:09:74:97:07:54:21:87:03:a4:45:
                    dc:42:03:08:2e:a9:6b:bf:38:1b:48:1a:d2:ac:ad:
                    0d:28:9c:a0:9e:cf:2f:90:e7:f9:88:dd:1c:49:bf:
                    ad:88:fd:66:4b:4c:4f:8e:5a:bf:0e:5b:e1:9c:77:
                    a3:f4:d2:76:ad:3e:fa:fa:18:dc:00:f3:5f:f7:d7:
                    3c:14:32:a9:1c:f7:f9:fd:30:0a:39:4f:b7:17:0a:
                    ed:fa:c5:a2:34:40:a5:4f:13:ef:7f:aa:88:a1:0d:
                    53:2b:30:71:97:94:d4:73:7e:fa:a6:8a:54:a0:ae:
                    32:77:1f:ae:44:53:a1:2f:0c:6f:7c:74:62:84:e9:
                    cb:b2:fc:37:93:74:b1:74:ea:88:0b:3f:60:a9:8d:
                    ea:8f:fe:e2:21:0f:c4:5d:7d:67:d6:b0:a3:18:b3:
                    3d:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:06:25:B6:69:E8:9A:75:AE:78:DF:00:81:D6:F0:1B:67:C7:B3:CF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/50013a-fb19-45cf-ad8a-326c1e370bcf/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/50013a-fb19-45cf-ad8a-326c1e370bcf/1/ggYltmnomnWueN8AgdbwG2fHs88.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:8a:d2:50:27:34:b1:72:8e:f7:9c:9f:4a:c3:0a:47:55:ea:
         74:3b:3f:c7:1e:b9:35:b2:3c:62:52:73:28:dd:df:45:58:b1:
         14:81:29:3e:e1:9c:72:ec:86:76:8c:ac:79:6b:3c:29:79:22:
         29:dc:fd:7c:f6:08:51:74:70:f6:30:f6:c8:62:e4:ab:0b:c5:
         c2:ec:ef:0d:f5:03:59:7c:5a:f2:a9:a1:44:99:5e:20:1d:d6:
         2c:b2:5b:5b:c4:a5:db:2a:8d:92:a3:76:fa:cb:35:3b:6f:75:
         14:8c:25:bd:b1:64:03:9e:f1:69:de:77:12:ac:94:81:c0:40:
         90:2e:53:c6:7a:97:23:53:cf:55:3d:5f:b9:ba:3d:7b:3e:8d:
         5d:55:53:3f:8c:79:cc:9f:09:8b:fc:b9:57:d7:ef:45:b1:2b:
         88:22:b8:e7:19:9d:0e:f5:2c:11:5f:b4:12:e1:f5:76:2c:5f:
         07:c3:ba:96:cd:da:7c:3a:cb:1a:97:82:0c:1b:e8:05:83:a7:
         01:40:66:e6:1e:56:b2:c8:86:77:32:84:3e:14:95:8e:97:ca:
         1d:e3:88:ad:26:70:94:5c:55:12:c5:3f:02:cd:ae:70:07:14:
         57:70:73:24:9d:10:50:71:9a:67:2a:2f:1b:e8:e2:4f:d6:32:
         16:62:cf:e1
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzCbQ8UamibyeP5r3yDESKsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjA2MjViNjY5ZTg5YTc1YWU3OGRmMDA4MWQ2ZjAxYjY3YzdiM2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA88TlewEPLXPrBGHc9XPNirX1BKD6
RiF6dHwaSsEdWa9nX+qkqzdGv4VSFgGvKzL2nLR61rLvhlKpPo7EfCBZmNfjvoRT
CRsY0NCUgWa6UaHODCucTFN5ynxSnNDV7wl0lwdUIYcDpEXcQgMILqlrvzgbSBrS
rK0NKJygns8vkOf5iN0cSb+tiP1mS0xPjlq/DlvhnHej9NJ2rT76+hjcAPNf99c8
FDKpHPf5/TAKOU+3Fwrt+sWiNEClTxPvf6qIoQ1TKzBxl5TUc376popUoK4ydx+u
RFOhLwxvfHRihOnLsvw3k3SxdOqICz9gqY3qj/7iIQ/EXX1n1rCjGLM99wIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFIIGJbZp6Jp1rnjfAIHW8Btnx7PPMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q0LzUwMDEz
YS1mYjE5LTQ1Y2YtYWQ4YS0zMjZjMWUzNzBiY2YvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDQvNTAwMTNh
LWZiMTktNDVjZi1hZDhhLTMyNmMxZTM3MGJjZi8xL2dnWWx0bW5vbW5XdWVOOEFn
ZGJ3RzJmSHM4OC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwm7PMA0GCSqGSIb3DQEBCwUAA4IBAQAWitJQ
JzSxco73nJ9KwwpHVep0Oz/HHrk1sjxiUnMo3d9FWLEUgSk+4Zxy7IZ2jKx5azwp
eSIp3P189ghRdHD2MPbIYuSrC8XC7O8N9QNZfFryqaFEmV4gHdYssltbxKXbKo2S
o3b6yzU7b3UUjCW9sWQDnvFp3ncSrJSBwECQLlPGepcjU89VPV+5uj17Po1dVVM/
jHnMnwmL/LlX1+9FsSuIIrjnGZ0O9SwRX7QS4fV2LF8Hw7qWzdp8Ossal4IMG+gF
g6cBQGbmHlayyIZ3MoQ+FJWOl8od44itJnCUXFUSxT8Cza5wBxRXcHMknRBQcZpn
Ki8b6OJP1jIWYs/h
-----END CERTIFICATE-----