Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/gjBe4me-aOgrPV1pxO0GWy4jn-U.cer
File:                     gjBe4me-aOgrPV1pxO0GWy4jn-U.cer (raw, json)
Hash identifier:          jo2P6kGjZr8gt0RO18Lx3KYXwdGt56IS7ceYyL+Jvjk=
Subject key identifier:   82:30:5E:E2:67:BE:68:E8:2B:3D:5D:69:C4:ED:06:5B:2E:23:9F:E5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DAFC645E1489F122DA7D5777CD9E3D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e2/c09df3-81fe-457b-b527-239987d4f98c/1/gjBe4me-aOgrPV1pxO0GWy4jn-U.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e2/c09df3-81fe-457b-b527-239987d4f98c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:40 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 195.211.49.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:fc:64:5e:14:89:f1:22:da:7d:57:77:cd:9e:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82305ee267be68e82b3d5d69c4ed065b2e239fe5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:12:78:03:b5:f5:e2:30:9b:47:c9:bc:e8:ac:
                    a4:66:e5:27:5c:71:eb:df:de:9c:3a:02:86:72:65:
                    ea:13:cf:d6:bd:6d:ff:8e:14:b3:35:4a:4b:2c:24:
                    a0:2c:14:bd:b6:fa:7f:40:af:88:23:2e:5c:bb:87:
                    9b:e4:82:0f:57:5d:4a:a7:20:53:86:71:66:81:d9:
                    7b:0f:65:e3:c8:24:16:52:45:ef:1e:5d:c7:4f:95:
                    71:96:25:d9:f1:e5:31:58:c2:df:42:39:6a:35:a1:
                    48:73:0d:ae:b4:5c:2a:cc:6d:3f:b3:bb:b8:6c:b7:
                    57:e2:5e:63:71:4d:6e:50:3e:1f:20:54:cf:86:7e:
                    ac:b5:be:0e:b0:2c:c8:74:5a:66:ab:70:6e:cd:3c:
                    bf:47:d1:13:9d:60:0f:cc:03:ab:8c:d8:8f:b4:bb:
                    70:ab:40:fc:1c:19:d4:48:ef:de:71:ae:47:56:10:
                    53:a9:e6:ba:5a:4b:95:21:ae:27:05:65:8d:be:aa:
                    31:04:e1:45:72:58:a4:a8:13:bb:9b:98:55:4b:5b:
                    f6:8e:6a:b1:5d:4d:36:71:7c:8f:46:52:f3:4b:36:
                    7e:66:04:23:5c:33:18:78:ba:45:45:63:02:d8:82:
                    60:42:c3:4c:eb:de:26:ea:4c:f9:3a:ba:3f:fe:f7:
                    18:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:30:5E:E2:67:BE:68:E8:2B:3D:5D:69:C4:ED:06:5B:2E:23:9F:E5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c09df3-81fe-457b-b527-239987d4f98c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c09df3-81fe-457b-b527-239987d4f98c/1/gjBe4me-aOgrPV1pxO0GWy4jn-U.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.211.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:53:e5:29:e3:2f:1b:d1:e4:15:d1:eb:0b:c7:62:86:75:26:
         70:ff:dc:cc:55:cb:ef:31:16:f5:1a:9d:b8:4e:2f:b9:30:60:
         e9:bd:c1:1a:d2:68:3a:a5:9a:e7:67:e4:82:90:cc:c2:b5:95:
         c4:3f:e1:81:8c:56:92:29:14:a4:38:d4:34:2c:7e:80:17:a9:
         98:7b:f8:01:e4:b0:f9:8f:36:7d:10:eb:6a:47:b6:e2:b2:49:
         8f:51:25:7e:d3:bf:22:6b:44:41:69:e7:c0:0d:8e:53:c1:32:
         b7:8d:6a:7f:b2:25:98:5b:78:58:45:2e:5a:67:f2:ab:bc:b1:
         8e:db:8a:08:a2:de:ff:08:57:bf:fe:9a:dc:64:6f:40:53:13:
         6a:c0:7d:b7:fa:b3:26:98:64:50:eb:87:ba:ba:f9:25:23:f7:
         5a:28:89:7e:76:06:70:39:04:a2:96:88:80:48:d4:df:9e:d2:
         cb:bd:52:12:90:e1:1e:36:4c:36:04:62:33:38:d2:79:e2:a4:
         2a:22:5b:f0:dd:47:97:9e:75:4f:6f:a5:ee:1f:b0:ba:59:4a:
         9a:1d:b7:56:55:6d:f4:8d:c4:2b:48:91:1a:96:c3:eb:ae:fd:
         b6:63:71:ec:18:2f:db:17:b8:b7:2b:88:ef:cb:b2:63:d1:cf:
         c8:78:94:56
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzC2vxkXhSJ8SLafVd3zZ49MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjMwNWVlMjY3YmU2OGU4MmIzZDVkNjljNGVkMDY1YjJlMjM5ZmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1xJ4A7X14jCbR8m86KykZuUnXHHr
396cOgKGcmXqE8/WvW3/jhSzNUpLLCSgLBS9tvp/QK+IIy5cu4eb5IIPV11KpyBT
hnFmgdl7D2XjyCQWUkXvHl3HT5VxliXZ8eUxWMLfQjlqNaFIcw2utFwqzG0/s7u4
bLdX4l5jcU1uUD4fIFTPhn6stb4OsCzIdFpmq3BuzTy/R9ETnWAPzAOrjNiPtLtw
q0D8HBnUSO/eca5HVhBTqea6WkuVIa4nBWWNvqoxBOFFclikqBO7m5hVS1v2jmqx
XU02cXyPRlLzSzZ+ZgQjXDMYeLpFRWMC2IJgQsNM694m6kz5Oro//vcY3wIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFIIwXuJnvmjoKz1dacTtBlsuI5/lMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2UyL2MwOWRm
My04MWZlLTQ1N2ItYjUyNy0yMzk5ODdkNGY5OGMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvYzA5ZGYz
LTgxZmUtNDU3Yi1iNTI3LTIzOTk4N2Q0Zjk4Yy8xL2dqQmU0bWUtYU9nclBWMXB4
TzBHV3k0am4tVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAw9MxMA0GCSqGSIb3DQEBCwUAA4IBAQBdU+Up
4y8b0eQV0esLx2KGdSZw/9zMVcvvMRb1Gp24Ti+5MGDpvcEa0mg6pZrnZ+SCkMzC
tZXEP+GBjFaSKRSkONQ0LH6AF6mYe/gB5LD5jzZ9EOtqR7biskmPUSV+078ia0RB
aefADY5TwTK3jWp/siWYW3hYRS5aZ/KrvLGO24oIot7/CFe//prcZG9AUxNqwH23
+rMmmGRQ64e6uvklI/daKIl+dgZwOQSiloiASNTfntLLvVISkOEeNkw2BGIzONJ5
4qQqIlvw3UeXnnVPb6XuH7C6WUqaHbdWVW30jcQrSJEalsPrrv22Y3HsGC/bF7i3
K4jvy7Jj0c/IeJRW
-----END CERTIFICATE-----