Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/glNFBYRfoKk_goWm2ovObR1yAN0.cer
File:                     glNFBYRfoKk_goWm2ovObR1yAN0.cer (raw, json)
Hash identifier:          YRvUmI9zPpwpSDd0dgcqPRUvkakMA/VNsKruPiKKSl8=
Subject key identifier:   82:53:45:05:84:5F:A0:A9:3F:82:85:A6:DA:8B:CE:6D:1D:72:00:DD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B72303D82E7DE8EE40367D97B4F80A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ee/6df248-ec5b-47d7-bdd0-47cc7d1abc6b/1/glNFBYRfoKk_goWm2ovObR1yAN0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ee/6df248-ec5b-47d7-bdd0-47cc7d1abc6b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:30:08 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 195.234.180.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:23:03:d8:2e:7d:e8:ee:40:36:7d:97:b4:f8:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82534505845fa0a93f8285a6da8bce6d1d7200dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:91:a1:d4:28:28:73:86:4a:22:3a:e7:23:69:
                    2f:9b:93:fe:b3:c1:96:c6:82:bd:5a:66:99:43:e5:
                    35:2e:a6:dd:a6:d3:af:cb:d8:b4:81:a2:e8:ff:84:
                    ec:1e:73:b8:72:4c:17:5f:c7:fd:67:b0:9a:a2:f7:
                    bc:ed:7d:9f:3f:c3:7e:78:42:44:86:ff:51:d5:5c:
                    cd:1c:4a:25:3f:28:f0:62:35:ec:7b:c1:ba:f0:b2:
                    8c:83:d2:be:8a:f9:91:9b:b4:d6:fe:22:d0:e1:1c:
                    c3:ef:f4:02:c0:7f:83:6b:d8:e0:c8:4a:71:ee:dd:
                    3d:46:d6:90:81:90:77:a6:96:4c:43:02:49:04:fc:
                    d2:9c:e8:e3:52:7f:f9:ff:e8:89:50:4a:bf:ec:b4:
                    22:85:23:fb:43:40:79:7a:78:9a:1f:87:e9:07:7e:
                    14:a3:4a:94:83:0e:38:75:55:e4:82:95:1f:6c:87:
                    35:85:ec:0f:34:15:51:e0:c2:27:23:ec:88:b6:4d:
                    54:ef:5c:bd:9c:fc:5c:79:d6:ee:eb:66:77:26:5e:
                    18:4b:aa:e9:13:e8:0e:9f:e2:cb:28:0f:b0:cc:32:
                    d4:bf:2a:4b:5d:b4:67:97:40:37:18:f1:12:cc:2e:
                    e8:8f:1c:76:d0:42:24:00:14:62:62:26:d4:ce:aa:
                    ba:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:53:45:05:84:5F:A0:A9:3F:82:85:A6:DA:8B:CE:6D:1D:72:00:DD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/6df248-ec5b-47d7-bdd0-47cc7d1abc6b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/6df248-ec5b-47d7-bdd0-47cc7d1abc6b/1/glNFBYRfoKk_goWm2ovObR1yAN0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:0d:de:87:4e:68:55:5a:80:55:0e:ab:82:6f:64:ba:af:cf:
         d1:c9:1a:df:01:83:4d:2a:79:f9:d3:71:5c:bb:a3:2c:6c:45:
         e4:18:f0:6c:77:11:cc:5c:8c:da:f3:b0:1c:1f:f3:8f:a7:e8:
         6d:41:a2:c7:22:38:f7:e0:5c:89:cc:81:5f:b1:a4:5c:09:f3:
         23:75:44:1f:e9:18:71:0e:06:cd:e3:b0:a0:7e:4a:ea:12:a9:
         b0:93:90:d1:7a:09:5a:08:ad:a1:8a:4e:b8:f0:ad:57:13:d7:
         a2:0b:11:57:b8:9c:7d:c4:ed:9e:f3:7d:4e:3e:49:25:26:cb:
         dd:2c:f0:6b:ba:3b:5f:0a:3b:13:56:c9:c9:4e:48:ff:e1:b1:
         38:a9:a9:2d:e7:31:a2:02:43:75:1b:f8:1c:21:ae:f0:13:57:
         a7:6e:f3:42:92:8b:2d:1e:d2:aa:51:a0:6e:27:61:f1:3c:6a:
         7a:9e:c4:89:42:a3:60:77:14:f1:c8:e5:7f:2c:3b:56:30:54:
         17:6d:f7:3d:97:a6:a9:9d:6b:15:ab:9f:f6:48:d6:8e:e2:d9:
         a8:87:b9:5c:ed:23:03:41:e1:8e:ff:8c:ff:7b:8f:49:b2:02:
         b2:68:7e:01:72:17:e3:3c:10:85:6c:29:b4:84:fe:04:0c:3e:
         b9:81:de:c1
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzDtyMD2C596O5ANn2XtPgKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjUzNDUwNTg0NWZhMGE5M2Y4Mjg1YTZkYThiY2U2ZDFkNzIwMGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZGh1Cgoc4ZKIjrnI2kvm5P+s8GW
xoK9WmaZQ+U1LqbdptOvy9i0gaLo/4TsHnO4ckwXX8f9Z7Caove87X2fP8N+eEJE
hv9R1VzNHEolPyjwYjXse8G68LKMg9K+ivmRm7TW/iLQ4RzD7/QCwH+Da9jgyEpx
7t09RtaQgZB3ppZMQwJJBPzSnOjjUn/5/+iJUEq/7LQihSP7Q0B5eniaH4fpB34U
o0qUgw44dVXkgpUfbIc1hewPNBVR4MInI+yItk1U71y9nPxcedbu62Z3Jl4YS6rp
E+gOn+LLKA+wzDLUvypLXbRnl0A3GPESzC7ojxx20EIkABRiYibUzqq6awIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFIJTRQWEX6CpP4KFptqLzm0dcgDdMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VlLzZkZjI0
OC1lYzViLTQ3ZDctYmRkMC00N2NjN2QxYWJjNmIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWUvNmRmMjQ4
LWVjNWItNDdkNy1iZGQwLTQ3Y2M3ZDFhYmM2Yi8xL2dsTkZCWVJmb0trX2dvV20y
b3ZPYlIxeUFOMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAw+q0MA0GCSqGSIb3DQEBCwUAA4IBAQCsDd6H
TmhVWoBVDquCb2S6r8/RyRrfAYNNKnn503Fcu6MsbEXkGPBsdxHMXIza87AcH/OP
p+htQaLHIjj34FyJzIFfsaRcCfMjdUQf6RhxDgbN47CgfkrqEqmwk5DReglaCK2h
ik648K1XE9eiCxFXuJx9xO2e831OPkklJsvdLPBrujtfCjsTVsnJTkj/4bE4qakt
5zGiAkN1G/gcIa7wE1enbvNCkostHtKqUaBuJ2HxPGp6nsSJQqNgdxTxyOV/LDtW
MFQXbfc9l6apnWsVq5/2SNaO4tmoh7lc7SMDQeGO/4z/e49JsgKyaH4BchfjPBCF
bCm0hP4EDD65gd7B
-----END CERTIFICATE-----