Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/guS0v-5FTQqkcKXAqUEDSdSh13Q.cer
File:                     guS0v-5FTQqkcKXAqUEDSdSh13Q.cer (raw, json)
Hash identifier:          Q3vEV919TnSNbaezH19Uv79Ayo7xdFSSn5j2312oNos=
Subject key identifier:   82:E4:B4:BF:EE:45:4D:0A:A4:70:A5:C0:A9:41:03:49:D4:A1:D7:74
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018F386E0FFDC7074955380BC6632BFD66BE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/87/e0ccb4-0faf-4865-961f-37abe97960d5/1/guS0v-5FTQqkcKXAqUEDSdSh13Q.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/87/e0ccb4-0faf-4865-961f-37abe97960d5/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 May 2024 08:31:28 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.113.228.0/22
                          IP: 2a03:3080::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:38:6e:0f:fd:c7:07:49:55:38:0b:c6:63:2b:fd:66:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: May  2 08:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82e4b4bfee454d0aa470a5c0a9410349d4a1d774
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:7e:5b:cb:aa:ec:f2:07:20:5f:bf:b7:5c:1c:
                    09:4b:43:5a:06:49:87:6f:42:48:5c:15:c8:13:de:
                    09:01:7a:67:89:8f:6c:ee:aa:19:e8:10:a2:da:b3:
                    c4:7f:bf:0d:59:53:f0:95:87:ef:28:f8:71:d7:99:
                    67:eb:63:62:70:73:4e:74:d8:2e:3e:e3:b5:87:06:
                    28:27:0c:05:2f:49:2b:2a:f3:bc:e5:b4:f4:56:aa:
                    c4:6d:45:96:81:65:cd:be:e5:ca:d7:97:14:fe:22:
                    ea:f9:6a:b0:17:2c:39:d4:cd:a1:07:ff:cf:b1:55:
                    69:96:2c:bb:3e:78:ba:04:be:98:9a:cf:a8:42:45:
                    3b:a9:b6:d5:d4:59:0d:c2:04:ae:01:da:99:0d:e9:
                    45:28:e3:ff:7c:2c:7e:3c:98:ca:a2:6a:9a:19:3a:
                    ab:8d:02:c1:05:50:b1:90:30:32:a7:12:ac:90:10:
                    2a:bf:b5:80:96:70:17:81:59:ca:1a:e7:99:9d:27:
                    88:45:af:53:c6:5d:2f:c6:d4:17:cb:b8:96:8d:80:
                    6d:45:6b:9b:83:1a:bd:4c:3f:5d:fd:2c:6f:54:e7:
                    d6:6f:0d:00:0f:51:30:4e:2f:85:72:9d:75:e2:8f:
                    03:5b:1d:82:2d:af:9b:e0:bc:80:d9:ec:89:db:5e:
                    a4:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:E4:B4:BF:EE:45:4D:0A:A4:70:A5:C0:A9:41:03:49:D4:A1:D7:74
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/e0ccb4-0faf-4865-961f-37abe97960d5/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/e0ccb4-0faf-4865-961f-37abe97960d5/1/guS0v-5FTQqkcKXAqUEDSdSh13Q.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.113.228.0/22
                IPv6:
                  2a03:3080::/32

    Signature Algorithm: sha256WithRSAEncryption
         70:fa:97:43:a4:34:c8:1d:df:48:25:54:bc:14:08:51:c1:e8:
         d6:8f:06:72:70:e4:d1:db:fc:c4:f5:56:de:5f:7e:87:a2:d8:
         e3:d2:7c:cf:a8:7e:57:12:34:91:73:b1:93:3a:6c:af:bb:3a:
         2d:63:f5:14:5c:58:b4:fb:54:69:91:c1:54:67:4f:72:da:4c:
         11:62:93:f3:c8:e4:72:99:2c:97:cd:21:61:eb:16:8c:ff:ae:
         3b:c6:a5:1d:51:4d:fb:2b:57:c5:5c:8b:35:ce:89:ef:24:6b:
         9d:36:38:82:a9:7f:46:96:db:35:02:ad:21:31:38:ad:8c:4b:
         28:93:42:49:5e:31:d0:ac:32:92:54:f6:68:6c:40:01:0e:d6:
         75:d0:6d:76:66:38:25:01:d3:c0:2a:0e:55:44:8d:26:08:cc:
         11:f4:b1:8e:4d:ce:c3:d1:2a:02:a8:7c:3f:35:9e:49:dd:eb:
         19:6c:e7:56:63:27:e5:f6:1d:be:f7:2b:1f:31:61:39:df:f5:
         b5:e8:b9:ac:22:66:e2:85:b7:41:f6:d6:d7:47:30:10:08:82:
         76:95:80:bb:ce:de:7d:f6:f9:3a:06:0e:ec:e1:3e:01:17:fc:
         94:05:08:58:70:4f:cb:89:6c:27:48:67:44:da:e2:43:67:17:
         40:af:28:30
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAY84bg/9xwdJVTgLxmMr/Wa+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNTAyMDgzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmU0YjRiZmVlNDU0ZDBhYTQ3MGE1YzBhOTQxMDM0OWQ0YTFkNzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnn5by6rs8gcgX7+3XBwJS0NaBkmH
b0JIXBXIE94JAXpniY9s7qoZ6BCi2rPEf78NWVPwlYfvKPhx15ln62NicHNOdNgu
PuO1hwYoJwwFL0krKvO85bT0VqrEbUWWgWXNvuXK15cU/iLq+WqwFyw51M2hB//P
sVVpliy7Pni6BL6Yms+oQkU7qbbV1FkNwgSuAdqZDelFKOP/fCx+PJjKomqaGTqr
jQLBBVCxkDAypxKskBAqv7WAlnAXgVnKGueZnSeIRa9Txl0vxtQXy7iWjYBtRWub
gxq9TD9d/SxvVOfWbw0AD1EwTi+Fcp114o8DWx2CLa+b4LyA2eyJ216kCwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFILktL/uRU0KpHClwKlBA0nUodd0MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg3L2UwY2Ni
NC0wZmFmLTQ4NjUtOTYxZi0zN2FiZTk3OTYwZDUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODcvZTBjY2I0
LTBmYWYtNDg2NS05NjFmLTM3YWJlOTc5NjBkNS8xL2d1UzB2LTVGVFFxa2NLWEFx
VUVEU2RTaDEzUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuXHkMA0EAgACMAcDBQAqAzCAMA0GCSqGSIb3
DQEBCwUAA4IBAQBw+pdDpDTIHd9IJVS8FAhRwejWjwZycOTR2/zE9VbeX36Hotjj
0nzPqH5XEjSRc7GTOmyvuzotY/UUXFi0+1RpkcFUZ09y2kwRYpPzyORymSyXzSFh
6xaM/647xqUdUU37K1fFXIs1zonvJGudNjiCqX9Glts1Aq0hMTitjEsok0JJXjHQ
rDKSVPZobEABDtZ10G12ZjglAdPAKg5VRI0mCMwR9LGOTc7D0SoCqHw/NZ5J3esZ
bOdWYyfl9h2+9ysfMWE53/W16LmsImbihbdB9tbXRzAQCIJ2lYC7zt599vk6Bg7s
4T4BF/yUBQhYcE/LiWwnSGdE2uJDZxdArygw
-----END CERTIFICATE-----