Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/hNYNLcatgqJXDgAA_dmTlIvEVNg.cer
File:                     hNYNLcatgqJXDgAA_dmTlIvEVNg.cer (raw, json)
Hash identifier:          vci8TQTy2X7U6ReE+TVwtIWCXUmJRjM35sTZQFJag4E=
Subject key identifier:   84:D6:0D:2D:C6:AD:82:A2:57:0E:00:00:FD:D9:93:94:8B:C4:54:D8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC794CA0C82EB4CD0BCC002A678CEC1C0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/hNYNLcatgqJXDgAA_dmTlIvEVNg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:31:06 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.98.159.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:ca:0c:82:eb:4c:d0:bc:c0:02:a6:78:ce:c1:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84d60d2dc6ad82a2570e0000fdd993948bc454d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b6:9a:06:f7:d9:3f:4b:97:4d:b4:19:21:45:
                    d6:10:7c:f9:18:f1:e4:0f:67:20:30:a9:9d:a4:02:
                    f4:df:e3:dc:e8:fb:14:37:e8:f1:9d:6d:9a:65:0c:
                    ba:56:01:70:af:57:c0:ae:a5:b6:d9:e9:84:5f:e1:
                    01:2f:7e:ab:6e:19:8c:7f:39:15:4c:cf:6c:35:49:
                    47:17:28:a6:f0:5a:80:02:a8:3f:f9:58:9b:40:ed:
                    9d:a3:ce:cd:f7:25:dd:d0:52:0f:47:3c:35:b1:32:
                    49:31:ba:95:d9:4f:3a:2c:52:31:5a:b1:c0:62:fa:
                    e2:4a:65:4a:c9:8c:96:88:4a:a8:8d:29:76:12:21:
                    6b:45:ae:1b:b9:8e:66:ff:52:17:a1:90:2f:13:ff:
                    87:98:e5:bd:04:23:ad:cd:5a:6e:84:9c:86:16:8d:
                    b0:97:b6:f9:f3:07:c3:7b:15:31:be:da:58:63:30:
                    19:24:8d:72:9e:6a:13:ca:20:a1:44:22:3b:77:67:
                    34:07:b4:78:fb:94:be:f5:a0:40:0b:74:23:c9:a3:
                    4b:21:e8:d6:0d:a1:4f:85:06:2c:48:69:16:93:b4:
                    49:31:aa:76:67:3f:eb:5f:7f:31:b2:43:62:c6:a8:
                    52:4f:45:ae:58:fb:25:69:32:7d:70:ac:60:35:59:
                    92:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:D6:0D:2D:C6:AD:82:A2:57:0E:00:00:FD:D9:93:94:8B:C4:54:D8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/hNYNLcatgqJXDgAA_dmTlIvEVNg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:93:8e:eb:c1:a4:65:6f:ba:74:45:f8:7e:25:fc:22:97:71:
         94:2d:41:89:e2:69:17:83:dd:b6:af:d2:22:b3:05:a1:ef:61:
         9e:0d:2f:99:c2:fd:b4:7d:d9:be:91:8d:65:6d:3f:69:50:50:
         dc:62:5c:78:32:08:7c:2a:41:ab:82:a2:2f:e3:c5:e2:77:ce:
         7f:99:11:17:31:69:ae:e0:7d:59:da:ab:6b:41:2e:3e:6c:7e:
         49:4f:02:61:d8:ae:97:53:59:c3:6d:81:3e:01:ec:e0:dc:13:
         4e:c1:3a:4e:b0:07:31:b7:34:85:52:a8:d0:9e:97:84:09:c9:
         77:35:84:a8:86:c7:ca:46:45:93:dc:72:d1:a8:2b:90:c4:47:
         63:bc:e5:42:08:58:21:7d:48:de:03:f1:ee:1f:01:0e:7e:8f:
         06:4d:82:14:b4:1a:97:16:de:03:08:2b:b1:ca:e6:e1:bf:0f:
         85:77:d7:42:fd:42:47:12:b2:91:f6:03:5d:68:03:14:16:e2:
         e5:ca:d4:3e:26:4a:50:0e:19:73:6b:64:8a:0a:00:4a:80:f5:
         4d:cb:1b:10:2f:80:8d:6a:f4:e7:b7:f7:57:de:18:25:9f:3c:
         e7:4a:e4:7c:f8:56:d0:f6:6b:14:77:ad:33:1e:b2:94:2a:76:
         58:3b:2d:3b
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzHlMoMgutM0LzAAqZ4zsHAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGQ2MGQyZGM2YWQ4MmEyNTcwZTAwMDBmZGQ5OTM5NDhiYzQ1NGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLaaBvfZP0uXTbQZIUXWEHz5GPHk
D2cgMKmdpAL03+Pc6PsUN+jxnW2aZQy6VgFwr1fArqW22emEX+EBL36rbhmMfzkV
TM9sNUlHFyim8FqAAqg/+VibQO2do87N9yXd0FIPRzw1sTJJMbqV2U86LFIxWrHA
YvriSmVKyYyWiEqojSl2EiFrRa4buY5m/1IXoZAvE/+HmOW9BCOtzVpuhJyGFo2w
l7b58wfDexUxvtpYYzAZJI1ynmoTyiChRCI7d2c0B7R4+5S+9aBAC3QjyaNLIejW
DaFPhQYsSGkWk7RJMap2Zz/rX38xskNixqhST0WuWPslaTJ9cKxgNVmSLQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFITWDS3GrYKiVw4AAP3Zk5SLxFTYMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc2LzUwZDlj
Ni1mMjRhLTQ0YWYtOGFlMC01NGY2YmM4NWFhYzAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzYvNTBkOWM2
LWYyNGEtNDRhZi04YWUwLTU0ZjZiYzg1YWFjMC8xL2hOWU5MY2F0Z3FKWERnQUFf
ZG1UbEl2RVZOZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAuWKfMA0GCSqGSIb3DQEBCwUAA4IBAQBAk47r
waRlb7p0Rfh+Jfwil3GULUGJ4mkXg922r9IiswWh72GeDS+Zwv20fdm+kY1lbT9p
UFDcYlx4Mgh8KkGrgqIv48Xid85/mREXMWmu4H1Z2qtrQS4+bH5JTwJh2K6XU1nD
bYE+Aezg3BNOwTpOsAcxtzSFUqjQnpeECcl3NYSohsfKRkWT3HLRqCuQxEdjvOVC
CFghfUjeA/HuHwEOfo8GTYIUtBqXFt4DCCuxyubhvw+Fd9dC/UJHErKR9gNdaAMU
FuLlytQ+JkpQDhlza2SKCgBKgPVNyxsQL4CNavTnt/dX3hglnzznSuR8+FbQ9msU
d60zHrKUKnZYOy07
-----END CERTIFICATE-----