Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/iPDB0Q5OWnHjzVxda-6_d4oG4wQ.cer
File:                     iPDB0Q5OWnHjzVxda-6_d4oG4wQ.cer (raw, json)
Hash identifier:          ORp95a3hDHR4dtFmMiiU1jDCQqc2dOUM2XKSaSNCoXA=
Subject key identifier:   88:F0:C1:D1:0E:4E:5A:71:E3:CD:5C:5D:6B:EE:BF:77:8A:06:E3:04
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC492F15E89009A86A16A012269EF79B3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/94/42664a-0f47-49a6-b737-b28df8559529/1/iPDB0Q5OWnHjzVxda-6_d4oG4wQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/94/42664a-0f47-49a6-b737-b28df8559529/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 10:30:13 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 77.83.216.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:f1:5e:89:00:9a:86:a1:6a:01:22:69:ef:79:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 10:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88f0c1d10e4e5a71e3cd5c5d6beebf778a06e304
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:1c:ec:82:01:77:59:29:9a:05:47:91:f5:ad:
                    aa:d8:81:a2:e2:da:0a:b3:3d:b5:39:6b:11:fd:c3:
                    c1:38:44:38:2e:2f:cb:34:b1:03:2f:31:b4:25:7c:
                    27:6b:0c:ff:fa:c2:ea:57:81:70:b5:cb:49:1a:8b:
                    b8:9b:89:8e:63:83:d4:25:aa:4d:40:54:b8:c6:93:
                    f9:17:38:0f:2f:37:05:4e:b8:de:dc:0b:3a:a2:5c:
                    9e:c2:d6:38:b2:2c:3a:8d:77:1f:ed:68:76:da:9d:
                    03:db:7b:30:2f:7f:20:f0:74:ab:d7:d7:54:d9:c7:
                    43:22:4c:d3:40:23:64:5d:77:d6:29:40:82:89:b3:
                    23:ff:53:4c:8c:64:e3:e5:66:6f:70:f6:23:01:6d:
                    21:eb:1b:bf:a0:8e:15:9b:1e:e8:e9:dd:39:20:79:
                    0f:d5:8e:5e:4c:de:5d:56:dc:b1:0f:ec:7c:e9:3d:
                    58:61:20:1c:86:72:07:6b:bb:fe:f0:61:ce:31:e3:
                    87:1d:aa:71:00:fa:fc:d7:11:94:5a:33:6e:0c:85:
                    8d:e4:e1:2b:53:22:a0:02:f1:58:24:34:f7:ad:d7:
                    53:9b:1d:67:08:45:61:3d:ce:c9:4c:62:56:9b:dd:
                    cc:76:b8:cd:3e:86:c9:cc:36:09:95:08:de:ce:1e:
                    fd:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:F0:C1:D1:0E:4E:5A:71:E3:CD:5C:5D:6B:EE:BF:77:8A:06:E3:04
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/42664a-0f47-49a6-b737-b28df8559529/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/42664a-0f47-49a6-b737-b28df8559529/1/iPDB0Q5OWnHjzVxda-6_d4oG4wQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a3:7a:d8:8f:a9:b7:f4:26:ba:97:74:70:63:53:c4:29:ff:ad:
         0b:9d:36:d0:cf:6b:fa:ef:41:8e:41:04:67:7b:9a:58:0c:15:
         44:12:56:54:00:a1:c1:6a:47:3c:86:da:6d:df:2d:b8:bd:a1:
         3b:5b:32:24:3d:f0:fc:c8:71:50:8f:67:ad:ee:7e:a7:dd:4b:
         80:b2:04:b0:dc:18:46:bc:94:f9:68:5a:17:96:6b:b7:4a:b5:
         23:3e:6d:7a:87:27:75:12:1f:e4:2e:db:44:32:9e:ff:6f:08:
         e5:08:61:65:64:90:35:c6:af:50:93:bf:fe:8e:a4:43:26:01:
         c1:66:11:22:a5:59:b9:42:06:8e:42:b3:df:08:99:a8:cb:60:
         51:82:90:49:1d:4f:5a:d6:d2:63:8f:f9:fb:14:bf:d2:78:85:
         4c:f6:c4:20:0e:73:9c:cc:3f:35:b1:97:ef:1d:3f:cf:9a:0f:
         d8:cd:0e:a5:01:3a:9c:0e:9e:4d:35:53:e5:d3:14:30:39:a5:
         fa:ce:68:bf:c2:2c:e1:a0:92:6f:9b:3d:84:ae:60:60:af:78:
         a2:50:e6:8d:59:ce:21:8a:7e:f6:a1:eb:33:11:bf:55:e0:f1:
         43:83:eb:2d:02:9f:4f:e6:d4:5a:db:9d:ce:76:82:6e:c7:5a:
         56:93:aa:34
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzEkvFeiQCahqFqASJp73mzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTAzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGYwYzFkMTBlNGU1YTcxZTNjZDVjNWQ2YmVlYmY3NzhhMDZlMzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBzsggF3WSmaBUeR9a2q2IGi4toK
sz21OWsR/cPBOEQ4Li/LNLEDLzG0JXwnawz/+sLqV4FwtctJGou4m4mOY4PUJapN
QFS4xpP5FzgPLzcFTrje3As6olyewtY4siw6jXcf7Wh22p0D23swL38g8HSr19dU
2cdDIkzTQCNkXXfWKUCCibMj/1NMjGTj5WZvcPYjAW0h6xu/oI4Vmx7o6d05IHkP
1Y5eTN5dVtyxD+x86T1YYSAchnIHa7v+8GHOMeOHHapxAPr81xGUWjNuDIWN5OEr
UyKgAvFYJDT3rddTmx1nCEVhPc7JTGJWm93MdrjNPobJzDYJlQjezh79HwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFIjwwdEOTlpx481cXWvuv3eKBuMEMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk0LzQyNjY0
YS0wZjQ3LTQ5YTYtYjczNy1iMjhkZjg1NTk1MjkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTQvNDI2NjRh
LTBmNDctNDlhNi1iNzM3LWIyOGRmODU1OTUyOS8xL2lQREIwUTVPV25IanpWeGRh
LTZfZDRvRzR3US5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCTVPYMA0GCSqGSIb3DQEBCwUAA4IBAQCjetiP
qbf0JrqXdHBjU8Qp/60LnTbQz2v670GOQQRne5pYDBVEElZUAKHBakc8htpt3y24
vaE7WzIkPfD8yHFQj2et7n6n3UuAsgSw3BhGvJT5aFoXlmu3SrUjPm16hyd1Eh/k
LttEMp7/bwjlCGFlZJA1xq9Qk7/+jqRDJgHBZhEipVm5QgaOQrPfCJmoy2BRgpBJ
HU9a1tJjj/n7FL/SeIVM9sQgDnOczD81sZfvHT/Pmg/YzQ6lATqcDp5NNVPl0xQw
OaX6zmi/wizhoJJvmz2ErmBgr3iiUOaNWc4hin72oeszEb9V4PFDg+stAp9P5tRa
253OdoJux1pWk6o0
-----END CERTIFICATE-----