Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ikHi8tFFLnxMwH2_p4OdWN9X8hg.cer
File:                     ikHi8tFFLnxMwH2_p4OdWN9X8hg.cer (raw, json)
Hash identifier:          QiCX3PJthEMUISOxoz8GReI8tDEhoauwUkxCByz6o8g=
Subject key identifier:   8A:41:E2:F2:D1:45:2E:7C:4C:C0:7D:BF:A7:83:9D:58:DF:57:F2:18
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC4247BA39A41A830F6FED36E6B0F9F7E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a0/bf69c4-d64a-4340-9bf1-364854cbc0e8/1/ikHi8tFFLnxMwH2_p4OdWN9X8hg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a0/bf69c4-d64a-4340-9bf1-364854cbc0e8/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 08:29:34 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 50197
                          IP: 193.104.59.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:7b:a3:9a:41:a8:30:f6:fe:d3:6e:6b:0f:9f:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 08:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a41e2f2d1452e7c4cc07dbfa7839d58df57f218
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:bc:ba:e4:e5:f9:e0:f6:c6:2e:bb:3b:ac:ea:
                    f5:64:d9:06:0b:f6:5a:19:a4:5b:a1:53:51:6e:6a:
                    8d:30:e7:0f:3a:68:5e:a8:bc:ef:d2:c7:61:e0:04:
                    94:72:e0:91:fe:3c:7a:a7:69:82:8b:1f:c5:82:b8:
                    0c:44:5a:e9:5d:44:71:08:e5:dd:ec:c6:1a:f5:bd:
                    4c:97:27:64:34:e5:48:3f:61:58:47:0b:fa:73:a1:
                    f6:71:71:6b:4e:3d:53:b9:48:eb:fb:ca:9c:9d:a9:
                    ec:9f:cc:e0:1d:d2:e2:0a:73:53:42:a6:84:43:b9:
                    02:41:80:fd:f5:4b:33:91:b4:d8:35:8c:46:31:83:
                    c1:49:f4:d6:12:78:32:db:68:e1:95:e7:76:73:fd:
                    9b:26:d4:81:f7:c4:6a:cf:1b:71:57:f3:64:3e:36:
                    72:c1:2d:7e:69:4c:02:6a:66:cb:29:34:22:66:a4:
                    50:e1:d6:18:58:44:64:e6:ca:4f:47:88:f4:11:42:
                    62:01:34:bc:49:30:78:24:7c:14:12:36:94:65:2a:
                    24:81:66:6e:35:c3:11:e4:29:a7:eb:12:ff:58:0d:
                    0f:48:2f:24:ba:2c:0d:68:60:8b:1d:96:4a:51:9b:
                    57:61:ef:97:42:18:e6:ac:b4:86:cd:52:a2:b1:cf:
                    ac:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:41:E2:F2:D1:45:2E:7C:4C:C0:7D:BF:A7:83:9D:58:DF:57:F2:18
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/bf69c4-d64a-4340-9bf1-364854cbc0e8/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/bf69c4-d64a-4340-9bf1-364854cbc0e8/1/ikHi8tFFLnxMwH2_p4OdWN9X8hg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.59.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  50197

    Signature Algorithm: sha256WithRSAEncryption
         2e:78:54:4a:27:ad:16:34:8a:45:83:48:14:7c:de:ee:9e:21:
         51:c7:4d:b3:99:bc:a0:e1:9d:a3:fe:d7:c2:f2:b2:85:32:de:
         7c:a1:1e:b3:bb:cf:29:9d:5e:b9:17:57:86:42:8b:75:b1:8b:
         e4:e7:64:de:7d:d5:4f:11:8d:13:fb:8d:9c:41:fd:c4:08:78:
         47:26:bd:17:81:d6:6b:ab:77:6d:2a:70:c5:16:40:54:ae:59:
         fe:6b:01:cd:63:8a:93:92:f9:26:7a:04:49:a5:2b:4d:1a:14:
         75:b3:c8:1d:2e:c5:76:63:03:86:85:dc:62:bd:85:64:10:47:
         fb:82:cd:0c:96:30:83:8c:d8:05:7f:8d:b2:67:82:4d:14:e2:
         ec:d6:66:f0:57:76:11:76:16:0e:e2:9c:1c:79:af:5d:76:d0:
         8a:a0:8a:69:50:7d:21:b9:d8:75:91:ca:aa:6d:f4:f0:7a:3f:
         c9:5f:04:19:63:8e:64:63:20:3f:68:4b:ab:b2:dd:29:43:cf:
         83:67:04:cd:1a:32:76:b6:d9:8a:9f:5b:ac:7a:10:e8:03:bd:
         33:04:e2:de:d5:a2:89:3c:5f:29:59:97:bc:68:56:80:72:25:
         87:58:88:1d:18:f2:4d:cc:ad:2f:b4:d8:87:b2:04:12:ae:f0:
         c2:d8:71:d9
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzEJHujmkGoMPb+025rD59+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDgyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTQxZTJmMmQxNDUyZTdjNGNjMDdkYmZhNzgzOWQ1OGRmNTdmMjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7y65OX54PbGLrs7rOr1ZNkGC/Za
GaRboVNRbmqNMOcPOmheqLzv0sdh4ASUcuCR/jx6p2mCix/FgrgMRFrpXURxCOXd
7MYa9b1MlydkNOVIP2FYRwv6c6H2cXFrTj1TuUjr+8qcnansn8zgHdLiCnNTQqaE
Q7kCQYD99UszkbTYNYxGMYPBSfTWEngy22jhled2c/2bJtSB98RqzxtxV/NkPjZy
wS1+aUwCambLKTQiZqRQ4dYYWERk5spPR4j0EUJiATS8STB4JHwUEjaUZSokgWZu
NcMR5Cmn6xL/WA0PSC8kuiwNaGCLHZZKUZtXYe+XQhjmrLSGzVKisc+sOwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFIpB4vLRRS58TMB9v6eDnVjfV/IYMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2EwL2JmNjlj
NC1kNjRhLTQzNDAtOWJmMS0zNjQ4NTRjYmMwZTgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTAvYmY2OWM0
LWQ2NGEtNDM0MC05YmYxLTM2NDg1NGNiYzBlOC8xL2lrSGk4dEZGTG54TXdIMl9w
NE9kV045WDhoZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwWg7MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDEFTANBgkqhkiG9w0BAQsFAAOCAQEALnhUSietFjSKRYNIFHze7p4hUcdNs5m8
oOGdo/7XwvKyhTLefKEes7vPKZ1euRdXhkKLdbGL5Odk3n3VTxGNE/uNnEH9xAh4
Rya9F4HWa6t3bSpwxRZAVK5Z/msBzWOKk5L5JnoESaUrTRoUdbPIHS7FdmMDhoXc
Yr2FZBBH+4LNDJYwg4zYBX+NsmeCTRTi7NZm8Fd2EXYWDuKcHHmvXXbQiqCKaVB9
IbnYdZHKqm308Ho/yV8EGWOOZGMgP2hLq7LdKUPPg2cEzRoydrbZip9brHoQ6AO9
MwTi3tWiiTxfKVmXvGhWgHIlh1iIHRjyTcytL7TYh7IEEq7wwthx2Q==
-----END CERTIFICATE-----