Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ixnz1__qlXJhUB6RZk_2gj7ZNq0.cer
File:                     ixnz1__qlXJhUB6RZk_2gj7ZNq0.cer (raw, json)
Hash identifier:          zFeU10MN1u+HXlCh9E1FKaxaSrUWnS1rHxjUwjqpDAg=
Subject key identifier:   8B:19:F3:D7:FF:EA:95:72:61:50:1E:91:66:4F:F6:82:3E:D9:36:AD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC7273EA2A981D9CBA5FAAE10F5E7ACF2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f6/d1ade7-fbe2-4203-8551-b6542e6447a0/1/ixnz1__qlXJhUB6RZk_2gj7ZNq0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f6/d1ade7-fbe2-4203-8551-b6542e6447a0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 22:31:27 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.166.96.0/22
                          IP: 2a0a:de00::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:3e:a2:a9:81:d9:cb:a5:fa:ae:10:f5:e7:ac:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b19f3d7ffea957261501e91664ff6823ed936ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:6c:0d:43:5d:53:dd:a4:37:7e:31:04:c2:26:
                    43:e1:f4:2d:3f:a7:96:13:72:58:0c:f5:3c:70:b0:
                    39:32:21:09:f8:a1:ed:8a:3a:87:d7:ee:ee:b2:70:
                    67:55:55:c4:03:76:37:dd:62:d8:69:88:b1:e2:44:
                    28:a0:75:a2:3a:40:0e:90:c5:9d:43:b8:c1:96:5f:
                    fc:8b:14:fa:11:0a:23:d9:59:7f:e6:32:e6:11:dc:
                    6b:1f:ee:44:72:af:e0:24:9f:f8:47:19:af:e0:5d:
                    c1:84:0c:be:3c:36:73:62:09:e5:44:5e:f0:1d:4b:
                    28:59:f9:54:8d:4b:23:12:84:53:21:5e:45:7d:ed:
                    88:8e:c2:b8:a8:d3:f5:7b:4e:6d:90:f7:3b:a6:1d:
                    02:7c:4a:33:4c:f7:e1:42:4b:b7:08:51:a3:31:70:
                    b8:60:d0:0c:c5:ae:fd:fc:6c:19:ce:01:8e:5d:41:
                    96:34:e9:23:4d:bb:2e:fb:39:12:3d:28:b2:4d:cc:
                    29:c6:ba:a4:44:58:70:85:e4:7e:c1:b0:5a:70:be:
                    a4:9a:6e:bd:0f:c8:1f:78:8d:ab:9e:04:61:81:59:
                    ae:3f:bd:55:1b:68:f1:9e:0f:67:48:fd:5b:b2:fd:
                    0b:9c:c8:bb:8d:de:7e:0e:87:30:86:5f:5f:61:2d:
                    25:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:19:F3:D7:FF:EA:95:72:61:50:1E:91:66:4F:F6:82:3E:D9:36:AD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/d1ade7-fbe2-4203-8551-b6542e6447a0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/d1ade7-fbe2-4203-8551-b6542e6447a0/1/ixnz1__qlXJhUB6RZk_2gj7ZNq0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.96.0/22
                IPv6:
                  2a0a:de00::/32

    Signature Algorithm: sha256WithRSAEncryption
         a1:91:e3:ba:61:b5:82:59:4e:ab:ae:83:be:3e:fc:09:36:d2:
         5b:d1:44:71:20:5f:c4:83:ed:4a:9e:61:bc:d9:a9:4b:9b:2c:
         77:c6:c4:dd:c9:a1:a0:9f:86:a4:1d:fa:7a:05:03:f7:e9:f6:
         8c:fe:b0:90:6d:6d:c7:de:0f:98:57:84:60:d1:d8:b2:0f:79:
         d6:74:81:37:1a:76:9d:12:cf:83:56:c9:c4:a2:b7:82:1e:04:
         96:03:f2:a8:1b:63:42:8a:38:04:6f:c5:33:19:e8:69:f7:8e:
         87:09:ca:18:4b:86:7f:40:2b:c9:0b:f6:e9:eb:5f:3f:09:bc:
         9d:0a:b1:0f:54:83:3f:92:b9:ff:de:7e:22:99:b5:93:fe:44:
         e2:7f:78:b0:58:8c:a5:58:d4:7c:4e:53:50:93:0d:cb:bb:37:
         87:db:a1:13:6a:81:36:05:c5:72:e1:76:47:2b:00:9f:5a:59:
         04:15:0b:82:48:18:ae:df:59:c8:d1:e8:48:5d:3c:62:29:86:
         22:22:e4:80:2c:eb:87:21:55:6c:29:38:8d:7b:d2:91:bc:02:
         2f:36:ec:e7:24:a5:05:07:7a:88:10:30:a5:83:47:e9:74:d1:
         09:52:23:51:7c:4f:59:23:15:80:9d:24:fa:48:df:67:ee:9e:
         c9:d0:57:55
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzHJz6iqYHZy6X6rhD156zyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjIzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjE5ZjNkN2ZmZWE5NTcyNjE1MDFlOTE2NjRmZjY4MjNlZDkzNmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2wNQ11T3aQ3fjEEwiZD4fQtP6eW
E3JYDPU8cLA5MiEJ+KHtijqH1+7usnBnVVXEA3Y33WLYaYix4kQooHWiOkAOkMWd
Q7jBll/8ixT6EQoj2Vl/5jLmEdxrH+5Ecq/gJJ/4Rxmv4F3BhAy+PDZzYgnlRF7w
HUsoWflUjUsjEoRTIV5Ffe2IjsK4qNP1e05tkPc7ph0CfEozTPfhQku3CFGjMXC4
YNAMxa79/GwZzgGOXUGWNOkjTbsu+zkSPSiyTcwpxrqkRFhwheR+wbBacL6kmm69
D8gfeI2rngRhgVmuP71VG2jxng9nSP1bsv0LnMi7jd5+Docwhl9fYS0llwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFIsZ89f/6pVyYVAekWZP9oI+2TatMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y2L2QxYWRl
Ny1mYmUyLTQyMDMtODU1MS1iNjU0MmU2NDQ3YTAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjYvZDFhZGU3
LWZiZTItNDIwMy04NTUxLWI2NTQyZTY0NDdhMC8xL2l4bnoxX19xbFhKaFVCNlJa
a18yZ2o3Wk5xMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuaZgMA0EAgACMAcDBQAqCt4AMA0GCSqGSIb3
DQEBCwUAA4IBAQChkeO6YbWCWU6rroO+PvwJNtJb0URxIF/Eg+1KnmG82alLmyx3
xsTdyaGgn4akHfp6BQP36faM/rCQbW3H3g+YV4Rg0diyD3nWdIE3GnadEs+DVsnE
oreCHgSWA/KoG2NCijgEb8UzGehp946HCcoYS4Z/QCvJC/bp618/CbydCrEPVIM/
krn/3n4imbWT/kTif3iwWIylWNR8TlNQkw3LuzeH26ETaoE2BcVy4XZHKwCfWlkE
FQuCSBiu31nI0ehIXTxiKYYiIuSALOuHIVVsKTiNe9KRvAIvNuznJKUFB3qIEDCl
g0fpdNEJUiNRfE9ZIxWAnST6SN9n7p7J0FdV
-----END CERTIFICATE-----