Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/jNVvsdZ5Rzsa4cV7D8KjI8rxcJo.cer
File:                     jNVvsdZ5Rzsa4cV7D8KjI8rxcJo.cer (raw, json)
Hash identifier:          YACC8/onoI7z3+X6x2lXdSV+7tC0IsuKu1SGswnJ95A=
Subject key identifier:   8C:D5:6F:B1:D6:79:47:3B:1A:E1:C5:7B:0F:C2:A3:23:CA:F1:70:9A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01912BCE9EDE523E9500AF3CFA7DFEF608A7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a1/a2209b-a918-4074-ba97-a792a88baf10/1/jNVvsdZ5Rzsa4cV7D8KjI8rxcJo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a1/a2209b-a918-4074-ba97-a792a88baf10/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 07 Aug 2024 07:47:27 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.199.103.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:2b:ce:9e:de:52:3e:95:00:af:3c:fa:7d:fe:f6:08:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Aug  7 07:47:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8cd56fb1d679473b1ae1c57b0fc2a323caf1709a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:8c:de:c7:e0:e0:25:b8:27:63:42:06:05:b4:
                    75:08:6f:05:39:2a:85:29:76:d8:eb:1a:23:60:b5:
                    48:b3:96:7e:26:f6:65:07:e8:cd:b4:41:95:4a:14:
                    06:19:89:9c:39:67:a8:9a:7e:d5:83:2d:cd:4b:1d:
                    99:20:47:29:96:5f:d0:e0:ae:cd:a6:b0:e2:94:bd:
                    ce:12:b1:d8:9c:1b:dd:d3:ba:e7:46:f8:fd:4e:2a:
                    87:0f:69:e6:96:2d:9d:43:6c:2d:7d:32:5c:b0:1d:
                    48:66:8e:ee:8e:8b:b3:bf:f7:80:58:99:82:5e:34:
                    6d:53:7e:b2:8d:76:fc:8f:c6:b5:37:f5:1d:71:c7:
                    e7:af:43:be:8f:91:d6:55:a6:ee:89:c5:70:79:94:
                    36:00:ef:58:8b:bc:ad:51:1f:61:81:e8:bb:89:8e:
                    e0:3e:cf:56:dc:0e:21:8b:41:fc:34:4a:6d:e2:35:
                    d0:e8:b2:08:9e:19:09:a7:e4:44:7d:88:29:8b:3d:
                    41:6f:d0:e5:66:d4:9b:c4:60:6d:fc:0d:b4:21:ba:
                    07:65:fe:55:a4:78:f5:aa:a9:02:81:3c:67:8a:97:
                    d0:aa:25:9b:78:d1:63:94:67:1b:84:36:af:22:f9:
                    38:54:fb:db:7e:9f:d1:46:ed:b2:0f:bf:a9:f7:f6:
                    2b:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:D5:6F:B1:D6:79:47:3B:1A:E1:C5:7B:0F:C2:A3:23:CA:F1:70:9A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/a2209b-a918-4074-ba97-a792a88baf10/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/a2209b-a918-4074-ba97-a792a88baf10/1/jNVvsdZ5Rzsa4cV7D8KjI8rxcJo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:6d:34:b6:00:98:9b:dd:1b:3f:38:37:0e:51:95:67:fb:ce:
         b4:04:16:f3:5e:cb:ce:da:b7:56:7c:78:d7:50:f4:dd:e6:a6:
         a2:4e:92:3f:01:ea:e8:7a:dd:75:83:6f:ac:3a:76:2d:e2:b9:
         e7:89:63:bc:6f:55:57:c3:6f:00:6a:bc:3e:8b:22:6d:9d:49:
         78:5e:43:d0:41:36:3a:b6:b9:d5:aa:91:5b:00:6e:29:21:79:
         c6:17:8f:dd:8d:31:b0:75:9b:0d:75:ab:e4:d6:3a:ca:5f:d2:
         f4:3a:2a:c9:ce:5f:ef:a7:11:f0:a5:df:df:8d:f9:40:1d:cd:
         70:07:9c:ed:26:4d:ca:b7:44:d0:cd:7a:c7:4c:3c:3e:51:84:
         11:d4:47:c5:c2:61:4c:92:ce:0e:44:d1:3d:7a:87:ce:b2:19:
         f8:09:a6:ae:c8:2d:e8:7f:a1:91:e1:6e:43:83:7d:6b:73:55:
         bb:60:06:ac:d9:ad:77:94:7a:07:48:86:8d:5b:f8:bf:d3:68:
         c4:46:94:0c:9f:ed:79:e7:23:f0:59:ae:9e:cf:ca:7a:7e:94:
         5c:5d:2b:50:8a:f2:39:0c:55:e7:db:57:e4:47:33:e2:26:1e:
         8b:86:15:a6:2e:ef:25:46:79:8b:f7:07:9c:f9:ba:4f:ec:f5:
         05:29:c5:c1
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZErzp7eUj6VAK88+n3+9ginMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwODA3MDc0NzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2Q1NmZiMWQ2Nzk0NzNiMWFlMWM1N2IwZmMyYTMyM2NhZjE3MDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Izex+DgJbgnY0IGBbR1CG8FOSqF
KXbY6xojYLVIs5Z+JvZlB+jNtEGVShQGGYmcOWeomn7Vgy3NSx2ZIEcpll/Q4K7N
prDilL3OErHYnBvd07rnRvj9TiqHD2nmli2dQ2wtfTJcsB1IZo7ujouzv/eAWJmC
XjRtU36yjXb8j8a1N/Udccfnr0O+j5HWVabuicVweZQ2AO9Yi7ytUR9hgei7iY7g
Ps9W3A4hi0H8NEpt4jXQ6LIInhkJp+REfYgpiz1Bb9DlZtSbxGBt/A20IboHZf5V
pHj1qqkCgTxnipfQqiWbeNFjlGcbhDavIvk4VPvbfp/RRu2yD7+p9/Yr6QIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFIzVb7HWeUc7GuHFew/CoyPK8XCaMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ExL2EyMjA5
Yi1hOTE4LTQwNzQtYmE5Ny1hNzkyYTg4YmFmMTAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTEvYTIyMDli
LWE5MTgtNDA3NC1iYTk3LWE3OTJhODhiYWYxMC8xL2pOVnZzZFo1UnpzYTRjVjdE
OEtqSThyeGNKby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW8dnMA0GCSqGSIb3DQEBCwUAA4IBAQA6bTS2
AJib3Rs/ODcOUZVn+860BBbzXsvO2rdWfHjXUPTd5qaiTpI/Aeroet11g2+sOnYt
4rnniWO8b1VXw28Aarw+iyJtnUl4XkPQQTY6trnVqpFbAG4pIXnGF4/djTGwdZsN
davk1jrKX9L0OirJzl/vpxHwpd/fjflAHc1wB5ztJk3Kt0TQzXrHTDw+UYQR1EfF
wmFMks4ORNE9eofOshn4CaauyC3of6GR4W5Dg31rc1W7YAas2a13lHoHSIaNW/i/
02jERpQMn+155yPwWa6ez8p6fpRcXStQivI5DFXn21fkRzPiJh6LhhWmLu8lRnmL
9wec+bpP7PUFKcXB
-----END CERTIFICATE-----