Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/jaxnm0gKeOrXl_Lgt3eeWPInHyQ.cer
File:                     jaxnm0gKeOrXl_Lgt3eeWPInHyQ.cer (raw, json)
Hash identifier:          FjldoD3iTBrZAzUmVsYKNOZUnTHGpIbXMIXWL6Og5P8=
Subject key identifier:   8D:AC:67:9B:48:0A:78:EA:D7:97:F2:E0:B7:77:9E:58:F2:27:1F:24
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2A869C0EF80CF6DD7F6557328B7A85
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/cb/778ce0-2cc2-490b-a6e2-6020e8a56556/1/jaxnm0gKeOrXl_Lgt3eeWPInHyQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/cb/778ce0-2cc2-490b-a6e2-6020e8a56556/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:33:53 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 87.236.39.0/24
                          IP: 185.110.244.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:86:9c:0e:f8:0c:f6:dd:7f:65:57:32:8b:7a:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:33:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8dac679b480a78ead797f2e0b7779e58f2271f24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:6a:7a:67:f9:39:3a:a0:e1:07:fe:11:64:8e:
                    86:65:ee:76:08:b9:aa:ac:8d:60:19:81:eb:53:3b:
                    b2:85:ac:c4:8a:c1:02:00:ba:95:51:1d:b5:af:21:
                    8c:be:2d:d2:51:61:5d:c7:27:7e:50:56:1c:95:cf:
                    70:9d:06:83:c8:9f:61:ce:54:08:f4:00:6c:08:57:
                    9f:93:0f:42:86:97:fe:de:88:26:fe:07:2b:d0:86:
                    4d:5f:1c:fe:26:40:f7:b7:85:e2:a4:49:ad:93:b0:
                    78:85:e4:d9:1d:21:0a:2e:b4:db:f5:ed:d4:f7:2e:
                    36:04:b9:8f:16:12:fa:b7:3e:29:1c:ab:34:79:2b:
                    3b:68:f4:6b:e6:6a:23:a4:58:91:19:62:df:37:19:
                    e4:c4:65:0c:90:70:69:3d:0f:c0:92:68:c4:7f:e6:
                    12:2e:6c:00:20:64:f9:6d:e1:9d:20:75:7c:02:c3:
                    a5:f1:d1:ac:83:1b:af:46:af:5d:72:68:15:03:cb:
                    10:26:49:d6:97:24:df:97:93:eb:6b:aa:b1:5e:33:
                    97:c7:25:da:b1:7f:52:39:a4:fd:6f:3e:d8:0b:02:
                    87:a4:77:58:c4:a8:94:36:31:95:89:b1:9b:e1:1e:
                    c1:4d:75:00:29:18:e8:6c:ac:37:46:bb:fb:b6:9a:
                    40:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:AC:67:9B:48:0A:78:EA:D7:97:F2:E0:B7:77:9E:58:F2:27:1F:24
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/778ce0-2cc2-490b-a6e2-6020e8a56556/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/778ce0-2cc2-490b-a6e2-6020e8a56556/1/jaxnm0gKeOrXl_Lgt3eeWPInHyQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.236.39.0/24
                  185.110.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:ec:20:f2:d7:e8:86:b6:98:14:5f:64:be:a1:c7:df:46:7c:
         64:e9:a9:21:db:47:ef:5e:aa:0f:51:d5:39:3f:37:d9:d0:44:
         d7:06:d0:73:bb:4d:1a:66:a4:ad:af:f6:9b:0f:4e:43:af:0e:
         97:c6:47:c8:2c:4b:03:bd:8c:8a:05:2d:53:12:2c:c9:d4:4b:
         cd:44:c4:bb:13:f6:ba:ad:36:b3:fa:48:d3:98:85:2e:1b:5e:
         d7:ca:6b:95:56:91:77:94:bf:60:38:37:6d:43:74:17:00:7a:
         c4:9b:60:c6:e7:2b:d8:97:70:91:29:7e:be:2f:90:62:7d:1e:
         92:79:fb:83:a2:e7:46:2c:81:23:64:54:c5:27:d9:fe:df:0d:
         2f:5b:fd:45:a1:88:8f:be:23:e9:3a:1b:68:60:63:b4:81:19:
         10:89:60:66:88:d4:4e:a8:87:5e:1f:e7:f4:d6:04:8e:3e:16:
         fb:5a:06:38:07:7b:d8:14:c7:99:6e:1f:5a:65:81:73:15:e2:
         ec:49:4e:07:54:f1:ed:d3:98:da:10:f3:f8:46:aa:41:18:93:
         3b:88:67:86:3b:d8:57:70:13:9a:51:04:5e:65:b9:00:dd:7d:
         0c:a6:9c:ce:c6:45:26:e1:d3:88:00:ce:48:e1:82:40:f8:44:
         8f:4a:cb:f4
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAYzKKoacDvgM9t1/ZVcyi3qFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzMzUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGFjNjc5YjQ4MGE3OGVhZDc5N2YyZTBiNzc3OWU1OGYyMjcxZjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyWp6Z/k5OqDhB/4RZI6GZe52CLmq
rI1gGYHrUzuyhazEisECALqVUR21ryGMvi3SUWFdxyd+UFYclc9wnQaDyJ9hzlQI
9ABsCFefkw9Chpf+3ogm/gcr0IZNXxz+JkD3t4XipEmtk7B4heTZHSEKLrTb9e3U
9y42BLmPFhL6tz4pHKs0eSs7aPRr5mojpFiRGWLfNxnkxGUMkHBpPQ/AkmjEf+YS
LmwAIGT5beGdIHV8AsOl8dGsgxuvRq9dcmgVA8sQJknWlyTfl5Pra6qxXjOXxyXa
sX9SOaT9bz7YCwKHpHdYxKiUNjGVibGb4R7BTXUAKRjobKw3Rrv7tppAdwIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFI2sZ5tICnjq15fy4Ld3nljyJx8kMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NiLzc3OGNl
MC0yY2MyLTQ5MGItYTZlMi02MDIwZThhNTY1NTYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2IvNzc4Y2Uw
LTJjYzItNDkwYi1hNmUyLTYwMjBlOGE1NjU1Ni8xL2pheG5tMGdLZU9yWGxfTGd0
M2VlV1BJbkh5US5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQAV+wnAwQCuW70MA0GCSqGSIb3DQEBCwUAA4IB
AQAZ7CDy1+iGtpgUX2S+ocffRnxk6akh20fvXqoPUdU5PzfZ0ETXBtBzu00aZqSt
r/abD05Drw6XxkfILEsDvYyKBS1TEizJ1EvNRMS7E/a6rTaz+kjTmIUuG17XymuV
VpF3lL9gODdtQ3QXAHrEm2DG5yvYl3CRKX6+L5BifR6SefuDoudGLIEjZFTFJ9n+
3w0vW/1FoYiPviPpOhtoYGO0gRkQiWBmiNROqIdeH+f01gSOPhb7WgY4B3vYFMeZ
bh9aZYFzFeLsSU4HVPHt05jaEPP4RqpBGJM7iGeGO9hXcBOaUQReZbkA3X0MppzO
xkUm4dOIAM5I4YJA+ESPSsv0
-----END CERTIFICATE-----