Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/k8iuIQ6km06tpIsdoiICPHNNMhE.cer
File:                     k8iuIQ6km06tpIsdoiICPHNNMhE.cer (raw, json)
Hash identifier:          A1zBwl+ow2sLctM0sCGbKyZ1qHZEfC1MbTsMfyfcU/8=
Subject key identifier:   93:C8:AE:21:0E:A4:9B:4E:AD:A4:8B:1D:A2:22:02:3C:73:4D:32:11
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DB18A7D2A14B6AD66817D1E5FA1941
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d9/1a58d7-4b04-4a22-83b9-d04cc45864e2/1/k8iuIQ6km06tpIsdoiICPHNNMhE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d9/1a58d7-4b04-4a22-83b9-d04cc45864e2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:47 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 45.87.180.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:18:a7:d2:a1:4b:6a:d6:68:17:d1:e5:fa:19:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93c8ae210ea49b4eada48b1da222023c734d3211
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a0:38:da:0d:81:01:fd:b4:4c:b8:62:04:ce:
                    88:12:6f:fb:6b:83:ca:49:8a:d1:3e:7c:79:d0:b7:
                    3d:f2:b7:30:fe:6b:c3:dd:4e:81:1b:cf:40:3f:95:
                    08:5c:74:f5:fd:83:95:13:3a:43:aa:e1:85:41:69:
                    8f:3e:d4:cb:68:9b:17:d8:7e:06:89:b2:cc:11:de:
                    b2:51:1d:56:8f:04:d7:06:a9:75:d1:b6:69:a0:f5:
                    31:24:fb:f2:90:d3:73:b5:2b:6e:34:26:5f:8c:f2:
                    67:6b:78:68:2a:ae:ee:cb:07:0d:c6:82:cf:a1:aa:
                    72:11:6d:d1:dc:75:78:41:1c:b8:4b:b5:48:fe:e0:
                    da:0d:5a:91:c5:d8:4d:8d:17:74:22:b2:6a:2e:47:
                    6b:12:42:53:2d:03:cc:a6:55:07:6d:b6:26:d4:03:
                    be:12:32:81:61:5b:0c:fb:cc:69:39:b8:98:ce:43:
                    03:ef:c8:0d:15:6c:63:ab:31:75:e0:2f:ac:39:72:
                    b6:0a:fe:62:73:44:44:14:1f:4e:df:cf:48:a7:c3:
                    20:68:33:bb:05:3e:1d:20:26:5b:d7:ef:54:fa:bd:
                    33:b0:67:95:d2:ab:22:8f:9e:89:3e:2e:a2:98:27:
                    1e:cb:96:98:37:ea:ef:1d:29:ef:58:79:11:e4:1a:
                    ad:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:C8:AE:21:0E:A4:9B:4E:AD:A4:8B:1D:A2:22:02:3C:73:4D:32:11
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/1a58d7-4b04-4a22-83b9-d04cc45864e2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/1a58d7-4b04-4a22-83b9-d04cc45864e2/1/k8iuIQ6km06tpIsdoiICPHNNMhE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4e:9e:96:da:06:8a:79:0d:c5:7c:6e:7e:c4:4f:58:45:87:4f:
         2c:31:25:36:c3:d6:dd:cd:a0:36:9d:aa:86:24:d4:7c:e1:b4:
         95:3a:a3:ef:16:9c:60:1c:b9:bd:9e:fa:3a:a5:56:c6:ff:ab:
         3e:42:e1:08:ee:40:4e:f9:05:44:af:17:15:4f:9c:a8:dd:ea:
         c1:28:c1:11:e1:15:a0:d6:f2:42:16:5f:05:c6:6d:47:d3:16:
         22:e5:2c:97:8e:2b:a0:39:81:52:91:fd:43:d7:55:6f:51:35:
         6e:58:46:50:1d:d2:c4:b0:36:45:d8:be:79:18:81:00:21:9e:
         bc:ff:7f:18:47:53:8f:23:5c:9f:b3:e7:75:e2:32:2f:4f:e2:
         bf:2d:33:e9:0d:10:9a:91:fd:0d:86:5f:a6:f4:17:46:e0:fe:
         0d:2f:44:63:74:25:0f:3f:09:43:34:fc:87:c9:75:23:a8:6e:
         c1:68:50:de:6c:65:9e:5c:e5:8a:9d:7d:83:7e:0c:e4:da:93:
         3c:fb:86:94:06:7f:2d:24:16:5b:74:e4:95:72:09:ba:37:8a:
         09:84:76:21:40:65:c8:83:3d:6e:16:7a:65:15:64:50:7a:82:
         49:5b:4f:6b:b2:ff:02:97:e3:a2:fc:1e:4c:63:0b:de:fe:6d:
         cb:fd:b4:2e
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzC2xin0qFLatZoF9Hl+hlBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2M4YWUyMTBlYTQ5YjRlYWRhNDhiMWRhMjIyMDIzYzczNGQzMjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaA42g2BAf20TLhiBM6IEm/7a4PK
SYrRPnx50Lc98rcw/mvD3U6BG89AP5UIXHT1/YOVEzpDquGFQWmPPtTLaJsX2H4G
ibLMEd6yUR1WjwTXBql10bZpoPUxJPvykNNztStuNCZfjPJna3hoKq7uywcNxoLP
oapyEW3R3HV4QRy4S7VI/uDaDVqRxdhNjRd0IrJqLkdrEkJTLQPMplUHbbYm1AO+
EjKBYVsM+8xpObiYzkMD78gNFWxjqzF14C+sOXK2Cv5ic0REFB9O389Ip8MgaDO7
BT4dICZb1+9U+r0zsGeV0qsij56JPi6imCcey5aYN+rvHSnvWHkR5BqtrQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFJPIriEOpJtOraSLHaIiAjxzTTIRMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q5LzFhNThk
Ny00YjA0LTRhMjItODNiOS1kMDRjYzQ1ODY0ZTIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDkvMWE1OGQ3
LTRiMDQtNGEyMi04M2I5LWQwNGNjNDU4NjRlMi8xL2s4aXVJUTZrbTA2dHBJc2Rv
aUlDUEhOTk1oRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCLVe0MA0GCSqGSIb3DQEBCwUAA4IBAQBOnpba
Bop5DcV8bn7ET1hFh08sMSU2w9bdzaA2naqGJNR84bSVOqPvFpxgHLm9nvo6pVbG
/6s+QuEI7kBO+QVErxcVT5yo3erBKMER4RWg1vJCFl8Fxm1H0xYi5SyXjiugOYFS
kf1D11VvUTVuWEZQHdLEsDZF2L55GIEAIZ68/38YR1OPI1yfs+d14jIvT+K/LTPp
DRCakf0Nhl+m9BdG4P4NL0RjdCUPPwlDNPyHyXUjqG7BaFDebGWeXOWKnX2Dfgzk
2pM8+4aUBn8tJBZbdOSVcgm6N4oJhHYhQGXIgz1uFnplFWRQeoJJW09rsv8Cl+Oi
/B5MYwve/m3L/bQu
-----END CERTIFICATE-----