Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/kIFN053Tklz_iL801DB_1sYhZes.cer
File:                     kIFN053Tklz_iL801DB_1sYhZes.cer (raw, json)
Hash identifier:          5uK6/72s7bIIIBgNOxhekuwxzkQE6V7jWirPJgM/lho=
Subject key identifier:   90:81:4D:D3:9D:D3:92:5C:FF:88:BF:34:D4:30:7F:D6:C6:21:65:EB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC424AB479413BAD2B9A12263A2C35EE1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/kIFN053Tklz_iL801DB_1sYhZes.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 08:29:46 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 194.242.127.0/24
                          IP: 195.178.16.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:ab:47:94:13:ba:d2:b9:a1:22:63:a2:c3:5e:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 08:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90814dd39dd3925cff88bf34d4307fd6c62165eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:8e:9d:56:08:cc:b9:38:b5:2a:40:bf:4e:d9:
                    71:38:dc:4e:70:5f:87:47:98:be:7d:d1:32:77:48:
                    6b:e9:30:52:64:13:82:90:03:7e:26:a0:70:5c:75:
                    20:ae:95:ef:a0:3f:89:0b:96:5c:55:78:b4:19:8b:
                    02:11:f4:be:4b:0f:c1:c5:1f:b3:07:2c:20:d7:8f:
                    73:1b:12:04:99:d5:28:cd:94:61:d9:f1:d7:6b:28:
                    45:06:12:6a:8f:bc:42:ab:36:6c:52:b0:67:ae:d8:
                    45:5e:ad:c3:20:39:ad:25:44:9a:c3:6e:aa:55:34:
                    fd:df:ae:ca:83:ca:ee:9f:1d:da:06:d1:0c:e8:dc:
                    0a:f0:5e:7e:2a:2a:ef:aa:cd:e8:4f:a8:6e:03:db:
                    d9:f3:1c:b8:1c:e3:b7:f8:4b:b0:99:85:95:9e:8a:
                    9e:54:72:98:28:d7:b8:d5:c1:42:51:2d:b7:05:19:
                    cb:5f:4a:77:4a:e8:fe:6a:a2:49:7f:10:5e:6c:05:
                    b0:1f:f7:ef:73:c3:f6:7a:94:da:18:e9:2a:98:54:
                    fe:99:bc:c9:4d:c3:0a:53:e1:7f:44:84:43:44:cc:
                    90:41:01:28:6d:7a:09:f0:9a:b9:7a:2c:7a:53:18:
                    0d:be:2d:45:28:e5:0e:70:eb:37:ec:0a:ba:78:a4:
                    9e:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:81:4D:D3:9D:D3:92:5C:FF:88:BF:34:D4:30:7F:D6:C6:21:65:EB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/kIFN053Tklz_iL801DB_1sYhZes.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.242.127.0/24
                  195.178.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:63:24:e6:43:86:57:e6:df:26:67:52:55:d8:79:9c:65:a6:
         16:4d:e0:e6:65:24:1d:b3:ff:fb:f8:c7:a7:4d:a8:a6:a0:63:
         e3:8e:82:99:e7:30:dc:98:03:25:e0:65:01:20:bb:26:f2:50:
         29:4f:69:59:d8:97:4f:19:6f:4d:5a:15:d4:15:d4:bc:91:63:
         b1:b3:af:55:a7:ac:67:ef:6e:55:99:85:65:e1:a8:7b:1a:be:
         4e:a9:82:e1:60:ee:49:21:1b:2e:6a:5c:27:76:34:57:6b:de:
         db:ff:9b:61:fd:aa:30:8b:36:8f:79:0b:f3:a7:d6:2b:9f:75:
         03:82:24:90:44:6d:6e:58:67:3d:79:fe:fe:6b:d9:4a:08:68:
         62:b0:06:2f:81:a8:ff:24:48:ad:4e:d5:a3:28:05:42:04:39:
         1a:4d:e0:15:4a:80:81:9b:29:12:c9:15:84:f0:09:9c:08:7e:
         d9:ea:cb:e3:2f:72:8d:16:71:87:a0:76:2a:17:d1:bf:23:15:
         9d:ff:11:d9:12:cd:3c:55:b7:ec:02:96:a4:7b:a0:c2:cf:c5:
         d4:56:d3:69:93:06:fd:ab:8a:2e:78:74:1d:6d:00:ef:c7:74:
         86:6a:30:94:11:be:d0:11:c4:4e:b0:4a:42:17:a4:f0:82:a9:
         2e:1e:0d:b2
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAYzEJKtHlBO60rmhImOiw17hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDgyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDgxNGRkMzlkZDM5MjVjZmY4OGJmMzRkNDMwN2ZkNmM2MjE2NWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6I6dVgjMuTi1KkC/TtlxONxOcF+H
R5i+fdEyd0hr6TBSZBOCkAN+JqBwXHUgrpXvoD+JC5ZcVXi0GYsCEfS+Sw/BxR+z
Bywg149zGxIEmdUozZRh2fHXayhFBhJqj7xCqzZsUrBnrthFXq3DIDmtJUSaw26q
VTT9367Kg8runx3aBtEM6NwK8F5+Kirvqs3oT6huA9vZ8xy4HOO3+EuwmYWVnoqe
VHKYKNe41cFCUS23BRnLX0p3Suj+aqJJfxBebAWwH/fvc8P2epTaGOkqmFT+mbzJ
TcMKU+F/RIRDRMyQQQEobXoJ8Jq5eix6UxgNvi1FKOUOcOs37Aq6eKSefwIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFJCBTdOd05Jc/4i/NNQwf9bGIWXrMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzgyLzBjY2Fi
Ni1kODM3LTRjMTgtODJmOS05NDBhZTQ1NGNiODUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODIvMGNjYWI2
LWQ4MzctNGMxOC04MmY5LTk0MGFlNDU0Y2I4NS8xL2tJRk4wNTNUa2x6X2lMODAx
REJfMXNZaFplcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQAwvJ/AwQAw7IQMA0GCSqGSIb3DQEBCwUAA4IB
AQBOYyTmQ4ZX5t8mZ1JV2HmcZaYWTeDmZSQds//7+MenTaimoGPjjoKZ5zDcmAMl
4GUBILsm8lApT2lZ2JdPGW9NWhXUFdS8kWOxs69Vp6xn725VmYVl4ah7Gr5OqYLh
YO5JIRsualwndjRXa97b/5th/aowizaPeQvzp9Yrn3UDgiSQRG1uWGc9ef7+a9lK
CGhisAYvgaj/JEitTtWjKAVCBDkaTeAVSoCBmykSyRWE8AmcCH7Z6svjL3KNFnGH
oHYqF9G/IxWd/xHZEs08VbfsApake6DCz8XUVtNpkwb9q4oueHQdbQDvx3SGajCU
Eb7QEcROsEpCF6TwgqkuHg2y
-----END CERTIFICATE-----