Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/kRiebt9T5AZyybXx81GXKCkewu4.cer
File:                     kRiebt9T5AZyybXx81GXKCkewu4.cer (raw, json)
Hash identifier:          dKAYQ8RxFQcULue+T9agDxSyxTV7V/Slah45yLHKhHs=
Subject key identifier:   91:18:9E:6E:DF:53:E4:06:72:C9:B5:F1:F3:51:97:28:29:1E:C2:EE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8DE10E15FC420FD0392CA53F7D1D9D5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/df/c1d4a2-7c4e-4adc-8f65-b148d4f066ce/1/kRiebt9T5AZyybXx81GXKCkewu4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/df/c1d4a2-7c4e-4adc-8f65-b148d4f066ce/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 06:30:45 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.178.134.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:10:e1:5f:c4:20:fd:03:92:ca:53:f7:d1:d9:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91189e6edf53e40672c9b5f1f3519728291ec2ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:8f:1c:28:95:17:e6:f2:43:a7:5c:5e:74:61:
                    ab:04:e2:fd:bf:1a:42:22:34:79:58:1f:3a:92:e8:
                    01:57:5d:2d:44:03:43:69:01:a1:2f:60:84:c7:b3:
                    92:22:f7:66:7e:46:dc:04:0d:85:56:4d:ff:85:e8:
                    16:06:c9:fe:89:c2:d7:a0:90:14:e9:63:37:63:4b:
                    e9:07:73:d9:9c:f8:ff:f2:8a:1a:e5:e9:6a:c1:59:
                    9e:d0:75:24:d1:70:53:2d:30:b6:08:3d:d0:1a:d0:
                    7c:b6:fd:97:3f:f6:96:6c:7c:dd:b1:21:70:2c:8e:
                    e3:59:dc:91:d0:56:55:fb:ed:77:7b:1f:38:d1:bf:
                    1a:64:4f:38:d5:6a:68:06:b8:fd:9e:c3:bf:8e:59:
                    a0:bc:ae:5b:a9:61:29:a9:cc:e2:ea:f0:21:dd:07:
                    16:34:b7:c9:b0:b1:8d:be:8a:ff:a6:a1:81:a7:11:
                    76:23:59:cb:94:a1:09:65:e9:a4:f0:77:6a:13:f6:
                    87:cc:75:c9:68:2d:9c:dc:9b:66:8b:be:d2:b7:23:
                    5f:15:c1:7f:96:34:8c:b0:94:40:5a:ab:56:e1:7a:
                    49:d6:c0:60:8c:41:94:9a:5b:49:88:76:d3:a3:98:
                    fb:43:41:44:bf:e7:b6:57:f4:30:e3:00:47:9e:99:
                    a9:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:18:9E:6E:DF:53:E4:06:72:C9:B5:F1:F3:51:97:28:29:1E:C2:EE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/c1d4a2-7c4e-4adc-8f65-b148d4f066ce/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/c1d4a2-7c4e-4adc-8f65-b148d4f066ce/1/kRiebt9T5AZyybXx81GXKCkewu4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:f7:4b:e4:12:f4:1e:fd:9c:3e:99:a4:cd:9c:00:b7:f6:c5:
         7d:d2:8e:75:a0:8f:31:0c:52:0b:cd:94:89:d0:b4:32:18:71:
         2a:a8:89:bd:fe:70:cb:0d:df:04:8a:5d:48:49:22:78:aa:a0:
         be:93:04:f8:95:1c:56:c7:46:e3:96:2a:fe:f8:26:93:98:33:
         e0:a0:3e:a0:bc:80:b4:b6:ff:0d:6f:70:e4:bb:79:63:02:cb:
         1c:15:85:40:95:5d:7e:b4:1e:9d:1e:42:cb:3a:55:f9:ff:ea:
         1b:71:1c:79:50:e1:3f:ba:71:7d:da:56:ef:95:c9:33:d9:67:
         a6:40:7e:d0:39:a8:ad:07:81:4f:d2:ea:fd:fe:c3:d1:3c:84:
         0d:86:fc:dc:63:8f:70:1e:d1:8a:fb:c4:94:ce:fa:2e:60:e3:
         41:62:29:ba:f2:f9:e0:1b:c7:ce:80:da:81:ec:46:a8:63:d5:
         bc:49:b3:fa:bd:9a:0d:62:03:f4:cd:f4:c9:f3:bb:7c:c5:38:
         d5:e8:14:26:78:5a:f7:bb:50:21:d7:d6:ae:48:37:ff:09:8f:
         55:b9:0b:08:9a:c5:d7:a1:0d:a2:32:cf:d9:5d:70:d2:02:7e:
         ef:91:02:4e:6c:27:26:2f:72:63:f9:5b:7c:67:a1:f6:4e:7f:
         40:30:5d:3d
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzI3hDhX8Qg/QOSylP30dnVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDYzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTE4OWU2ZWRmNTNlNDA2NzJjOWI1ZjFmMzUxOTcyODI5MWVjMmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvI8cKJUX5vJDp1xedGGrBOL9vxpC
IjR5WB86kugBV10tRANDaQGhL2CEx7OSIvdmfkbcBA2FVk3/hegWBsn+icLXoJAU
6WM3Y0vpB3PZnPj/8ooa5elqwVme0HUk0XBTLTC2CD3QGtB8tv2XP/aWbHzdsSFw
LI7jWdyR0FZV++13ex840b8aZE841WpoBrj9nsO/jlmgvK5bqWEpqczi6vAh3QcW
NLfJsLGNvor/pqGBpxF2I1nLlKEJZemk8HdqE/aHzHXJaC2c3Jtmi77StyNfFcF/
ljSMsJRAWqtW4XpJ1sBgjEGUmltJiHbTo5j7Q0FEv+e2V/Qw4wBHnpmpQwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFJEYnm7fU+QGcsm18fNRlygpHsLuMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2RmL2MxZDRh
Mi03YzRlLTRhZGMtOGY2NS1iMTQ4ZDRmMDY2Y2UvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGYvYzFkNGEy
LTdjNGUtNGFkYy04ZjY1LWIxNDhkNGYwNjZjZS8xL2tSaWVidDlUNUFaeXliWHg4
MUdYS0NrZXd1NC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwbKGMA0GCSqGSIb3DQEBCwUAA4IBAQBw90vk
EvQe/Zw+maTNnAC39sV90o51oI8xDFILzZSJ0LQyGHEqqIm9/nDLDd8Eil1ISSJ4
qqC+kwT4lRxWx0bjlir++CaTmDPgoD6gvIC0tv8Nb3Dku3ljAsscFYVAlV1+tB6d
HkLLOlX5/+obcRx5UOE/unF92lbvlckz2WemQH7QOaitB4FP0ur9/sPRPIQNhvzc
Y49wHtGK+8SUzvouYONBYim68vngG8fOgNqB7EaoY9W8SbP6vZoNYgP0zfTJ87t8
xTjV6BQmeFr3u1Ah19auSDf/CY9VuQsImsXXoQ2iMs/ZXXDSAn7vkQJObCcmL3Jj
+Vt8Z6H2Tn9AMF09
-----END CERTIFICATE-----