Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/kd0jFN2bfGHXHU2-2o-jllxCRXA.cer
File:                     kd0jFN2bfGHXHU2-2o-jllxCRXA.cer (raw, json)
Hash identifier:          owvh4wJ4ULap6ojQi+ALo+Ml7B4hOlbOfy/AV6BFGB8=
Subject key identifier:   91:DD:23:14:DD:9B:7C:61:D7:1D:4D:BE:DA:8F:A3:96:5C:42:45:70
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC94E2A7B8153E92B7B7FB235DD8EF41B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6b/063fa4-17de-4595-bc86-ce4b6250bb4d/1/kd0jFN2bfGHXHU2-2o-jllxCRXA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6b/063fa4-17de-4595-bc86-ce4b6250bb4d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 08:33:12 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.212.184.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:2a:7b:81:53:e9:2b:7b:7f:b2:35:dd:8e:f4:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91dd2314dd9b7c61d71d4dbeda8fa3965c424570
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:9a:90:bf:cd:6f:67:22:40:e1:56:2a:fd:32:
                    2c:31:f8:b7:a4:73:f8:0c:9c:c7:fb:f8:18:a5:db:
                    d9:37:0c:c7:79:0b:f3:e5:2b:7c:8a:62:83:6f:23:
                    23:4d:ba:97:f4:82:12:c9:aa:b8:df:3c:be:6c:b5:
                    e9:d2:df:39:c5:4a:e9:d8:55:40:9d:b1:a0:5d:23:
                    f9:d5:01:75:21:81:89:2c:b5:5a:23:d0:e8:6b:a0:
                    96:d5:d3:90:2e:c3:d2:2d:0a:b2:20:63:15:b8:c4:
                    ea:37:93:8b:c8:36:1e:82:2e:c4:6f:24:b5:e0:a4:
                    03:c8:e6:e5:9f:15:51:b8:84:a9:d4:1a:1c:51:98:
                    7b:e1:9f:e0:64:3f:85:95:4c:d1:3f:e1:15:d1:ff:
                    99:b6:f1:fe:3b:84:ff:bc:15:e5:19:31:b7:ba:d5:
                    6b:03:20:88:42:59:6c:69:ab:37:e4:fe:a4:1d:ef:
                    fb:f3:b3:d2:49:0b:59:0a:40:24:23:11:5f:2b:ef:
                    cc:9d:32:8e:a1:85:ba:49:e3:cb:46:c2:82:50:31:
                    3b:e8:32:db:cc:04:1e:f4:47:b6:3d:30:d6:f8:be:
                    6d:69:e6:2d:23:51:2a:25:83:73:b4:de:a3:a3:dd:
                    ff:77:b7:46:c0:d9:3f:56:ab:83:cb:39:e8:b9:d9:
                    fa:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:DD:23:14:DD:9B:7C:61:D7:1D:4D:BE:DA:8F:A3:96:5C:42:45:70
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/063fa4-17de-4595-bc86-ce4b6250bb4d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/063fa4-17de-4595-bc86-ce4b6250bb4d/1/kd0jFN2bfGHXHU2-2o-jllxCRXA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:4d:c9:f3:4e:d4:5e:0e:3f:ca:43:ec:6e:36:20:69:e5:de:
         c1:41:cc:3c:c1:69:a0:b1:94:2a:94:64:69:85:90:11:81:a9:
         2b:6f:b2:e9:17:01:b6:d7:51:55:71:92:ec:15:93:f3:4c:86:
         c7:e5:a1:e7:9b:40:95:57:1b:03:2c:67:9e:0e:dc:99:ef:ef:
         3b:ce:de:c6:86:0d:c1:54:0d:83:b6:77:07:84:98:08:81:0d:
         ea:e2:ef:17:87:f3:7f:c6:0d:28:6f:5b:20:58:ff:cd:08:d3:
         18:e4:e1:37:b7:69:92:85:82:74:96:50:38:99:5a:5a:8b:ef:
         f8:a3:37:2a:66:e8:f2:38:f0:f0:bc:f6:d5:f3:83:43:55:a6:
         07:ee:41:18:71:fb:23:c0:99:ed:e4:98:a1:79:95:a4:6f:ca:
         84:da:e3:25:0c:72:ad:5b:3c:98:00:3d:a7:36:38:63:77:0e:
         b8:a7:e5:b9:07:e4:24:d6:24:b1:2f:ba:7f:5b:0d:5d:7f:3d:
         a3:03:5a:3a:31:a9:a3:3e:c4:99:dd:97:28:62:21:db:d9:49:
         43:bd:61:da:18:41:f2:35:ef:59:21:c8:d3:d8:3f:8d:f8:86:
         4b:a1:b5:18:ac:44:0c:85:89:1c:2e:24:e8:70:65:c1:03:cd:
         d3:35:1d:28
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzJTip7gVPpK3t/sjXdjvQbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDgzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWRkMjMxNGRkOWI3YzYxZDcxZDRkYmVkYThmYTM5NjVjNDI0NTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ZqQv81vZyJA4VYq/TIsMfi3pHP4
DJzH+/gYpdvZNwzHeQvz5St8imKDbyMjTbqX9IISyaq43zy+bLXp0t85xUrp2FVA
nbGgXSP51QF1IYGJLLVaI9Doa6CW1dOQLsPSLQqyIGMVuMTqN5OLyDYegi7EbyS1
4KQDyOblnxVRuISp1BocUZh74Z/gZD+FlUzRP+EV0f+ZtvH+O4T/vBXlGTG3utVr
AyCIQllsaas35P6kHe/787PSSQtZCkAkIxFfK+/MnTKOoYW6SePLRsKCUDE76DLb
zAQe9Ee2PTDW+L5taeYtI1EqJYNztN6jo93/d7dGwNk/VquDyznoudn6bwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFJHdIxTdm3xh1x1NvtqPo5ZcQkVwMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZiLzA2M2Zh
NC0xN2RlLTQ1OTUtYmM4Ni1jZTRiNjI1MGJiNGQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmIvMDYzZmE0
LTE3ZGUtNDU5NS1iYzg2LWNlNGI2MjUwYmI0ZC8xL2tkMGpGTjJiZkdIWEhVMi0y
by1qbGx4Q1JYQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAudS4MA0GCSqGSIb3DQEBCwUAA4IBAQAuTcnz
TtReDj/KQ+xuNiBp5d7BQcw8wWmgsZQqlGRphZARgakrb7LpFwG211FVcZLsFZPz
TIbH5aHnm0CVVxsDLGeeDtyZ7+87zt7Ghg3BVA2DtncHhJgIgQ3q4u8Xh/N/xg0o
b1sgWP/NCNMY5OE3t2mShYJ0llA4mVpai+/4ozcqZujyOPDwvPbV84NDVaYH7kEY
cfsjwJnt5JiheZWkb8qE2uMlDHKtWzyYAD2nNjhjdw64p+W5B+Qk1iSxL7p/Ww1d
fz2jA1o6MamjPsSZ3ZcoYiHb2UlDvWHaGEHyNe9ZIcjT2D+N+IZLobUYrEQMhYkc
LiTocGXBA83TNR0o
-----END CERTIFICATE-----