Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/kwSWway6d4n9wOBs8hPuwB7QYJg.cer
File:                     kwSWway6d4n9wOBs8hPuwB7QYJg.cer (raw, json)
Hash identifier:          /8vWDdR/dIkk9Nr4E1MP5CiVMnnXD3lgi0vBBw2rzJU=
Subject key identifier:   93:04:96:C1:AC:BA:77:89:FD:C0:E0:6C:F2:13:EE:C0:1E:D0:60:98
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC801AB92316DFADC6B4CF069080984D5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fa/1d34ab-508a-4233-8a6e-f5f8b1a3b428/1/kwSWway6d4n9wOBs8hPuwB7QYJg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fa/1d34ab-508a-4233-8a6e-f5f8b1a3b428/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:30:01 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.17.65.0/24
                          IP: 2a12:3940::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:ab:92:31:6d:fa:dc:6b:4c:f0:69:08:09:84:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=930496c1acba7789fdc0e06cf213eec01ed06098
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:2f:52:91:40:77:12:46:91:53:c1:93:70:32:
                    8f:6e:56:a4:78:5e:f5:52:58:32:a7:4d:13:f4:32:
                    0d:f4:4a:55:98:f6:fc:b2:c5:e9:42:13:75:bc:ac:
                    6b:f8:b1:2e:93:f6:03:22:f8:22:6f:80:f7:92:cd:
                    50:2a:8f:43:36:f2:bf:30:de:fb:f1:49:c6:d0:cd:
                    da:e0:31:fc:43:76:bf:1d:99:14:b5:6b:9d:cc:81:
                    6d:21:4f:be:45:02:16:e3:d2:6e:59:14:a8:d6:f7:
                    d3:bb:1c:1e:36:55:3e:50:92:bf:d0:6d:64:78:b1:
                    00:e6:ef:86:09:33:da:c3:ad:ac:20:df:72:00:5b:
                    b6:ea:12:8f:d4:8f:14:2d:70:6c:34:67:c3:3f:3d:
                    cd:22:99:ac:07:25:9b:09:ea:79:32:44:b7:ba:91:
                    7a:6e:d4:48:e1:18:3b:e0:04:74:4d:a5:0d:e1:3b:
                    14:49:a9:fd:fd:e6:29:4d:6b:8d:9a:2a:c1:cf:67:
                    f0:5a:9c:a3:23:ee:10:ae:3e:96:e5:bc:56:00:fa:
                    eb:10:44:ab:2a:04:42:70:2e:23:62:6e:3a:43:da:
                    56:49:70:6b:a6:aa:c0:ee:38:27:5c:c8:03:47:36:
                    3c:34:47:5e:08:1c:70:f6:25:f7:86:d7:72:e1:6c:
                    6f:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:04:96:C1:AC:BA:77:89:FD:C0:E0:6C:F2:13:EE:C0:1E:D0:60:98
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/1d34ab-508a-4233-8a6e-f5f8b1a3b428/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/1d34ab-508a-4233-8a6e-f5f8b1a3b428/1/kwSWway6d4n9wOBs8hPuwB7QYJg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.65.0/24
                IPv6:
                  2a12:3940::/29

    Signature Algorithm: sha256WithRSAEncryption
         06:34:7f:8d:0f:8f:89:49:15:17:87:4c:3a:e3:f1:e8:9f:97:
         d1:d3:18:b4:42:44:bf:74:7d:22:05:5a:e6:94:52:7c:73:86:
         ad:a2:73:ac:5e:c6:be:7a:50:51:8e:94:18:10:00:67:c6:d3:
         4a:eb:ae:dc:61:3d:09:5a:84:26:29:25:eb:90:d2:5e:7c:d7:
         8b:f2:35:11:3b:87:bb:ee:3b:74:99:43:76:86:cc:78:98:99:
         a0:a6:94:64:5f:37:bd:fb:cc:0b:2e:d0:c8:ec:31:41:f5:8c:
         8f:0b:7f:fa:d9:15:a3:76:d4:8e:89:e5:ac:47:7a:9e:cb:cd:
         b2:47:77:7a:7b:a5:37:c2:c0:ac:4d:e0:0c:25:fc:3e:68:a4:
         ef:12:d5:3b:03:5c:1f:7a:b0:6f:43:94:4d:da:e8:d6:28:6c:
         b0:1d:81:1e:51:bc:ae:0c:63:e5:2e:02:c6:b9:a5:bb:d2:9b:
         18:70:57:d8:5f:b4:86:86:de:a5:03:29:5e:f1:2d:41:fd:4b:
         5d:e6:01:33:9a:97:0a:31:92:d9:bd:3d:9d:41:e1:11:86:e1:
         de:06:79:98:90:7c:96:1f:b2:7e:df:56:ee:a8:af:23:f4:31:
         30:7b:68:87:b9:16:78:57:60:14:a1:6e:16:ad:54:10:b1:59:
         fb:e6:c1:8b
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzIAauSMW363GtM8GkICYTVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzA0OTZjMWFjYmE3Nzg5ZmRjMGUwNmNmMjEzZWVjMDFlZDA2MDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzy9SkUB3EkaRU8GTcDKPblakeF71
Ulgyp00T9DIN9EpVmPb8ssXpQhN1vKxr+LEuk/YDIvgib4D3ks1QKo9DNvK/MN77
8UnG0M3a4DH8Q3a/HZkUtWudzIFtIU++RQIW49JuWRSo1vfTuxweNlU+UJK/0G1k
eLEA5u+GCTPaw62sIN9yAFu26hKP1I8ULXBsNGfDPz3NIpmsByWbCep5MkS3upF6
btRI4Rg74AR0TaUN4TsUSan9/eYpTWuNmirBz2fwWpyjI+4Qrj6W5bxWAPrrEESr
KgRCcC4jYm46Q9pWSXBrpqrA7jgnXMgDRzY8NEdeCBxw9iX3htdy4Wxv+QIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFJMElsGsuneJ/cDgbPIT7sAe0GCYMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZhLzFkMzRh
Yi01MDhhLTQyMzMtOGE2ZS1mNWY4YjFhM2I0MjgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmEvMWQzNGFi
LTUwOGEtNDIzMy04YTZlLWY1ZjhiMWEzYjQyOC8xL2t3U1d3YXk2ZDRuOXdPQnM4
aFB1d0I3UVlKZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAwRFBMA0EAgACMAcDBQMqEjlAMA0GCSqGSIb3
DQEBCwUAA4IBAQAGNH+ND4+JSRUXh0w64/Hon5fR0xi0QkS/dH0iBVrmlFJ8c4at
onOsXsa+elBRjpQYEABnxtNK667cYT0JWoQmKSXrkNJefNeL8jURO4e77jt0mUN2
hsx4mJmgppRkXze9+8wLLtDI7DFB9YyPC3/62RWjdtSOieWsR3qey82yR3d6e6U3
wsCsTeAMJfw+aKTvEtU7A1wferBvQ5RN2ujWKGywHYEeUbyuDGPlLgLGuaW70psY
cFfYX7SGht6lAyle8S1B/Utd5gEzmpcKMZLZvT2dQeERhuHeBnmYkHyWH7J+31bu
qK8j9DEwe2iHuRZ4V2AUoW4WrVQQsVn75sGL
-----END CERTIFICATE-----