Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/lUYfvuHAbj6vrA8vlSU8qGA6zPI.cer
File:                     lUYfvuHAbj6vrA8vlSU8qGA6zPI.cer (raw, json)
Hash identifier:          eifnfKTMtJKt/09DfPLksPXTGLa7Lz0Tz251S+WDKvY=
Subject key identifier:   95:46:1F:BE:E1:C0:6E:3E:AF:AC:0F:2F:95:25:3C:A8:60:3A:CC:F2
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8013E9C478C4E5FA890A28047FF8E0D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/53/e5ce8f-5ea0-479f-93e9-89d5c60f501f/1/lUYfvuHAbj6vrA8vlSU8qGA6zPI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/53/e5ce8f-5ea0-479f-93e9-89d5c60f501f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:29:33 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.66.196.0/22
                          IP: 2a03:21e0::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:3e:9c:47:8c:4e:5f:a8:90:a2:80:47:ff:8e:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95461fbee1c06e3eafac0f2f95253ca8603accf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e9:dc:66:c5:e1:5a:8c:f7:b3:50:0c:f5:7d:
                    58:d3:92:a5:d9:d2:03:c3:8f:e7:ac:ae:1f:02:29:
                    cf:32:fa:de:c7:74:4f:42:b2:af:60:38:52:a5:74:
                    87:73:15:8e:43:20:3c:96:5c:e9:de:cb:34:b2:f8:
                    f2:6d:ec:8f:10:a3:29:39:21:7e:e0:35:15:6b:59:
                    34:b9:70:bc:fc:47:e8:7a:97:dd:29:e9:5e:28:80:
                    1a:f0:79:1a:53:b0:c5:d2:04:da:03:99:23:92:8d:
                    a1:71:f8:80:f0:8f:f6:42:3b:9d:39:39:96:7e:ca:
                    e6:f9:f1:b2:e2:cf:9b:f0:e4:83:25:ac:cb:07:3b:
                    3e:e9:5e:48:e0:b8:e0:27:b0:cb:1e:33:ab:df:f6:
                    41:c1:82:17:e9:97:2a:40:70:5f:a9:6b:6f:d9:bc:
                    7b:d7:35:44:6f:ea:5e:d8:21:8c:e6:4d:23:d9:6b:
                    32:17:ca:70:da:c6:6c:23:3a:19:f3:64:c5:16:54:
                    f3:95:ee:be:78:c0:3e:9a:f2:2e:09:33:27:1c:fd:
                    8d:dd:79:16:9e:2a:e8:12:03:9c:74:06:c0:90:88:
                    14:b6:39:37:e6:d3:9c:77:36:91:8d:a2:89:50:f5:
                    1f:a4:72:c7:13:c9:87:a7:e4:23:f4:7b:74:4e:7f:
                    af:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:46:1F:BE:E1:C0:6E:3E:AF:AC:0F:2F:95:25:3C:A8:60:3A:CC:F2
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/e5ce8f-5ea0-479f-93e9-89d5c60f501f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/e5ce8f-5ea0-479f-93e9-89d5c60f501f/1/lUYfvuHAbj6vrA8vlSU8qGA6zPI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.66.196.0/22
                IPv6:
                  2a03:21e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:85:55:4b:38:17:d5:35:bf:eb:c5:17:f9:1a:7b:8d:2b:e4:
         7f:d3:e1:19:2e:81:d3:33:39:f6:e4:3d:a4:2c:4f:59:80:e7:
         60:74:ea:60:16:40:c6:dc:39:48:de:1a:9f:6e:c6:e7:42:77:
         46:a4:ab:3e:ef:80:ed:3f:91:a7:f0:c2:9b:16:31:b0:d7:fb:
         0b:5d:80:e9:92:9d:7e:6b:9e:e3:3e:01:01:72:7a:dd:d8:b9:
         a6:2d:a0:55:71:e1:73:15:36:ab:52:e7:aa:26:2e:2e:54:68:
         ae:db:14:2d:d5:59:25:35:c8:5f:25:91:dd:f0:b4:ff:ec:4d:
         31:37:e8:96:ad:e0:40:cc:4b:a4:bf:dc:b7:74:58:e8:e3:01:
         51:ce:89:55:f4:59:81:86:ea:93:0b:3b:4e:8b:92:57:bb:57:
         f7:98:26:34:9b:c1:84:9f:7f:d1:72:da:bd:ba:8c:be:f6:3e:
         74:9f:66:ef:ae:11:25:08:88:40:f9:d9:25:d1:aa:db:a7:a6:
         fd:11:24:61:82:67:5b:d8:92:bf:e3:7e:f5:76:12:76:f7:b7:
         1d:cb:bb:8c:72:fe:a2:21:af:97:18:c1:57:b1:74:98:e9:86:
         35:11:82:a9:bc:43:8b:c5:74:38:d7:8f:6e:39:a3:3f:b6:14:
         02:59:9a:e3
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzIAT6cR4xOX6iQooBH/44NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTQ2MWZiZWUxYzA2ZTNlYWZhYzBmMmY5NTI1M2NhODYwM2FjY2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+ncZsXhWoz3s1AM9X1Y05Kl2dID
w4/nrK4fAinPMvrex3RPQrKvYDhSpXSHcxWOQyA8llzp3ss0svjybeyPEKMpOSF+
4DUVa1k0uXC8/EfoepfdKeleKIAa8HkaU7DF0gTaA5kjko2hcfiA8I/2QjudOTmW
fsrm+fGy4s+b8OSDJazLBzs+6V5I4LjgJ7DLHjOr3/ZBwYIX6ZcqQHBfqWtv2bx7
1zVEb+pe2CGM5k0j2WsyF8pw2sZsIzoZ82TFFlTzle6+eMA+mvIuCTMnHP2N3XkW
niroEgOcdAbAkIgUtjk35tOcdzaRjaKJUPUfpHLHE8mHp+Qj9Ht0Tn+viQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFJVGH77hwG4+r6wPL5UlPKhgOszyMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzUzL2U1Y2U4
Zi01ZWEwLTQ3OWYtOTNlOS04OWQ1YzYwZjUwMWYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTMvZTVjZThm
LTVlYTAtNDc5Zi05M2U5LTg5ZDVjNjBmNTAxZi8xL2xVWWZ2dUhBYmo2dnJBOHZs
U1U4cUdBNnpQSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuULEMA0EAgACMAcDBQAqAyHgMA0GCSqGSIb3
DQEBCwUAA4IBAQBchVVLOBfVNb/rxRf5GnuNK+R/0+EZLoHTMzn25D2kLE9ZgOdg
dOpgFkDG3DlI3hqfbsbnQndGpKs+74DtP5Gn8MKbFjGw1/sLXYDpkp1+a57jPgEB
cnrd2LmmLaBVceFzFTarUueqJi4uVGiu2xQt1VklNchfJZHd8LT/7E0xN+iWreBA
zEukv9y3dFjo4wFRzolV9FmBhuqTCztOi5JXu1f3mCY0m8GEn3/Rctq9uoy+9j50
n2bvrhElCIhA+dkl0arbp6b9ESRhgmdb2JK/4371dhJ297cdy7uMcv6iIa+XGMFX
sXSY6YY1EYKpvEOLxXQ4149uOaM/thQCWZrj
-----END CERTIFICATE-----