Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/lrN3ZE5BQQHbberQ61ghBj9Yjow.cer
File:                     lrN3ZE5BQQHbberQ61ghBj9Yjow.cer (raw, json)
Hash identifier:          9YsKvc+GJx5m6rALTC/aZEZyRFLfy7QlKhBvX6x3qjE=
Subject key identifier:   96:B3:77:64:4E:41:41:01:DB:6D:EA:D0:EB:58:21:06:3F:58:8E:8C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2BC9100DD0C2B0C0CCE881EE24A314
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c8/89e4e2-b8ab-4814-93c1-28e6c5ba2eae/1/lrN3ZE5BQQHbberQ61ghBj9Yjow.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c8/89e4e2-b8ab-4814-93c1-28e6c5ba2eae/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:35:16 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 94.231.213.0/24
                          IP: 2a10:3200::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:c9:10:0d:d0:c2:b0:c0:cc:e8:81:ee:24:a3:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:35:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96b377644e414101db6dead0eb5821063f588e8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:85:f0:9d:0d:9e:91:77:53:dd:f6:0d:59:03:
                    69:b3:a2:60:3a:10:aa:f6:8c:db:de:f4:2e:2c:c6:
                    9a:2c:b4:09:d5:8e:5f:1d:95:1c:1b:f7:19:c5:48:
                    9e:99:c7:f2:b3:51:dd:cb:26:8a:ac:1d:88:44:5c:
                    66:0b:71:7b:7d:d2:18:ec:fe:fb:22:2f:e6:c2:04:
                    59:2b:35:ab:5c:9f:98:a0:d2:8f:eb:c2:a3:db:2c:
                    c9:4c:27:1a:e3:7b:2b:9d:a2:52:bf:b6:e5:08:70:
                    26:ac:1f:fa:88:c7:c8:0a:f3:0f:ae:a6:0e:e9:f8:
                    c7:27:10:60:53:8a:c8:13:53:2e:05:cf:e7:e3:63:
                    5a:24:64:bd:c4:4e:d1:fa:a8:d6:fa:aa:a7:16:96:
                    91:67:52:f2:3b:40:f1:1b:12:ac:64:0a:b6:42:54:
                    32:87:41:68:2a:ce:15:32:f2:65:0f:bd:5c:2c:06:
                    bd:c1:f4:35:70:e0:86:92:08:61:cd:80:4b:0d:54:
                    f5:1e:b3:e8:bd:d6:61:2d:46:85:63:93:49:54:e7:
                    ac:f3:a2:c2:1c:ab:0c:35:ba:5d:56:88:4f:fc:28:
                    1a:2a:90:58:45:35:45:dd:1c:5f:9e:0a:bf:69:98:
                    37:dc:9f:c5:92:37:0c:55:28:a3:da:e0:06:88:78:
                    c9:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:B3:77:64:4E:41:41:01:DB:6D:EA:D0:EB:58:21:06:3F:58:8E:8C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/89e4e2-b8ab-4814-93c1-28e6c5ba2eae/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/89e4e2-b8ab-4814-93c1-28e6c5ba2eae/1/lrN3ZE5BQQHbberQ61ghBj9Yjow.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.231.213.0/24
                IPv6:
                  2a10:3200::/29

    Signature Algorithm: sha256WithRSAEncryption
         58:7a:a7:b1:b8:fa:25:b8:c5:3d:0b:f3:9a:5d:0a:dd:20:48:
         ee:66:84:60:06:46:18:36:b4:74:1c:a2:13:04:fb:7a:18:e0:
         cb:6d:dd:45:b9:48:d8:04:55:c5:65:21:01:f8:d0:1a:b5:fc:
         c0:bc:88:55:c1:51:bc:41:3c:5e:d4:15:93:91:87:28:34:4b:
         04:e3:df:71:8f:ff:0e:d6:20:ec:ac:e0:6b:a1:b6:3a:a1:36:
         5c:ac:64:5d:13:0e:ee:39:ee:a0:64:af:91:a5:86:ad:2f:93:
         17:bb:ad:64:2c:dc:95:36:bb:46:8c:3a:05:06:4b:cb:00:a2:
         6d:5d:89:d3:aa:67:8f:de:1e:d6:71:b6:c4:36:83:df:95:7e:
         30:6b:14:6f:1f:2b:38:c3:d1:b1:2f:ff:61:07:ad:89:4a:c3:
         50:9e:53:ec:08:97:b6:c6:12:0f:30:fd:ea:5e:87:36:6d:8b:
         1d:f2:63:33:b2:1e:13:4d:d4:5e:cc:09:3e:97:c1:a6:59:5e:
         8d:b2:10:bc:e9:7c:9c:f3:cb:f2:14:86:a0:2d:16:62:d8:9d:
         f2:31:2e:de:1c:09:6c:11:0b:e2:49:8b:e9:75:93:b1:13:4f:
         af:4b:e3:e5:88:3a:73:35:dd:06:8d:f7:e0:02:a8:a4:23:59:
         1e:24:bb:f9
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzKK8kQDdDCsMDM6IHuJKMUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmIzNzc2NDRlNDE0MTAxZGI2ZGVhZDBlYjU4MjEwNjNmNTg4ZThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzIXwnQ2ekXdT3fYNWQNps6JgOhCq
9ozb3vQuLMaaLLQJ1Y5fHZUcG/cZxUiemcfys1HdyyaKrB2IRFxmC3F7fdIY7P77
Ii/mwgRZKzWrXJ+YoNKP68Kj2yzJTCca43srnaJSv7blCHAmrB/6iMfICvMPrqYO
6fjHJxBgU4rIE1MuBc/n42NaJGS9xE7R+qjW+qqnFpaRZ1LyO0DxGxKsZAq2QlQy
h0FoKs4VMvJlD71cLAa9wfQ1cOCGkghhzYBLDVT1HrPovdZhLUaFY5NJVOes86LC
HKsMNbpdVohP/CgaKpBYRTVF3Rxfngq/aZg33J/FkjcMVSij2uAGiHjJoQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFJazd2ROQUEB223q0OtYIQY/WI6MMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M4Lzg5ZTRl
Mi1iOGFiLTQ4MTQtOTNjMS0yOGU2YzViYTJlYWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzgvODllNGUy
LWI4YWItNDgxNC05M2MxLTI4ZTZjNWJhMmVhZS8xL2xyTjNaRTVCUVFIYmJlclE2
MWdoQmo5WWpvdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAXufVMA0EAgACMAcDBQMqEDIAMA0GCSqGSIb3
DQEBCwUAA4IBAQBYeqexuPoluMU9C/OaXQrdIEjuZoRgBkYYNrR0HKITBPt6GODL
bd1FuUjYBFXFZSEB+NAatfzAvIhVwVG8QTxe1BWTkYcoNEsE499xj/8O1iDsrOBr
obY6oTZcrGRdEw7uOe6gZK+RpYatL5MXu61kLNyVNrtGjDoFBkvLAKJtXYnTqmeP
3h7WcbbENoPflX4waxRvHys4w9GxL/9hB62JSsNQnlPsCJe2xhIPMP3qXoc2bYsd
8mMzsh4TTdRezAk+l8GmWV6NshC86Xyc88vyFIagLRZi2J3yMS7eHAlsEQviSYvp
dZOxE0+vS+PliDpzNd0GjffgAqikI1keJLv5
-----END CERTIFICATE-----