Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/lsDOn4fZ0nX2yuTcnN-11EN9jOs.cer
File:                     lsDOn4fZ0nX2yuTcnN-11EN9jOs.cer (raw, json)
Hash identifier:          fISti8Iuka1TgZeipNAjNJ+4nRgR4oa1Fhc3SiB6TpY=
Subject key identifier:   96:C0:CE:9F:87:D9:D2:75:F6:CA:E4:DC:9C:DF:B5:D4:43:7D:8C:EB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC34946C266F3C486C1980393D402290E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/50/3aa386-9057-49a0-a229-5e77fa0333a3/1/lsDOn4fZ0nX2yuTcnN-11EN9jOs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/50/3aa386-9057-49a0-a229-5e77fa0333a3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:30:08 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.201.199.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:46:c2:66:f3:c4:86:c1:98:03:93:d4:02:29:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96c0ce9f87d9d275f6cae4dc9cdfb5d4437d8ceb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:89:3e:f8:85:55:7f:02:cf:2c:b8:0b:48:b1:
                    dc:03:be:60:bf:0f:10:81:88:d8:d3:24:13:79:ff:
                    53:74:37:dc:17:7c:3d:0e:6b:cb:dc:d1:cc:60:b1:
                    cc:59:07:92:06:54:10:f1:63:1e:82:54:ca:cd:35:
                    21:b4:2d:54:92:fc:cb:9b:3d:df:93:0d:91:e3:1c:
                    78:bc:b8:ac:62:fa:06:e9:33:0a:9f:13:5d:b8:32:
                    90:83:16:2a:a2:b3:8a:da:5a:6d:7b:22:58:12:f0:
                    ae:4b:4a:48:e2:7d:52:cc:96:0e:ce:fe:86:14:3c:
                    c9:fd:f2:ba:60:cc:72:6f:26:1c:de:23:8c:d0:8e:
                    38:eb:db:92:77:a9:a3:1b:52:1b:22:32:ad:bb:43:
                    e9:87:13:3e:9c:e7:8b:ac:99:39:ed:30:29:e3:2e:
                    c1:ec:80:b8:94:a7:f0:57:72:e6:98:b7:7b:c2:ea:
                    57:60:fd:36:a1:83:c2:bb:e4:d8:1f:51:0e:18:73:
                    64:47:7d:6c:b9:72:db:4d:fe:d4:1b:1d:8a:33:2a:
                    72:61:4d:6f:61:c8:1c:12:12:1f:75:1d:eb:b6:6f:
                    07:ed:2a:93:24:9f:50:e9:1c:a0:10:4b:9d:53:6e:
                    81:ad:a5:6f:75:bd:25:d6:27:f5:8f:00:dd:1e:e5:
                    2e:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:C0:CE:9F:87:D9:D2:75:F6:CA:E4:DC:9C:DF:B5:D4:43:7D:8C:EB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/3aa386-9057-49a0-a229-5e77fa0333a3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/3aa386-9057-49a0-a229-5e77fa0333a3/1/lsDOn4fZ0nX2yuTcnN-11EN9jOs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:89:6d:04:78:fd:d4:0b:a5:7a:15:74:e8:7c:c1:46:48:52:
         03:e7:bb:1c:40:3a:ab:8c:76:7d:e6:a7:92:67:05:9c:7a:f3:
         c0:b4:68:41:84:2b:3e:c5:5b:29:e3:3b:61:c8:80:fa:28:3c:
         c0:0b:69:9d:4a:c1:b6:df:be:90:4e:2e:e6:2d:d5:e3:05:ae:
         26:3a:b1:97:72:64:62:b0:60:ad:b9:fb:f1:20:1e:fc:06:f6:
         1b:f0:27:80:7b:ff:5f:2f:ad:c8:11:eb:0c:8f:50:70:b9:d3:
         97:b9:13:99:0b:6d:78:3a:7c:e8:d0:44:fd:99:1f:aa:16:b1:
         05:0b:bb:82:66:ec:86:18:fa:60:0f:73:e2:21:fa:e5:18:a5:
         85:d2:07:83:cc:e4:4b:c2:da:7d:3d:6b:33:d8:cf:11:3c:35:
         16:3d:17:d8:6e:61:fb:0c:dd:42:bc:7e:d8:b7:c2:2e:72:73:
         0e:01:d3:24:3f:d0:05:8e:ae:65:db:48:80:41:d0:21:ac:67:
         76:28:c3:c8:a5:89:82:7e:d0:fc:f3:2c:4a:e8:bd:d7:97:92:
         43:bd:14:65:c7:00:b5:66:ae:da:88:ae:bc:49:d5:f0:b2:e1:
         6b:e2:29:e9:cb:3a:6e:01:86:47:79:35:8a:e4:3c:44:db:a5:
         aa:56:6e:ec
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzDSUbCZvPEhsGYA5PUAikOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmMwY2U5Zjg3ZDlkMjc1ZjZjYWU0ZGM5Y2RmYjVkNDQzN2Q4Y2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn4k++IVVfwLPLLgLSLHcA75gvw8Q
gYjY0yQTef9TdDfcF3w9DmvL3NHMYLHMWQeSBlQQ8WMeglTKzTUhtC1UkvzLmz3f
kw2R4xx4vLisYvoG6TMKnxNduDKQgxYqorOK2lpteyJYEvCuS0pI4n1SzJYOzv6G
FDzJ/fK6YMxybyYc3iOM0I4469uSd6mjG1IbIjKtu0PphxM+nOeLrJk57TAp4y7B
7IC4lKfwV3LmmLd7wupXYP02oYPCu+TYH1EOGHNkR31suXLbTf7UGx2KMypyYU1v
YcgcEhIfdR3rtm8H7SqTJJ9Q6RygEEudU26BraVvdb0l1if1jwDdHuUunwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFJbAzp+H2dJ19srk3JzftdRDfYzrMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzUwLzNhYTM4
Ni05MDU3LTQ5YTAtYTIyOS01ZTc3ZmEwMzMzYTMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTAvM2FhMzg2
LTkwNTctNDlhMC1hMjI5LTVlNzdmYTAzMzNhMy8xL2xzRE9uNGZaMG5YMnl1VGNu
Ti0xMUVOOWpPcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW8nHMA0GCSqGSIb3DQEBCwUAA4IBAQChiW0E
eP3UC6V6FXTofMFGSFID57scQDqrjHZ95qeSZwWcevPAtGhBhCs+xVsp4zthyID6
KDzAC2mdSsG2376QTi7mLdXjBa4mOrGXcmRisGCtufvxIB78BvYb8CeAe/9fL63I
EesMj1BwudOXuROZC214Onzo0ET9mR+qFrEFC7uCZuyGGPpgD3PiIfrlGKWF0geD
zORLwtp9PWsz2M8RPDUWPRfYbmH7DN1CvH7Yt8IucnMOAdMkP9AFjq5l20iAQdAh
rGd2KMPIpYmCftD88yxK6L3Xl5JDvRRlxwC1Zq7aiK68SdXwsuFr4inpyzpuAYZH
eTWK5DxE26WqVm7s
-----END CERTIFICATE-----