Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/lw69BGmlxpwQmJccqrNv4DLs4xE.cer
File:                     lw69BGmlxpwQmJccqrNv4DLs4xE.cer (raw, json)
Hash identifier:          CWyAbHhC7ZXNiT4ey0ECvijwqXMI+aLWg44I/TYPUEQ=
Subject key identifier:   97:0E:BD:04:69:A5:C6:9C:10:98:97:1C:AA:B3:6F:E0:32:EC:E3:11
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC801A689C453D8D03857CEA5EC816F3B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/lw69BGmlxpwQmJccqrNv4DLs4xE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:30:00 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 149.157.0.0/16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:a6:89:c4:53:d8:d0:38:57:ce:a5:ec:81:6f:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=970ebd0469a5c69c1098971caab36fe032ece311
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:67:0b:c4:1e:92:74:1a:2e:ca:52:6a:69:af:
                    87:65:ca:31:85:ea:cd:ba:24:b7:03:c8:c3:b7:56:
                    b7:44:41:f4:a3:39:52:94:92:76:15:9a:48:a3:06:
                    13:68:2a:91:d5:ea:dd:60:d7:5e:8c:44:4a:90:35:
                    55:fb:06:c0:0e:49:ab:c8:ec:3d:e1:8a:93:e7:04:
                    d1:b3:8d:cc:85:a6:22:fa:fd:b1:b4:32:62:b5:ca:
                    94:87:eb:8e:ce:1c:51:25:3a:9d:0c:e5:f0:b0:06:
                    d7:b6:14:9d:d4:7b:11:23:91:52:29:44:06:7d:a7:
                    c2:87:aa:03:de:53:34:7d:68:90:ad:ed:2b:ed:18:
                    40:d4:7e:11:19:eb:4c:51:91:0b:9c:1c:8d:ed:41:
                    06:7b:ef:98:06:ec:75:f9:35:1c:54:bb:ae:6a:e8:
                    3e:d7:fa:ba:5f:f8:7e:a0:c3:35:f3:b6:b7:cd:1d:
                    28:6a:50:44:d5:16:91:a8:4a:ef:60:c9:f6:cb:7e:
                    ad:39:c4:e8:b1:f7:d6:7e:26:4f:8c:02:ec:dd:3d:
                    91:ce:0a:b2:20:ba:92:e0:bf:d6:96:b1:6d:59:ef:
                    2c:f6:98:fd:4f:9d:a0:b4:c1:b1:91:79:e3:d1:d0:
                    05:27:fe:62:28:fe:b6:10:c9:b3:81:db:f9:f4:50:
                    17:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:0E:BD:04:69:A5:C6:9C:10:98:97:1C:AA:B3:6F:E0:32:EC:E3:11
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/lw69BGmlxpwQmJccqrNv4DLs4xE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.157.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         33:a3:8f:76:46:e8:0e:ce:e8:c2:7b:a4:a4:1d:1e:a6:55:2e:
         35:67:b9:3b:25:f1:ec:d9:d6:6b:f3:8f:8f:26:f0:f1:0f:19:
         61:76:aa:a3:a8:04:d4:e6:e6:d1:19:69:98:d7:6d:db:44:1e:
         fb:03:dd:c2:9d:bc:0f:1d:5d:19:1a:cc:53:aa:9d:61:c3:69:
         11:26:10:78:e7:ac:fb:e4:59:70:39:f4:49:da:37:ae:9b:dd:
         8d:36:41:df:d2:06:f2:41:58:08:75:df:cc:5c:28:10:a7:4e:
         55:08:24:84:c6:bb:72:2b:2c:80:15:77:61:a2:d1:13:98:2f:
         5b:9a:1c:7d:92:76:84:b0:8e:94:46:c1:55:a2:6a:f7:04:85:
         b3:94:32:58:9a:db:9c:49:89:c7:a7:11:e2:74:fd:93:e3:02:
         51:8c:3d:7c:a4:b5:7a:c6:8a:aa:fc:04:cd:a1:15:35:14:5d:
         0b:0e:49:47:74:8e:ed:cc:72:8d:5e:57:be:76:e4:f2:f9:03:
         5a:ac:21:9d:8c:ac:30:7b:e9:62:6e:bf:2f:38:c8:ff:ab:fa:
         6c:8e:8d:9f:32:16:b0:6a:67:66:ec:ba:6c:e1:d0:7e:94:d3:
         ad:f1:8b:36:bc:92:b4:d9:fb:df:86:db:ee:64:9c:53:56:c4:
         b2:67:d6:94
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAYzIAaaJxFPY0DhXzqXsgW87MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzBlYmQwNDY5YTVjNjljMTA5ODk3MWNhYWIzNmZlMDMyZWNlMzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWcLxB6SdBouylJqaa+HZcoxherN
uiS3A8jDt1a3REH0ozlSlJJ2FZpIowYTaCqR1erdYNdejERKkDVV+wbADkmryOw9
4YqT5wTRs43MhaYi+v2xtDJitcqUh+uOzhxRJTqdDOXwsAbXthSd1HsRI5FSKUQG
fafCh6oD3lM0fWiQre0r7RhA1H4RGetMUZELnByN7UEGe++YBux1+TUcVLuuaug+
1/q6X/h+oMM187a3zR0oalBE1RaRqErvYMn2y36tOcTosffWfiZPjALs3T2Rzgqy
ILqS4L/WlrFtWe8s9pj9T52gtMGxkXnj0dAFJ/5iKP62EMmzgdv59FAXYwIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFJcOvQRppcacEJiXHKqzb+Ay7OMRMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdlLzYyMDAx
YS1hMzEzLTRlMzMtYmIwNC05MTRiNGIzNGY5ODEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2UvNjIwMDFh
LWEzMTMtNGUzMy1iYjA0LTkxNGI0YjM0Zjk4MS8xL2x3NjlCR21seHB3UW1KY2Nx
ck52NERMczR4RS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUF
BwEHAQH/BA8wDTALBAIAATAFAwMAlZ0wDQYJKoZIhvcNAQELBQADggEBADOjj3ZG
6A7O6MJ7pKQdHqZVLjVnuTsl8ezZ1mvzj48m8PEPGWF2qqOoBNTm5tEZaZjXbdtE
HvsD3cKdvA8dXRkazFOqnWHDaREmEHjnrPvkWXA59EnaN66b3Y02Qd/SBvJBWAh1
38xcKBCnTlUIJITGu3IrLIAVd2Gi0ROYL1uaHH2SdoSwjpRGwVWiavcEhbOUMlia
25xJicenEeJ0/ZPjAlGMPXyktXrGiqr8BM2hFTUUXQsOSUd0ju3Mco1eV7525PL5
A1qsIZ2MrDB76WJuvy84yP+r+myOjZ8yFrBqZ2bsumzh0H6U063xiza8krTZ+9+G
2+5knFNWxLJn1pQ=
-----END CERTIFICATE-----