Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/mJB4Bt2stIQwvdAlSJgBnkE6K94.cer
File:                     mJB4Bt2stIQwvdAlSJgBnkE6K94.cer (raw, json)
Hash identifier:          PuiClIDSxWLCLLd4A+iFUhNeU/jlH+Tp+HYi3tZcgJo=
Subject key identifier:   98:90:78:06:DD:AC:B4:84:30:BD:D0:25:48:98:01:9E:41:3A:2B:DE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC6B924844DD6448FA5275CC2CF5BEFF5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/98/3e3b17-84c9-4472-bd33-12674e661e13/1/mJB4Bt2stIQwvdAlSJgBnkE6K94.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/98/3e3b17-84c9-4472-bd33-12674e661e13/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 20:31:11 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 35231
                          IP: 193.239.200.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:24:84:4d:d6:44:8f:a5:27:5c:c2:cf:5b:ef:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98907806ddacb48430bdd0254898019e413a2bde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:87:91:2f:87:08:3b:34:5b:f6:14:e7:e2:54:
                    95:45:50:58:f6:98:ed:7b:2d:18:cd:d1:0a:6d:d0:
                    82:e6:ca:65:ec:bd:ab:83:27:f6:1a:3a:ef:09:30:
                    fc:86:41:a3:89:ba:5f:40:95:3e:68:54:23:ce:b9:
                    c0:4b:a3:53:8d:57:ec:4e:2e:58:8f:63:d2:17:2a:
                    c0:21:29:de:20:01:58:2f:7d:9b:bc:53:ac:0a:e4:
                    19:3f:b3:fa:56:df:90:4d:b3:f8:c9:21:18:e8:4e:
                    47:c3:4e:0c:bb:34:be:ca:8c:59:5c:85:1b:56:83:
                    a2:27:bb:d9:c3:1c:8c:04:cc:0f:05:46:34:ab:53:
                    aa:e9:eb:99:65:d2:e5:0b:78:a2:2e:cb:61:e2:bb:
                    ce:12:90:12:b2:c3:55:1f:fc:1b:2b:9e:f9:8a:bc:
                    2b:a8:0d:1f:a8:b2:10:5f:81:a0:5e:5b:07:36:e2:
                    c4:a0:fa:ae:c8:23:fd:88:13:60:c7:7b:a0:df:e7:
                    69:d6:5f:e6:2f:2b:7f:c5:bb:27:bc:fd:60:dd:d0:
                    09:31:f9:e9:84:89:9b:c8:cc:57:d5:80:aa:64:b5:
                    96:5f:ba:c3:36:58:75:50:bf:5d:22:37:b5:bf:3a:
                    6e:7b:18:15:98:1a:46:b1:cf:83:38:7b:f6:9c:0d:
                    d8:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:90:78:06:DD:AC:B4:84:30:BD:D0:25:48:98:01:9E:41:3A:2B:DE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/3e3b17-84c9-4472-bd33-12674e661e13/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/3e3b17-84c9-4472-bd33-12674e661e13/1/mJB4Bt2stIQwvdAlSJgBnkE6K94.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.239.200.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  35231

    Signature Algorithm: sha256WithRSAEncryption
         b0:cb:bd:df:30:69:68:8a:1c:91:e0:ea:bc:88:fe:1e:b7:fc:
         69:40:e7:c5:2a:46:94:ab:35:23:f2:62:33:1e:b7:bc:34:3a:
         bb:f8:71:a7:96:ff:37:e6:b7:ec:4d:a9:89:72:8b:92:f0:a2:
         02:72:26:d0:eb:99:cc:ba:85:a3:51:ca:8b:5b:a3:dd:f9:a1:
         bc:07:02:ed:49:68:08:3a:fd:40:58:fc:fb:1e:50:e6:fb:49:
         22:89:b9:5f:82:27:97:e4:9e:43:ee:72:2b:f0:04:1a:ca:6f:
         98:79:5f:39:05:4b:97:a6:d0:aa:6b:de:10:49:46:3e:fc:b6:
         00:ad:ed:46:11:83:bf:f2:d1:ff:5c:9f:7b:88:f1:2e:74:42:
         09:7b:8f:88:b4:18:97:40:e7:03:2a:03:9b:70:f0:86:60:53:
         8b:af:9e:fb:b9:98:83:aa:c9:61:de:2f:74:1d:e8:15:d2:5b:
         3f:1b:5c:0f:17:f8:5f:d1:15:11:8a:a4:ce:79:0a:ca:25:8c:
         af:1f:dd:bf:79:1d:12:ec:d0:08:57:a0:1e:75:09:d9:27:f4:
         89:67:3f:f9:d4:39:22:e3:96:8e:3a:ac:64:3c:49:98:52:c8:
         e5:15:a4:90:77:f1:9c:3f:61:b8:7e:6a:1a:eb:ff:84:f1:6e:
         ea:1f:4a:11
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzGuSSETdZEj6UnXMLPW+/1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjAzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODkwNzgwNmRkYWNiNDg0MzBiZGQwMjU0ODk4MDE5ZTQxM2EyYmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoeRL4cIOzRb9hTn4lSVRVBY9pjt
ey0YzdEKbdCC5spl7L2rgyf2GjrvCTD8hkGjibpfQJU+aFQjzrnAS6NTjVfsTi5Y
j2PSFyrAISneIAFYL32bvFOsCuQZP7P6Vt+QTbP4ySEY6E5Hw04MuzS+yoxZXIUb
VoOiJ7vZwxyMBMwPBUY0q1Oq6euZZdLlC3iiLsth4rvOEpASssNVH/wbK575irwr
qA0fqLIQX4GgXlsHNuLEoPquyCP9iBNgx3ug3+dp1l/mLyt/xbsnvP1g3dAJMfnp
hImbyMxX1YCqZLWWX7rDNlh1UL9dIje1vzpuexgVmBpGsc+DOHv2nA3YkQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFJiQeAbdrLSEML3QJUiYAZ5BOiveMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk4LzNlM2Ix
Ny04NGM5LTQ0NzItYmQzMy0xMjY3NGU2NjFlMTMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTgvM2UzYjE3
LTg0YzktNDQ3Mi1iZDMzLTEyNjc0ZTY2MWUxMy8xL21KQjRCdDJzdElRd3ZkQWxT
SmdCbmtFNks5NC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBwe/IMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCJnzANBgkqhkiG9w0BAQsFAAOCAQEAsMu93zBpaIockeDqvIj+Hrf8aUDnxSpG
lKs1I/JiMx63vDQ6u/hxp5b/N+a37E2piXKLkvCiAnIm0OuZzLqFo1HKi1uj3fmh
vAcC7UloCDr9QFj8+x5Q5vtJIom5X4Inl+SeQ+5yK/AEGspvmHlfOQVLl6bQqmve
EElGPvy2AK3tRhGDv/LR/1yfe4jxLnRCCXuPiLQYl0DnAyoDm3DwhmBTi6+e+7mY
g6rJYd4vdB3oFdJbPxtcDxf4X9EVEYqkznkKyiWMrx/dv3kdEuzQCFegHnUJ2Sf0
iWc/+dQ5IuOWjjqsZDxJmFLI5RWkkHfxnD9huH5qGuv/hPFu6h9KEQ==
-----END CERTIFICATE-----