Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/mrM3Q6ZUkGFDOZ-QNwSAFoJjjnw.cer
File:                     mrM3Q6ZUkGFDOZ-QNwSAFoJjjnw.cer (raw, json)
Hash identifier:          hVdE8T17xTSbtK4V8vwNhreLS8IHqfPlfjHwOxhznH4=
Subject key identifier:   9A:B3:37:43:A6:54:90:61:43:39:9F:90:37:04:80:16:82:63:8E:7C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCFA8E00FCDD43B32806349D17D1C062B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4b/b67944-6389-4108-8628-d8f93536af63/1/mrM3Q6ZUkGFDOZ-QNwSAFoJjjnw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4b/b67944-6389-4108-8628-d8f93536af63/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 03 Jan 2024 14:10:00 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 94.101.109.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:cf:a8:e0:0f:cd:d4:3b:32:80:63:49:d1:7d:1c:06:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  3 14:10:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ab33743a654906143399f903704801682638e7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:26:39:f5:6e:e3:ba:89:b1:5a:4f:40:b8:14:
                    46:77:0b:ae:41:d1:27:0d:6b:98:d9:85:0e:3a:7c:
                    17:e6:54:f2:e9:a4:48:c4:17:23:46:72:3a:b8:b7:
                    af:47:71:4c:86:e7:23:99:b2:ab:05:16:da:42:08:
                    fe:79:c7:a1:f0:64:81:70:0f:66:71:3c:ba:fe:e7:
                    51:45:76:88:e0:6c:5a:04:22:a7:df:24:69:21:4e:
                    d2:37:c9:ab:0c:a1:0b:5d:b0:07:20:36:f9:8e:da:
                    6e:2d:22:0f:0d:3a:b5:20:2c:d9:d9:9a:37:f3:89:
                    ed:75:80:29:00:37:d6:f3:8c:f4:37:0e:33:5d:86:
                    9b:7e:1e:7d:ab:ad:f5:12:a3:68:9d:b9:d2:c2:8c:
                    92:2d:17:b9:e3:0d:4e:b1:1d:e5:19:4a:e0:b9:47:
                    f3:16:a1:1a:14:00:02:2b:87:04:1e:73:8e:11:bc:
                    2c:79:b4:e1:6f:2e:44:a2:63:95:5c:a6:4a:12:5d:
                    58:97:c7:3a:2c:03:8b:e7:92:13:d8:13:27:24:8b:
                    fe:b3:85:ec:28:08:9c:cd:d7:01:7a:26:71:ec:20:
                    dc:35:94:9b:9e:0d:13:fc:bc:d2:06:9e:31:e9:23:
                    ed:40:3c:4e:d1:d6:18:5c:80:4a:db:3c:39:fe:f3:
                    db:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:B3:37:43:A6:54:90:61:43:39:9F:90:37:04:80:16:82:63:8E:7C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/b67944-6389-4108-8628-d8f93536af63/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/b67944-6389-4108-8628-d8f93536af63/1/mrM3Q6ZUkGFDOZ-QNwSAFoJjjnw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.101.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:d7:5a:0e:78:90:13:f4:e6:c0:41:ba:c9:c8:12:58:bb:f5:
         bf:fa:0b:52:13:5a:f3:36:92:bc:69:c5:7b:ed:89:77:1b:35:
         7d:f8:3b:e9:f2:82:c1:67:cf:55:41:a7:7c:7c:ae:9c:3e:f3:
         3c:e6:ee:db:79:7a:02:e5:80:1d:56:06:df:9f:c7:8e:55:35:
         4b:f2:dc:2f:d6:3b:05:80:37:dd:d6:a3:75:4f:97:de:23:0d:
         f1:b1:8d:b6:51:12:e8:6f:95:06:a8:30:b5:5f:46:8b:db:32:
         e8:23:39:7f:a1:c2:2e:12:27:43:bb:7e:f9:a6:7c:7f:d4:7c:
         48:64:75:37:3b:44:39:cb:80:d5:6f:a4:5a:75:ba:a7:4c:c4:
         bb:d9:ff:b0:9f:36:9e:95:08:7e:c5:18:a5:56:6c:c9:7d:63:
         00:ac:d6:28:8f:09:79:ca:84:e2:86:16:1c:c1:e9:b2:bf:3b:
         0e:d9:7e:75:14:0e:9c:9e:0e:79:21:78:49:40:e8:91:39:16:
         63:b9:1d:02:ef:67:10:48:b9:33:0e:80:20:cb:c9:f1:3b:39:
         79:b0:f5:b9:8e:7c:4f:32:34:e6:43:49:1e:c7:d5:02:64:6e:
         51:bf:4d:2f:db:5a:f5:23:23:68:94:73:08:5e:d0:6b:a7:7d:
         bd:90:5a:25
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzPqOAPzdQ7MoBjSdF9HAYrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAzMTQxMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWIzMzc0M2E2NTQ5MDYxNDMzOTlmOTAzNzA0ODAxNjgyNjM4ZTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCY59W7juomxWk9AuBRGdwuuQdEn
DWuY2YUOOnwX5lTy6aRIxBcjRnI6uLevR3FMhucjmbKrBRbaQgj+eceh8GSBcA9m
cTy6/udRRXaI4GxaBCKn3yRpIU7SN8mrDKELXbAHIDb5jtpuLSIPDTq1ICzZ2Zo3
84ntdYApADfW84z0Nw4zXYabfh59q631EqNonbnSwoySLRe54w1OsR3lGUrguUfz
FqEaFAACK4cEHnOOEbwsebThby5EomOVXKZKEl1Yl8c6LAOL55IT2BMnJIv+s4Xs
KAiczdcBeiZx7CDcNZSbng0T/LzSBp4x6SPtQDxO0dYYXIBK2zw5/vPbawIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFJqzN0OmVJBhQzmfkDcEgBaCY458MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRiL2I2Nzk0
NC02Mzg5LTQxMDgtODYyOC1kOGY5MzUzNmFmNjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGIvYjY3OTQ0
LTYzODktNDEwOC04NjI4LWQ4ZjkzNTM2YWY2My8xL21yTTNRNlpVa0dGRE9aLVFO
d1NBRm9Kampudy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAXmVtMA0GCSqGSIb3DQEBCwUAA4IBAQAJ11oO
eJAT9ObAQbrJyBJYu/W/+gtSE1rzNpK8acV77Yl3GzV9+Dvp8oLBZ89VQad8fK6c
PvM85u7beXoC5YAdVgbfn8eOVTVL8twv1jsFgDfd1qN1T5feIw3xsY22URLob5UG
qDC1X0aL2zLoIzl/ocIuEidDu375pnx/1HxIZHU3O0Q5y4DVb6RadbqnTMS72f+w
nzaelQh+xRilVmzJfWMArNYojwl5yoTihhYcwemyvzsO2X51FA6cng55IXhJQOiR
ORZjuR0C72cQSLkzDoAgy8nxOzl5sPW5jnxPMjTmQ0kex9UCZG5Rv00v21r1IyNo
lHMIXtBrp329kFol
-----END CERTIFICATE-----