Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/mvGIoEu0XU7nTETcdtcf_73AT2A.cer
File:                     mvGIoEu0XU7nTETcdtcf_73AT2A.cer (raw, json)
Hash identifier:          dqFC57bQbcTKNLhN9FYzqAaKJfK6cdC51JBRVDATyhg=
Subject key identifier:   9A:F1:88:A0:4B:B4:5D:4E:E7:4C:44:DC:76:D7:1F:FF:BD:C0:4F:60
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56ED7EE71FA417E1D3DB10BFB427B3A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fc/7e0b13-ec91-483d-b96a-659b4ccd7f4a/1/mvGIoEu0XU7nTETcdtcf_73AT2A.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fc/7e0b13-ec91-483d-b96a-659b4ccd7f4a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:30:24 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 77.83.236.0/22
                          IP: 2a09:9280::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d7:ee:71:fa:41:7e:1d:3d:b1:0b:fb:42:7b:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9af188a04bb45d4ee74c44dc76d71fffbdc04f60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:43:2a:bf:b3:41:99:cc:24:41:f7:51:56:0b:
                    5c:44:08:22:61:d5:ec:b5:2e:8f:e0:07:0f:f6:46:
                    95:27:94:2f:f1:e3:d0:2b:ee:7a:a9:70:13:b5:cf:
                    01:df:91:11:92:24:a8:3e:20:6c:20:a2:76:27:e2:
                    70:b7:84:d9:91:95:59:6e:75:3a:90:81:61:ba:67:
                    03:fa:7f:ee:cb:4c:d6:b8:cf:38:b1:f4:88:dc:fb:
                    45:d5:8d:d4:eb:36:3f:f4:8e:57:a9:38:de:fa:c2:
                    23:70:ab:f2:bf:17:25:b9:c8:65:15:a7:e5:94:ce:
                    d2:05:1c:ce:5c:8f:46:b4:3b:de:f4:43:dc:6b:30:
                    58:37:24:e3:0c:a9:d4:da:58:10:a8:05:84:52:0b:
                    41:55:f8:1f:71:95:07:b7:3b:4b:85:02:74:51:e2:
                    fb:a0:5a:1e:55:66:3a:c8:77:d6:48:3d:55:01:bc:
                    bf:04:4a:2c:45:c8:8b:c8:ff:04:4b:e7:62:56:8e:
                    de:23:64:9f:ba:2e:1c:86:f2:18:bf:6c:80:50:37:
                    1b:13:fc:da:ac:65:45:aa:69:9a:52:9c:e5:69:f1:
                    28:5d:6c:c5:75:5f:f9:4b:6c:e2:34:10:ae:26:42:
                    d8:53:6f:50:6a:f2:ce:d7:f7:14:e0:5e:58:38:f6:
                    94:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:F1:88:A0:4B:B4:5D:4E:E7:4C:44:DC:76:D7:1F:FF:BD:C0:4F:60
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/7e0b13-ec91-483d-b96a-659b4ccd7f4a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/7e0b13-ec91-483d-b96a-659b4ccd7f4a/1/mvGIoEu0XU7nTETcdtcf_73AT2A.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.236.0/22
                IPv6:
                  2a09:9280::/29

    Signature Algorithm: sha256WithRSAEncryption
         a9:2a:9f:b3:da:38:f9:5d:87:23:63:46:ab:ae:86:60:d4:af:
         b4:e7:d9:0a:2d:da:b5:01:5f:3d:7f:2c:a3:39:a4:8e:f9:7e:
         da:d3:7d:be:59:e9:c0:88:12:c1:16:1a:fb:7a:0d:7b:00:92:
         8d:a3:73:04:83:29:fb:6f:6c:43:6d:18:b1:9e:8d:6f:01:01:
         1c:63:46:a0:fe:e6:4f:17:c2:ad:48:a9:9c:81:59:94:c7:16:
         b0:9e:8c:82:f9:ec:c0:d4:ba:17:6c:42:8d:80:8a:4c:0e:6b:
         9d:7c:e6:52:a8:e8:7c:9c:a0:2b:60:70:dd:28:e5:65:69:74:
         e9:62:78:44:3c:e8:33:c5:55:a1:c0:a9:42:9d:3a:07:7e:0a:
         59:5a:ea:be:2e:48:88:ac:c6:2b:be:9f:45:64:3a:2e:ac:b3:
         a1:9a:68:6f:7a:11:f5:4a:e1:4d:45:e9:97:31:54:4e:e4:36:
         ca:03:15:eb:83:52:37:ad:8a:35:fe:af:87:7f:73:2d:40:b2:
         00:8c:ba:f2:e0:f7:d5:76:60:73:16:68:b6:2b:48:62:bf:07:
         32:cc:59:4c:fd:59:8d:1a:32:47:d2:64:8f:36:36:22:bf:aa:
         71:1c:4a:91:4a:85:44:60:03:4e:3d:7f:c9:6c:5b:1d:a6:eb:
         38:6a:cf:e8
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzFbtfucfpBfh09sQv7Qns6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWYxODhhMDRiYjQ1ZDRlZTc0YzQ0ZGM3NmQ3MWZmZmJkYzA0ZjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA10Mqv7NBmcwkQfdRVgtcRAgiYdXs
tS6P4AcP9kaVJ5Qv8ePQK+56qXATtc8B35ERkiSoPiBsIKJ2J+Jwt4TZkZVZbnU6
kIFhumcD+n/uy0zWuM84sfSI3PtF1Y3U6zY/9I5XqTje+sIjcKvyvxcluchlFafl
lM7SBRzOXI9GtDve9EPcazBYNyTjDKnU2lgQqAWEUgtBVfgfcZUHtztLhQJ0UeL7
oFoeVWY6yHfWSD1VAby/BEosRciLyP8ES+diVo7eI2Sfui4chvIYv2yAUDcbE/za
rGVFqmmaUpzlafEoXWzFdV/5S2ziNBCuJkLYU29QavLO1/cU4F5YOPaU9QIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFJrxiKBLtF1O50xE3HbXH/+9wE9gMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZjLzdlMGIx
My1lYzkxLTQ4M2QtYjk2YS02NTliNGNjZDdmNGEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmMvN2UwYjEz
LWVjOTEtNDgzZC1iOTZhLTY1OWI0Y2NkN2Y0YS8xL212R0lvRXUwWFU3blRFVGNk
dGNmXzczQVQyQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCTVPsMA0EAgACMAcDBQMqCZKAMA0GCSqGSIb3
DQEBCwUAA4IBAQCpKp+z2jj5XYcjY0arroZg1K+059kKLdq1AV89fyyjOaSO+X7a
032+WenAiBLBFhr7eg17AJKNo3MEgyn7b2xDbRixno1vAQEcY0ag/uZPF8KtSKmc
gVmUxxawnoyC+ezA1LoXbEKNgIpMDmudfOZSqOh8nKArYHDdKOVlaXTpYnhEPOgz
xVWhwKlCnToHfgpZWuq+LkiIrMYrvp9FZDourLOhmmhvehH1SuFNRemXMVRO5DbK
AxXrg1I3rYo1/q+Hf3MtQLIAjLry4PfVdmBzFmi2K0hivwcyzFlM/VmNGjJH0mSP
NjYiv6pxHEqRSoVEYANOPX/JbFsdpus4as/o
-----END CERTIFICATE-----