Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/n6eFncOdRzYULPHiKcisS-YjuQM.cer
File:                     n6eFncOdRzYULPHiKcisS-YjuQM.cer (raw, json)
Hash identifier:          ULS6jO2Jg2lmtON3UnuHI+OynZpmxe0pIO+W+MazLx4=
Subject key identifier:   9F:A7:85:9D:C3:9D:47:36:14:2C:F1:E2:29:C8:AC:4B:E6:23:B9:03
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC49227BBBBAE8AC1E14DA524ACE2BA5B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/34/069008-2e4f-4323-b6a2-e8d6c2f071df/1/n6eFncOdRzYULPHiKcisS-YjuQM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/34/069008-2e4f-4323-b6a2-e8d6c2f071df/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 10:29:21 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.1.107.0/24
                          IP: 2001:7f8:c1::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:27:bb:bb:ae:8a:c1:e1:4d:a5:24:ac:e2:ba:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 10:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9fa7859dc39d4736142cf1e229c8ac4be623b903
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:67:c3:69:ad:9b:4b:fa:6f:5a:f2:1f:b3:ca:
                    cc:f9:5b:46:ac:b9:15:d0:28:f9:92:34:52:1f:c5:
                    a9:c0:80:e2:e1:67:e4:5b:b1:84:c0:49:95:b3:2f:
                    2d:e8:34:7c:f8:a2:c8:e9:a2:f6:28:2a:92:eb:e4:
                    21:4c:8f:ff:39:c3:9f:9d:bb:6b:8a:d7:24:d5:0c:
                    a6:10:8d:53:b6:3d:57:f7:68:d5:86:48:cc:cd:b6:
                    5a:44:42:0d:57:cc:da:94:6e:4c:f2:5c:f3:cc:29:
                    14:81:ac:86:d7:e5:de:fe:42:b6:00:b8:28:81:9a:
                    61:17:c6:bc:8b:37:e0:4e:18:1e:16:0e:b7:b0:9c:
                    a2:29:4e:9d:19:28:d4:a9:0a:01:d6:24:f1:ba:c6:
                    e5:eb:14:bf:60:3e:74:d3:07:35:9d:23:f5:ef:85:
                    0d:d0:2a:43:83:fe:80:3e:90:40:cb:b1:56:c1:e4:
                    c4:7f:81:fb:47:8e:9a:8c:25:22:ad:7f:2b:de:3e:
                    ab:a1:b9:ea:17:cf:22:d2:95:3a:24:1b:cb:5e:54:
                    2d:18:98:bb:22:19:16:fd:7e:45:d9:52:91:21:e1:
                    0c:05:f6:db:39:63:9b:d4:6f:2d:c8:b8:2c:6b:01:
                    9c:bc:73:3c:0b:47:bc:1e:9a:04:d3:33:e3:2a:78:
                    38:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:A7:85:9D:C3:9D:47:36:14:2C:F1:E2:29:C8:AC:4B:E6:23:B9:03
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/069008-2e4f-4323-b6a2-e8d6c2f071df/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/069008-2e4f-4323-b6a2-e8d6c2f071df/1/n6eFncOdRzYULPHiKcisS-YjuQM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.107.0/24
                IPv6:
                  2001:7f8:c1::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:58:c1:d9:c4:cc:30:8f:6c:fa:ac:7e:99:bd:c6:4d:1c:12:
         4f:29:ee:43:74:50:7f:a4:52:31:6e:08:4a:d6:3b:b6:2f:26:
         3b:16:b0:a6:39:c5:82:3b:fa:3b:f5:e6:b8:7f:91:37:ec:5c:
         3e:42:3a:5e:d7:3b:9f:f6:06:ac:26:66:ad:55:7c:dd:da:5a:
         36:68:d9:5a:52:e1:16:0b:9f:d9:2b:46:59:46:00:1c:e7:a4:
         6a:3f:c2:cb:9d:f8:34:42:b8:a6:59:0c:90:46:34:46:32:47:
         56:f5:4f:8c:c6:f2:a9:8b:f5:47:fc:97:01:68:0a:61:29:f3:
         45:06:75:7d:44:ea:ca:ae:13:5b:5a:9d:85:e4:2f:8e:97:0d:
         28:87:5e:37:af:e5:e4:5a:df:8e:57:10:2d:fa:b8:13:29:c7:
         34:9c:0a:3b:a1:de:26:7b:5f:3d:e0:c2:0e:b1:2e:e9:e8:af:
         5d:63:0e:44:04:24:39:f7:cb:25:9a:b6:cf:7d:ba:3a:40:50:
         18:d9:26:42:c9:f8:74:e3:35:f6:56:d4:5d:84:7e:45:b9:4c:
         8d:a6:ab:1a:78:31:90:ed:a1:5d:85:18:a2:ad:5b:55:f8:ac:
         69:33:73:29:f4:aa:57:fb:df:8c:a5:eb:57:b9:3d:51:80:86:
         20:a3:85:95
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgISAYzEkie7u66KweFNpSSs4rpbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTAyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmE3ODU5ZGMzOWQ0NzM2MTQyY2YxZTIyOWM4YWM0YmU2MjNiOTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGfDaa2bS/pvWvIfs8rM+VtGrLkV
0Cj5kjRSH8WpwIDi4WfkW7GEwEmVsy8t6DR8+KLI6aL2KCqS6+QhTI//OcOfnbtr
itck1QymEI1Ttj1X92jVhkjMzbZaREINV8zalG5M8lzzzCkUgayG1+Xe/kK2ALgo
gZphF8a8izfgThgeFg63sJyiKU6dGSjUqQoB1iTxusbl6xS/YD500wc1nSP174UN
0CpDg/6APpBAy7FWweTEf4H7R46ajCUirX8r3j6robnqF88i0pU6JBvLXlQtGJi7
IhkW/X5F2VKRIeEMBfbbOWOb1G8tyLgsawGcvHM8C0e8HpoE0zPjKng4ZQIDAQAB
o4IClTCCApEwHQYDVR0OBBYEFJ+nhZ3DnUc2FCzx4inIrEvmI7kDMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM0LzA2OTAw
OC0yZTRmLTQzMjMtYjZhMi1lOGQ2YzJmMDcxZGYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQvMDY5MDA4
LTJlNGYtNDMyMy1iNmEyLWU4ZDZjMmYwNzFkZi8xL242ZUZuY09kUnpZVUxQSGlL
Y2lzUy1ZanVRTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUF
BwEHAQH/BCEwHzAMBAIAATAGAwQAuQFrMA8EAgACMAkDBwAgAQf4AMEwDQYJKoZI
hvcNAQELBQADggEBAApYwdnEzDCPbPqsfpm9xk0cEk8p7kN0UH+kUjFuCErWO7Yv
JjsWsKY5xYI7+jv15rh/kTfsXD5COl7XO5/2BqwmZq1VfN3aWjZo2VpS4RYLn9kr
RllGABznpGo/wsud+DRCuKZZDJBGNEYyR1b1T4zG8qmL9Uf8lwFoCmEp80UGdX1E
6squE1tanYXkL46XDSiHXjev5eRa345XEC36uBMpxzScCjuh3iZ7Xz3gwg6xLuno
r11jDkQEJDn3yyWats99ujpAUBjZJkLJ+HTjNfZW1F2EfkW5TI2mqxp4MZDtoV2F
GKKtW1X4rGkzcyn0qlf734yl61e5PVGAhiCjhZU=
-----END CERTIFICATE-----