Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/nA1VQL3NMwUrwA__JmM4vzzIKoA.cer
File:                     nA1VQL3NMwUrwA__JmM4vzzIKoA.cer (raw, json)
Hash identifier:          g1Rvs56XLV7QOubaclBZ9cod7ga9MBm/98CNEFMOrKY=
Subject key identifier:   9C:0D:55:40:BD:CD:33:05:2B:C0:0F:FF:26:63:38:BF:3C:C8:2A:80
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC802CD5FA72B92448C66EA804F623B64
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/12/70ddc4-f9c4-498b-85ee-16fc9d44ec7d/1/nA1VQL3NMwUrwA__JmM4vzzIKoA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/12/70ddc4-f9c4-498b-85ee-16fc9d44ec7d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:31:16 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 195.96.137.0/24
                          IP: 2a12:c800::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:cd:5f:a7:2b:92:44:8c:66:ea:80:4f:62:3b:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c0d5540bdcd33052bc00fff266338bf3cc82a80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:3f:5a:8c:a0:65:69:e4:12:72:eb:bb:1e:37:
                    28:45:15:56:ec:70:93:a1:05:b7:9f:02:cc:d8:e5:
                    1b:a2:44:81:35:64:c3:ee:6c:bd:c4:66:bb:40:a6:
                    39:0e:7c:f5:88:d3:52:e8:a5:7e:96:26:59:41:9e:
                    54:89:58:e7:85:d3:be:94:44:63:bb:00:fe:a3:e4:
                    4e:a6:53:d1:9b:99:ce:05:a7:c6:f2:39:b1:f2:a9:
                    f6:93:b5:36:63:4e:af:01:e0:a3:65:ac:2a:31:a2:
                    bb:92:ba:9c:b5:62:58:7d:1e:0e:bf:02:96:c8:22:
                    09:92:5d:ea:76:24:eb:c9:49:6d:3e:e5:a8:6d:6e:
                    82:af:ca:99:50:c0:05:e9:90:25:ab:38:ce:89:64:
                    23:8b:4b:cc:9f:f1:0d:a1:9b:70:fb:84:b8:49:9d:
                    4c:35:ac:c8:ab:3c:67:52:54:4e:f1:d4:27:68:5b:
                    6e:be:34:e4:bc:13:2f:6f:2e:ad:9a:dc:48:1f:db:
                    94:73:3d:37:de:de:be:76:82:ca:5b:e2:67:da:c4:
                    94:60:7d:6d:53:d0:16:d0:d3:d3:de:56:5c:63:f5:
                    65:ca:7b:72:11:f9:8d:fe:c6:2e:95:b1:2e:5a:40:
                    ce:80:b3:6f:9b:5c:36:77:74:9d:c5:2f:83:3c:b7:
                    8b:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:0D:55:40:BD:CD:33:05:2B:C0:0F:FF:26:63:38:BF:3C:C8:2A:80
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/70ddc4-f9c4-498b-85ee-16fc9d44ec7d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/70ddc4-f9c4-498b-85ee-16fc9d44ec7d/1/nA1VQL3NMwUrwA__JmM4vzzIKoA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.96.137.0/24
                IPv6:
                  2a12:c800::/29

    Signature Algorithm: sha256WithRSAEncryption
         8e:c1:9d:e9:d7:ad:4c:ef:af:2b:c5:18:08:9a:a6:05:98:45:
         79:75:06:c4:40:52:10:e4:11:53:be:fb:0e:e4:c2:11:1c:7f:
         49:64:28:20:f7:b7:fc:6a:ca:70:8e:42:87:16:9a:a2:ed:ba:
         23:49:1b:95:16:ec:c7:e1:9e:3c:22:a6:0d:5a:22:07:92:fb:
         d7:04:ff:f4:75:d2:f3:b2:22:c0:c0:c6:d6:aa:66:b5:08:aa:
         59:a1:c7:9d:8b:6b:31:67:b2:e6:c2:74:3e:3a:c2:96:e3:e6:
         94:e2:38:c0:d5:60:a9:73:49:d8:3b:4f:01:d2:77:56:ab:f4:
         60:75:4e:71:22:45:6b:f5:e6:65:5c:19:a2:ad:3a:25:79:c5:
         81:44:e2:d8:a6:60:cd:db:a9:c9:ef:9e:e2:b9:b5:3a:fb:7a:
         79:3b:d4:7e:da:53:e0:bd:0b:1a:70:d1:a3:50:6f:99:c5:d9:
         55:2a:16:da:e8:5a:52:11:29:5c:bc:13:55:48:f0:8b:2a:a6:
         5e:7e:fb:b6:d0:05:24:34:f6:1a:65:45:38:d2:f6:b3:45:45:
         00:89:89:56:4b:ab:a8:cf:af:83:6f:17:5f:27:82:a7:4e:f4:
         78:17:40:2d:94:40:e9:f9:5c:62:8f:0f:b0:7f:1a:55:ff:35:
         3a:0b:b3:c5
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzIAs1fpyuSRIxm6oBPYjtkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzBkNTU0MGJkY2QzMzA1MmJjMDBmZmYyNjYzMzhiZjNjYzgyYTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsj9ajKBlaeQScuu7HjcoRRVW7HCT
oQW3nwLM2OUbokSBNWTD7my9xGa7QKY5Dnz1iNNS6KV+liZZQZ5UiVjnhdO+lERj
uwD+o+ROplPRm5nOBafG8jmx8qn2k7U2Y06vAeCjZawqMaK7krqctWJYfR4OvwKW
yCIJkl3qdiTryUltPuWobW6Cr8qZUMAF6ZAlqzjOiWQji0vMn/ENoZtw+4S4SZ1M
NazIqzxnUlRO8dQnaFtuvjTkvBMvby6tmtxIH9uUcz033t6+doLKW+Jn2sSUYH1t
U9AW0NPT3lZcY/VlyntyEfmN/sYulbEuWkDOgLNvm1w2d3SdxS+DPLeLQQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFJwNVUC9zTMFK8AP/yZjOL88yCqAMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEyLzcwZGRj
NC1mOWM0LTQ5OGItODVlZS0xNmZjOWQ0NGVjN2QvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTIvNzBkZGM0
LWY5YzQtNDk4Yi04NWVlLTE2ZmM5ZDQ0ZWM3ZC8xL25BMVZRTDNOTXdVcndBX19K
bU00dnp6SUtvQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAw2CJMA0EAgACMAcDBQMqEsgAMA0GCSqGSIb3
DQEBCwUAA4IBAQCOwZ3p161M768rxRgImqYFmEV5dQbEQFIQ5BFTvvsO5MIRHH9J
ZCgg97f8aspwjkKHFpqi7bojSRuVFuzH4Z48IqYNWiIHkvvXBP/0ddLzsiLAwMbW
qma1CKpZocedi2sxZ7LmwnQ+OsKW4+aU4jjA1WCpc0nYO08B0ndWq/RgdU5xIkVr
9eZlXBmirTolecWBROLYpmDN26nJ757iubU6+3p5O9R+2lPgvQsacNGjUG+ZxdlV
Khba6FpSESlcvBNVSPCLKqZefvu20AUkNPYaZUU40vazRUUAiYlWS6uoz6+Dbxdf
J4KnTvR4F0AtlEDp+Vxijw+wfxpV/zU6C7PF
-----END CERTIFICATE-----