Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/nZYG7e75CJWc5DNqs5XKkIMxYQg.cer
File:                     nZYG7e75CJWc5DNqs5XKkIMxYQg.cer (raw, json)
Hash identifier:          0M9eS17CknYCMfMn2NBZ/JdqoYtvI1Sz/L2a7L8ff2w=
Subject key identifier:   9D:96:06:ED:EE:F9:08:95:9C:E4:33:6A:B3:95:CA:90:83:31:61:08
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2BEA58F63BB427679CA73034E4A72A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/41/ba9940-338d-420b-a500-548f512f4f29/1/nZYG7e75CJWc5DNqs5XKkIMxYQg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/41/ba9940-338d-420b-a500-548f512f4f29/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:35:24 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 178.211.145.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:ea:58:f6:3b:b4:27:67:9c:a7:30:34:e4:a7:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:35:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d9606edeef908959ce4336ab395ca9083316108
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ad:2f:38:15:df:31:05:6b:f7:96:4a:d7:b6:
                    a7:22:35:2f:6b:9a:bb:82:d7:82:b1:e8:30:bf:68:
                    86:fc:f9:7d:eb:00:d2:74:d9:93:90:94:24:d9:f2:
                    d5:de:09:3e:63:ad:17:4f:e9:48:9d:a8:25:e9:ed:
                    8f:f3:21:61:df:0e:d0:74:64:48:40:bc:40:92:0a:
                    44:00:4b:c6:f3:01:63:f7:1f:eb:c4:88:91:e3:64:
                    17:5a:d1:00:1f:43:ce:08:40:02:e6:e2:38:75:e6:
                    b7:cb:14:c2:5e:10:b6:91:09:4b:5a:23:35:01:10:
                    b5:ab:43:62:ce:52:49:66:49:2c:90:00:e6:d9:f2:
                    09:65:ac:40:1e:47:50:99:56:86:c4:ee:f5:96:61:
                    26:a5:3b:c3:d1:30:da:bc:9c:8b:ba:5d:9e:37:80:
                    39:8d:a2:65:43:29:d2:f5:15:2b:1b:dd:1e:03:3c:
                    f0:e6:4c:15:be:f7:9a:f6:44:6a:ce:7e:d9:eb:bc:
                    75:f3:d4:35:79:f6:5e:65:21:b2:fd:e3:c4:8e:5f:
                    ae:6b:59:f9:2d:ac:47:85:a2:3c:66:1c:0c:bb:f8:
                    2a:d5:3c:ea:71:00:a2:3e:0d:bb:13:fe:b4:e9:13:
                    58:6e:34:c4:4e:17:49:d0:73:82:20:d4:e0:b4:a7:
                    68:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:96:06:ED:EE:F9:08:95:9C:E4:33:6A:B3:95:CA:90:83:31:61:08
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ba9940-338d-420b-a500-548f512f4f29/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ba9940-338d-420b-a500-548f512f4f29/1/nZYG7e75CJWc5DNqs5XKkIMxYQg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.211.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:d2:26:19:12:7c:fa:f2:df:95:47:bf:c6:cd:ea:af:d1:a3:
         67:4a:d0:00:68:a2:6b:28:0d:5b:94:10:c4:e9:4b:b1:84:f3:
         c2:de:d3:01:bb:7d:7a:d8:c4:89:71:f4:d6:f4:81:14:a6:50:
         54:82:b3:ee:32:d8:79:ed:f9:8b:be:ee:5d:50:64:09:f4:f2:
         95:86:ff:31:4f:f4:99:6a:d0:fc:8d:e6:b7:8e:7b:eb:24:78:
         7a:46:ad:8b:9f:dc:43:d8:93:19:0d:07:c6:9c:61:b2:75:48:
         c3:b9:22:c9:a6:60:c7:6c:81:5e:eb:fa:54:f1:5c:dc:01:c5:
         14:ed:6f:23:80:25:34:2b:1d:e3:03:35:52:48:63:98:81:85:
         11:22:2a:56:5f:5e:94:80:6d:97:d6:54:4d:07:71:e8:f4:6d:
         2f:a8:67:7a:99:32:a3:00:64:34:7e:ff:37:58:00:c1:e1:7b:
         4c:8b:bd:f5:4e:d6:86:2c:a0:5d:7e:23:d3:6c:37:21:30:56:
         35:66:8b:a4:0c:fe:86:06:bb:3c:80:17:58:69:44:8c:09:11:
         56:75:1e:b0:7d:53:4b:cd:e1:5e:d1:2a:1b:3e:1c:f1:2e:15:
         f5:92:e0:4e:a3:ef:d2:eb:ab:c7:dd:15:1b:e3:1f:8f:04:1c:
         b9:f4:64:4f
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzKK+pY9ju0J2ecpzA05KcqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzNTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDk2MDZlZGVlZjkwODk1OWNlNDMzNmFiMzk1Y2E5MDgzMzE2MTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtq0vOBXfMQVr95ZK17anIjUva5q7
gteCsegwv2iG/Pl96wDSdNmTkJQk2fLV3gk+Y60XT+lInagl6e2P8yFh3w7QdGRI
QLxAkgpEAEvG8wFj9x/rxIiR42QXWtEAH0POCEAC5uI4dea3yxTCXhC2kQlLWiM1
ARC1q0NizlJJZkkskADm2fIJZaxAHkdQmVaGxO71lmEmpTvD0TDavJyLul2eN4A5
jaJlQynS9RUrG90eAzzw5kwVvvea9kRqzn7Z67x189Q1efZeZSGy/ePEjl+ua1n5
LaxHhaI8ZhwMu/gq1TzqcQCiPg27E/606RNYbjTEThdJ0HOCINTgtKdovwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFJ2WBu3u+QiVnOQzarOVypCDMWEIMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQxL2JhOTk0
MC0zMzhkLTQyMGItYTUwMC01NDhmNTEyZjRmMjkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDEvYmE5OTQw
LTMzOGQtNDIwYi1hNTAwLTU0OGY1MTJmNGYyOS8xL25aWUc3ZTc1Q0pXYzVETnFz
NVhLa0lNeFlRZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAstORMA0GCSqGSIb3DQEBCwUAA4IBAQCH0iYZ
Enz68t+VR7/Gzeqv0aNnStAAaKJrKA1blBDE6UuxhPPC3tMBu3162MSJcfTW9IEU
plBUgrPuMth57fmLvu5dUGQJ9PKVhv8xT/SZatD8jea3jnvrJHh6Rq2Ln9xD2JMZ
DQfGnGGydUjDuSLJpmDHbIFe6/pU8VzcAcUU7W8jgCU0Kx3jAzVSSGOYgYURIipW
X16UgG2X1lRNB3Ho9G0vqGd6mTKjAGQ0fv83WADB4XtMi731TtaGLKBdfiPTbDch
MFY1ZoukDP6GBrs8gBdYaUSMCRFWdR6wfVNLzeFe0SobPhzxLhX1kuBOo+/S66vH
3RUb4x+PBBy59GRP
-----END CERTIFICATE-----