Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ndVRnFTz4jtOEhKogIM58pXaSzQ.cer
File:                     ndVRnFTz4jtOEhKogIM58pXaSzQ.cer (raw, json)
Hash identifier:          nLCV+ElD8ApRwpivlQ6uRxSZSB9FsrLiLKUVOrNceV8=
Subject key identifier:   9D:D5:51:9C:54:F3:E2:3B:4E:12:12:A8:80:83:39:F2:95:DA:4B:34
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B6A806B1910128E215175E227D6F66
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/79/1509a1-944f-488d-914f-8f8a7711717f/1/ndVRnFTz4jtOEhKogIM58pXaSzQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/79/1509a1-944f-488d-914f-8f8a7711717f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:29:36 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 89.107.24.0/22
                          IP: 2a06:2440::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a8:06:b1:91:01:28:e2:15:17:5e:22:7d:6f:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9dd5519c54f3e23b4e1212a8808339f295da4b34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:5a:4f:1a:05:6a:05:4c:4f:b7:3f:73:c0:91:
                    6a:74:77:42:fc:12:11:1d:fd:aa:8e:73:f5:89:2d:
                    24:c0:93:9c:48:ad:c5:ff:0a:f3:75:f0:6a:fd:77:
                    c4:2b:de:a2:8d:78:e4:9c:f5:8d:69:2f:14:8f:29:
                    bf:07:96:64:bf:2b:49:86:0d:14:76:24:bc:8d:d7:
                    b7:4c:84:15:2f:f9:95:c7:67:86:51:f4:19:ab:5c:
                    d0:8e:6c:2f:ff:78:19:ce:86:f1:05:f3:6d:11:31:
                    48:45:73:05:04:2f:35:e9:ce:ba:ca:06:ec:4f:d4:
                    23:f7:65:2e:7b:b3:88:67:6e:f2:f4:b6:f5:cc:11:
                    f1:e0:89:1e:86:77:13:70:cd:ca:d4:ba:c0:1d:ee:
                    db:25:75:57:09:fc:01:99:23:fa:64:c2:b5:dc:be:
                    a7:c4:6b:98:13:40:2a:79:b1:25:eb:9d:db:07:47:
                    60:93:73:d0:09:3c:f9:ff:c4:26:db:64:fa:6c:06:
                    f9:58:83:71:90:29:23:57:1d:f7:70:22:2e:15:b6:
                    4f:8b:ba:e0:6f:31:43:f5:ea:3c:84:a5:82:b3:03:
                    80:66:f3:66:06:13:22:e3:c3:7f:ab:21:30:37:45:
                    83:fd:dd:46:58:28:e7:3c:0c:33:86:46:c0:c9:30:
                    46:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:D5:51:9C:54:F3:E2:3B:4E:12:12:A8:80:83:39:F2:95:DA:4B:34
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/1509a1-944f-488d-914f-8f8a7711717f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/1509a1-944f-488d-914f-8f8a7711717f/1/ndVRnFTz4jtOEhKogIM58pXaSzQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.107.24.0/22
                IPv6:
                  2a06:2440::/29

    Signature Algorithm: sha256WithRSAEncryption
         ab:9f:e2:6e:b6:86:f1:89:b0:5b:5a:eb:26:85:7c:c1:2d:df:
         0b:ed:b6:a6:73:67:ac:79:0d:9b:ca:1d:b6:10:e0:62:b7:1e:
         3a:dd:8f:93:1f:9e:c1:a6:36:19:f0:b2:0d:e6:5c:1a:8b:36:
         f0:36:86:76:d2:39:01:41:f5:93:f0:f4:60:57:7f:36:1d:d3:
         d2:96:b8:9a:35:d4:b5:2d:ed:43:33:cb:2a:2b:96:2a:b5:1b:
         c8:a9:19:fe:54:d7:54:f3:5c:3a:4d:b0:a0:ca:bf:8d:86:ed:
         ba:5a:90:27:5b:1d:62:b9:62:76:de:4a:a9:42:a3:bc:d9:fc:
         17:40:2f:48:70:a0:dc:f1:6d:91:36:83:31:37:eb:72:19:5c:
         1b:0a:6c:1a:c0:74:9d:d4:ce:62:85:f3:8d:1e:24:3f:95:7a:
         48:97:46:e3:c8:44:20:8d:27:a8:10:2f:11:3b:b4:95:3b:9a:
         79:e3:42:c7:87:c2:39:b1:3b:68:e4:ee:70:2a:e9:41:4a:e8:
         b6:60:15:c8:96:a3:fd:b6:32:a3:a2:9f:83:77:52:52:1c:0b:
         b2:0a:90:47:1d:66:77:6f:99:26:ff:6f:82:90:2b:21:1d:73:
         fc:16:67:ab:2e:26:29:c0:9c:c7:01:1a:05:a0:60:96:2b:ee:
         7f:7a:52:69
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzDtqgGsZEBKOIVF14ifW9mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGQ1NTE5YzU0ZjNlMjNiNGUxMjEyYTg4MDgzMzlmMjk1ZGE0YjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1pPGgVqBUxPtz9zwJFqdHdC/BIR
Hf2qjnP1iS0kwJOcSK3F/wrzdfBq/XfEK96ijXjknPWNaS8Ujym/B5ZkvytJhg0U
diS8jde3TIQVL/mVx2eGUfQZq1zQjmwv/3gZzobxBfNtETFIRXMFBC816c66ygbs
T9Qj92Uue7OIZ27y9Lb1zBHx4IkehncTcM3K1LrAHe7bJXVXCfwBmSP6ZMK13L6n
xGuYE0AqebEl653bB0dgk3PQCTz5/8Qm22T6bAb5WINxkCkjVx33cCIuFbZPi7rg
bzFD9eo8hKWCswOAZvNmBhMi48N/qyEwN0WD/d1GWCjnPAwzhkbAyTBGvQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFJ3VUZxU8+I7ThISqICDOfKV2ks0MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc5LzE1MDlh
MS05NDRmLTQ4OGQtOTE0Zi04ZjhhNzcxMTcxN2YvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzkvMTUwOWEx
LTk0NGYtNDg4ZC05MTRmLThmOGE3NzExNzE3Zi8xL25kVlJuRlR6NGp0T0VoS29n
SU01OHBYYVN6US5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCWWsYMA0EAgACMAcDBQMqBiRAMA0GCSqGSIb3
DQEBCwUAA4IBAQCrn+JutobxibBbWusmhXzBLd8L7bamc2eseQ2byh22EOBitx46
3Y+TH57BpjYZ8LIN5lwaizbwNoZ20jkBQfWT8PRgV382HdPSlriaNdS1Le1DM8sq
K5YqtRvIqRn+VNdU81w6TbCgyr+Nhu26WpAnWx1iuWJ23kqpQqO82fwXQC9IcKDc
8W2RNoMxN+tyGVwbCmwawHSd1M5ihfONHiQ/lXpIl0bjyEQgjSeoEC8RO7SVO5p5
40LHh8I5sTto5O5wKulBSui2YBXIlqP9tjKjop+Dd1JSHAuyCpBHHWZ3b5km/2+C
kCshHXP8FmerLiYpwJzHARoFoGCWK+5/elJp
-----END CERTIFICATE-----