Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer
File:                     njUz1mLD8Na7HmkvP6tte6OCTCg.cer (raw, json)
Hash identifier:          ixlrqOI+JfRIpBXMrTQ4mCRObxH4ISciB6Ad8CYPtcc=
Subject key identifier:   9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC801F83FFCA8710B8A458AE8703FB244
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:30:21 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.34.48.0/22
                          IP: 195.13.60.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:f8:3f:fc:a8:71:0b:8a:45:8a:e8:70:3f:b2:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e3533d662c3f0d6bb1e692f3fab6d7ba3824c28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:40:f1:63:79:54:a9:f7:69:4b:24:00:53:f3:
                    25:2f:67:0b:9f:f3:db:cb:6f:2b:a0:c5:51:9d:06:
                    49:2c:91:54:3f:f5:65:6a:13:b7:21:6e:f1:96:6c:
                    ee:e4:e9:3b:01:11:7a:c4:a4:e5:28:a1:db:75:2f:
                    b5:bf:f2:dd:d1:85:86:9a:23:57:17:75:da:e3:a1:
                    4f:df:3d:95:89:b1:44:f2:a0:9e:19:eb:d5:bc:99:
                    eb:5c:14:aa:05:a1:34:04:9b:40:af:22:22:27:56:
                    96:11:13:35:ee:9c:5b:d2:64:5e:3e:42:d8:a0:4b:
                    a2:f9:b8:d1:ca:7d:a6:09:8d:42:ee:10:8e:6f:98:
                    4f:08:85:68:fe:bf:fc:60:20:46:64:20:46:b0:f4:
                    1a:83:21:cc:3e:d5:a9:30:c1:09:c3:a7:bb:24:19:
                    2d:04:94:4f:57:2c:b0:1f:97:f9:56:76:32:cc:c1:
                    46:30:67:75:a9:b1:04:07:ac:63:35:ac:00:1a:33:
                    fa:00:f9:ce:f1:37:8a:83:0c:c7:17:a6:05:aa:ff:
                    81:8d:f3:75:01:82:ce:43:f7:d2:a2:84:61:ab:ae:
                    c3:5b:8a:c8:4a:fb:04:29:4e:68:e8:df:23:27:a3:
                    61:73:1c:be:52:b4:20:9c:3e:53:fe:39:ab:29:8b:
                    85:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.48.0/22
                  195.13.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         35:21:a8:7b:c2:4a:94:45:5b:e7:9a:67:35:c4:d4:ee:7a:34:
         5b:5c:3d:c8:f2:ab:58:1b:8a:db:25:0e:55:01:c6:90:06:38:
         2b:8f:09:61:fa:62:0f:be:46:6c:60:18:f2:c4:c0:87:0b:48:
         7d:1f:f5:e4:54:f7:33:40:ac:2d:71:cf:21:8a:08:34:eb:65:
         02:83:b2:89:77:e7:4c:8d:9a:ab:19:be:36:af:6b:53:07:70:
         9c:30:a0:ab:91:af:70:93:47:7a:5f:e8:3e:50:16:81:2e:35:
         6c:71:e0:50:75:d6:78:02:0f:8e:86:2b:2b:21:b0:77:7a:fb:
         3c:4b:17:f0:65:95:8e:0a:cd:6a:b3:ce:ca:1a:97:55:55:0e:
         d3:c5:9a:7b:08:f0:3f:76:b5:07:03:47:c1:27:4d:ef:a0:63:
         03:f2:2f:03:47:12:63:81:90:d8:a6:7c:e2:43:2c:37:6d:42:
         93:22:b9:37:17:94:d8:c0:72:65:b8:12:ce:71:ff:84:ae:9d:
         fa:cf:4a:ea:c5:36:e6:d2:62:3d:a5:2c:ad:d3:08:75:c6:54:
         d7:fb:62:d2:dc:30:36:ef:69:ef:f4:9f:16:d6:37:ac:59:de:
         66:d1:ca:17:b1:e4:f6:d4:3b:f0:7f:ab:20:d7:9d:23:f8:29:
         dc:15:72:3b
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAYzIAfg//KhxC4pFiuhwP7JEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTM1MzNkNjYyYzNmMGQ2YmIxZTY5MmYzZmFiNmQ3YmEzODI0YzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkDxY3lUqfdpSyQAU/MlL2cLn/Pb
y28roMVRnQZJLJFUP/VlahO3IW7xlmzu5Ok7ARF6xKTlKKHbdS+1v/Ld0YWGmiNX
F3Xa46FP3z2VibFE8qCeGevVvJnrXBSqBaE0BJtAryIiJ1aWERM17pxb0mRePkLY
oEui+bjRyn2mCY1C7hCOb5hPCIVo/r/8YCBGZCBGsPQagyHMPtWpMMEJw6e7JBkt
BJRPVyywH5f5VnYyzMFGMGd1qbEEB6xjNawAGjP6APnO8TeKgwzHF6YFqv+BjfN1
AYLOQ/fSooRhq67DW4rISvsEKU5o6N8jJ6Nhcxy+UrQgnD5T/jmrKYuF5QIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFJ41M9Ziw/DWux5pLz+rbXujgkwoMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVlL2JlYmU2
ZC0xNmIzLTRiMDItYjIwNS1hNzgzNDEzMDk5ZDMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWUvYmViZTZk
LTE2YjMtNGIwMi1iMjA1LWE3ODM0MTMwOTlkMy8xL25qVXoxbUxEOE5hN0hta3ZQ
NnR0ZTZPQ1RDZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQCwSIwAwQCww08MA0GCSqGSIb3DQEBCwUAA4IB
AQA1Iah7wkqURVvnmmc1xNTuejRbXD3I8qtYG4rbJQ5VAcaQBjgrjwlh+mIPvkZs
YBjyxMCHC0h9H/XkVPczQKwtcc8higg062UCg7KJd+dMjZqrGb42r2tTB3CcMKCr
ka9wk0d6X+g+UBaBLjVsceBQddZ4Ag+OhisrIbB3evs8SxfwZZWOCs1qs87KGpdV
VQ7TxZp7CPA/drUHA0fBJ03voGMD8i8DRxJjgZDYpnziQyw3bUKTIrk3F5TYwHJl
uBLOcf+Erp36z0rqxTbm0mI9pSyt0wh1xlTX+2LS3DA272nv9J8W1jesWd5m0coX
seT21Dvwf6sg150j+CncFXI7
-----END CERTIFICATE-----