Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/pQ8hw9yTdX_AMoKoNWANZZ-WHo4.cer
File:                     pQ8hw9yTdX_AMoKoNWANZZ-WHo4.cer (raw, json)
Hash identifier:          EBIL3o/8/EWM1rYoC5BHNmeBztMAQxdeXWGxPEm5xRk=
Subject key identifier:   A5:0F:21:C3:DC:93:75:7F:C0:32:82:A8:35:60:0D:65:9F:96:1E:8E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC493233AB40DA081C687CF77FCA078AD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ad/ea1df7-808a-47c3-ae51-b0843ec38823/1/pQ8hw9yTdX_AMoKoNWANZZ-WHo4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ad/ea1df7-808a-47c3-ae51-b0843ec38823/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 10:30:26 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.207.64.0/23
                          IP: 91.208.247.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:23:3a:b4:0d:a0:81:c6:87:cf:77:fc:a0:78:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 10:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a50f21c3dc93757fc03282a835600d659f961e8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d5:bb:46:d4:a1:87:cc:18:11:c2:ab:3b:7b:
                    66:c6:52:11:f4:18:46:be:b1:dd:e2:88:aa:cd:d9:
                    de:42:0e:8c:c7:61:ca:bb:e5:28:6a:b8:cb:a4:31:
                    19:c0:f9:83:2f:be:20:7d:70:97:61:95:d7:6c:a5:
                    9c:09:65:3a:e4:67:e6:72:de:6a:02:64:0b:64:6b:
                    fa:a6:cf:be:57:b6:a6:78:b2:76:1f:1e:c9:ed:40:
                    fd:a3:bc:92:51:bd:4f:3b:67:f3:dc:c3:ae:cf:cb:
                    49:63:86:bd:0f:e0:a6:70:f3:7c:fe:35:76:29:46:
                    58:09:9d:9a:f8:0a:e2:f6:06:39:ed:01:02:33:59:
                    65:d5:4c:40:5e:36:28:fd:2d:79:3c:50:fc:ef:83:
                    c7:27:93:cb:1f:56:76:a8:ef:59:70:fd:50:6b:41:
                    83:6e:59:d3:8c:32:81:db:a8:35:73:34:ab:c9:ab:
                    f0:d2:29:1f:22:f6:38:31:0e:e3:e4:fc:a5:c1:01:
                    3c:17:8d:44:ab:f5:4e:a7:b0:24:0e:72:5a:d2:ef:
                    06:9d:b7:e9:a1:cb:31:27:7d:cf:3e:d3:a9:d8:d1:
                    e7:ae:66:8d:9a:26:69:2b:13:c1:0e:a5:bd:c5:53:
                    db:89:db:08:e8:0a:70:7a:ff:9e:0d:3f:e3:87:f4:
                    14:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:0F:21:C3:DC:93:75:7F:C0:32:82:A8:35:60:0D:65:9F:96:1E:8E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/ea1df7-808a-47c3-ae51-b0843ec38823/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/ea1df7-808a-47c3-ae51-b0843ec38823/1/pQ8hw9yTdX_AMoKoNWANZZ-WHo4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.64.0/23
                  91.208.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:98:30:ba:7b:61:2f:10:54:83:5e:61:dd:97:a9:95:34:09:
         31:9e:bc:53:d3:7b:b2:8f:21:87:ec:95:9b:d1:73:98:10:13:
         7c:27:5f:f5:eb:fe:cf:f0:7f:23:ef:69:7e:cd:44:05:bc:f5:
         8c:74:29:c0:68:27:91:f1:5f:02:ef:b9:eb:53:5e:81:78:70:
         ca:37:60:ad:1b:dc:cb:8a:19:e7:86:22:77:c4:5a:70:f5:c0:
         e2:aa:0f:11:3e:80:fa:ba:f7:2a:cc:8c:8d:ef:80:a5:97:09:
         be:cc:05:74:df:07:03:11:9d:18:eb:cb:b4:ea:a9:b5:5c:c5:
         ed:6e:62:38:7e:53:60:a5:5c:f3:76:cf:1a:45:c9:1d:6c:f9:
         9c:b6:bf:35:5e:88:fa:39:2f:f2:38:fe:3d:44:ac:54:bb:c7:
         fb:fa:c0:f9:e5:d1:e5:80:84:9f:06:7a:5f:57:5a:1d:bb:42:
         61:4d:ba:a7:9f:4d:55:86:68:15:80:8d:e3:00:b4:7d:35:3a:
         90:10:bd:8b:41:24:18:39:e8:e1:2f:bf:3c:60:c9:3e:c1:f9:
         02:57:f0:ca:f4:be:41:d9:b6:7e:80:b1:5f:4f:35:b3:81:94:
         17:46:55:fa:5a:08:65:38:85:ca:7f:36:80:0d:ac:0f:1a:9d:
         cc:f2:29:66
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAYzEkyM6tA2ggcaHz3f8oHitMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTAzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTBmMjFjM2RjOTM3NTdmYzAzMjgyYTgzNTYwMGQ2NTlmOTYxZThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtW7RtShh8wYEcKrO3tmxlIR9BhG
vrHd4oiqzdneQg6Mx2HKu+UoarjLpDEZwPmDL74gfXCXYZXXbKWcCWU65Gfmct5q
AmQLZGv6ps++V7ameLJ2Hx7J7UD9o7ySUb1PO2fz3MOuz8tJY4a9D+CmcPN8/jV2
KUZYCZ2a+Ari9gY57QECM1ll1UxAXjYo/S15PFD874PHJ5PLH1Z2qO9ZcP1Qa0GD
blnTjDKB26g1czSryavw0ikfIvY4MQ7j5PylwQE8F41Eq/VOp7AkDnJa0u8Gnbfp
ocsxJ33PPtOp2NHnrmaNmiZpKxPBDqW9xVPbidsI6Apwev+eDT/jh/QUUQIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFKUPIcPck3V/wDKCqDVgDWWflh6OMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2FkL2VhMWRm
Ny04MDhhLTQ3YzMtYWU1MS1iMDg0M2VjMzg4MjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWQvZWExZGY3
LTgwOGEtNDdjMy1hZTUxLWIwODQzZWMzODgyMy8xL3BROGh3OXlUZFhfQU1vS29O
V0FOWlotV0hvNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQBW89AAwQAW9D3MA0GCSqGSIb3DQEBCwUAA4IB
AQAVmDC6e2EvEFSDXmHdl6mVNAkxnrxT03uyjyGH7JWb0XOYEBN8J1/16/7P8H8j
72l+zUQFvPWMdCnAaCeR8V8C77nrU16BeHDKN2CtG9zLihnnhiJ3xFpw9cDiqg8R
PoD6uvcqzIyN74Cllwm+zAV03wcDEZ0Y68u06qm1XMXtbmI4flNgpVzzds8aRckd
bPmctr81Xoj6OS/yOP49RKxUu8f7+sD55dHlgISfBnpfV1odu0JhTbqnn01VhmgV
gI3jALR9NTqQEL2LQSQYOejhL788YMk+wfkCV/DK9L5B2bZ+gLFfTzWzgZQXRlX6
WghlOIXKfzaADawPGp3M8ilm
-----END CERTIFICATE-----