Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/q9xjmjZ62vmzOC0JvaBe5UVDMVk.cer
File:                     q9xjmjZ62vmzOC0JvaBe5UVDMVk.cer (raw, json)
Hash identifier:          h8XOmwwTJ5Bm+orn4dPG60JM6IiSHqg8kD2kA9EiamM=
Subject key identifier:   AB:DC:63:9A:36:7A:DA:F9:B3:38:2D:09:BD:A0:5E:E5:45:43:31:59
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CE90272DD74F76B8D504D551A87548292
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/96/332548-99a1-4fba-b249-28d5d00dc0cb/1/q9xjmjZ62vmzOC0JvaBe5UVDMVk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/96/332548-99a1-4fba-b249-28d5d00dc0cb/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 08 Jan 2024 12:18:21 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 5.42.203.0/24
                          IP: 2a12:1840::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e9:02:72:dd:74:f7:6b:8d:50:4d:55:1a:87:54:82:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  8 12:18:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abdc639a367adaf9b3382d09bda05ee545433159
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b4:30:91:56:46:11:70:73:a1:cf:8f:e9:03:
                    cf:a5:2e:69:56:4d:57:76:1c:0a:97:f7:1d:bd:d4:
                    48:a9:91:84:77:6a:9c:e3:74:4a:90:9a:b6:60:02:
                    50:70:5f:b8:ad:d0:64:42:b6:2e:78:3c:4f:31:dd:
                    09:2c:03:7c:95:11:72:47:3b:8b:fb:17:ff:8c:82:
                    77:59:36:b3:04:fa:ec:f6:6a:04:00:2a:86:37:8f:
                    3c:f2:c3:33:d7:a4:c3:60:b1:5f:77:8e:c6:19:f6:
                    55:a7:bc:77:b9:35:cb:53:d5:43:c0:3f:06:3e:99:
                    da:c2:c7:7d:8b:78:ec:51:35:26:4e:97:9f:c7:db:
                    ca:93:0e:1c:51:33:96:fe:94:a7:67:6f:e2:8e:83:
                    25:3f:d4:26:15:dd:7a:53:f8:87:e5:8e:7d:91:d8:
                    32:1b:46:ff:22:7c:88:69:93:8c:b8:57:9b:6b:b8:
                    e7:dd:61:7e:57:24:0f:5f:3e:23:d0:e3:6e:db:c9:
                    75:83:c0:b4:6f:84:a8:62:6c:4a:d9:89:13:23:81:
                    66:ad:ea:51:7e:d0:1e:6e:c4:70:fd:a6:b4:07:13:
                    76:f6:51:ae:c7:02:1a:18:40:20:31:c4:b1:bd:5c:
                    dc:07:8d:4a:10:d2:17:65:05:7b:29:c7:9b:c2:bb:
                    39:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:DC:63:9A:36:7A:DA:F9:B3:38:2D:09:BD:A0:5E:E5:45:43:31:59
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/332548-99a1-4fba-b249-28d5d00dc0cb/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/332548-99a1-4fba-b249-28d5d00dc0cb/1/q9xjmjZ62vmzOC0JvaBe5UVDMVk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.203.0/24
                IPv6:
                  2a12:1840::/29

    Signature Algorithm: sha256WithRSAEncryption
         90:1f:07:ad:7f:4a:53:ac:39:09:f0:20:03:1e:1a:1c:6a:b9:
         61:8f:30:2e:57:75:e3:1a:ec:ef:68:e4:a9:ea:63:93:be:6a:
         2e:e7:74:18:8c:97:dc:cb:c2:ab:a5:e4:6b:84:5a:37:66:37:
         8b:cc:31:85:94:ea:6a:d4:5a:19:3a:9b:51:4c:b3:37:79:30:
         d6:54:c5:87:ce:28:48:40:25:fd:0e:1e:ef:1c:f6:67:23:56:
         a1:4c:4c:0e:0f:41:12:49:69:15:38:85:f7:ec:1a:0d:9e:57:
         48:e2:48:47:3c:99:57:68:49:d4:9c:2c:23:0b:27:b5:b8:b9:
         16:17:24:e3:60:04:cd:a6:01:4a:56:a8:01:9e:0f:46:24:cb:
         eb:e3:07:a9:89:27:4d:58:8b:39:73:3d:ba:3d:be:5c:da:c5:
         3f:cc:25:00:37:5a:51:54:29:8d:bf:71:74:5f:2b:1d:f5:d5:
         73:1d:b5:b6:f5:06:90:c0:c6:d0:af:d3:cd:db:d3:7d:a7:96:
         18:a4:86:72:4f:0b:f3:cf:56:01:44:dc:f1:d0:be:d0:57:49:
         ea:3b:af:a1:5a:72:c5:2c:78:cb:17:f6:45:33:6e:37:71:fc:
         1d:21:3d:7a:d0:cd:39:75:45:59:cb:6c:06:45:ea:92:d9:e7:
         a6:da:83:96
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzpAnLddPdrjVBNVRqHVIKSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTA4MTIxODIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmRjNjM5YTM2N2FkYWY5YjMzODJkMDliZGEwNWVlNTQ1NDMzMTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLQwkVZGEXBzoc+P6QPPpS5pVk1X
dhwKl/cdvdRIqZGEd2qc43RKkJq2YAJQcF+4rdBkQrYueDxPMd0JLAN8lRFyRzuL
+xf/jIJ3WTazBPrs9moEACqGN4888sMz16TDYLFfd47GGfZVp7x3uTXLU9VDwD8G
Ppnawsd9i3jsUTUmTpefx9vKkw4cUTOW/pSnZ2/ijoMlP9QmFd16U/iH5Y59kdgy
G0b/InyIaZOMuFeba7jn3WF+VyQPXz4j0ONu28l1g8C0b4SoYmxK2YkTI4FmrepR
ftAebsRw/aa0BxN29lGuxwIaGEAgMcSxvVzcB41KENIXZQV7Kcebwrs5DQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFKvcY5o2etr5szgtCb2gXuVFQzFZMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk2LzMzMjU0
OC05OWExLTRmYmEtYjI0OS0yOGQ1ZDAwZGMwY2IvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTYvMzMyNTQ4
LTk5YTEtNGZiYS1iMjQ5LTI4ZDVkMDBkYzBjYi8xL3E5eGptalo2MnZtek9DMEp2
YUJlNVVWRE1Way5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQABSrLMA0EAgACMAcDBQMqEhhAMA0GCSqGSIb3
DQEBCwUAA4IBAQCQHwetf0pTrDkJ8CADHhocarlhjzAuV3XjGuzvaOSp6mOTvmou
53QYjJfcy8KrpeRrhFo3ZjeLzDGFlOpq1FoZOptRTLM3eTDWVMWHzihIQCX9Dh7v
HPZnI1ahTEwOD0ESSWkVOIX37BoNnldI4khHPJlXaEnUnCwjCye1uLkWFyTjYATN
pgFKVqgBng9GJMvr4wepiSdNWIs5cz26Pb5c2sU/zCUAN1pRVCmNv3F0Xysd9dVz
HbW29QaQwMbQr9PN29N9p5YYpIZyTwvzz1YBRNzx0L7QV0nqO6+hWnLFLHjLF/ZF
M243cfwdIT160M05dUVZy2wGReqS2eem2oOW
-----END CERTIFICATE-----