Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/qoCTNU5WWsSDilH0fSdpdpxmlE4.cer
File:                     qoCTNU5WWsSDilH0fSdpdpxmlE4.cer (raw, json)
Hash identifier:          DCk8mzUSspLrcC2jDt3qVNSX8pjUr8PUoXrVawFrjdk=
Subject key identifier:   AA:80:93:35:4E:56:5A:C4:83:8A:51:F4:7D:27:69:76:9C:66:94:4E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B6B3FCB15B21830F7FEEDAC13D2EE1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2a/ee9ddc-acd0-481d-8c0b-788b46e10497/1/qoCTNU5WWsSDilH0fSdpdpxmlE4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2a/ee9ddc-acd0-481d-8c0b-788b46e10497/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:29:39 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.163.170.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:b3:fc:b1:5b:21:83:0f:7f:ee:da:c1:3d:2e:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa8093354e565ac4838a51f47d2769769c66944e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:7b:1b:06:ff:3e:d2:18:0e:ec:f0:28:8f:94:
                    06:14:a7:aa:df:25:5d:e1:86:a0:63:da:00:c3:58:
                    38:8b:21:89:4d:32:ec:50:42:3e:33:78:a7:e9:a7:
                    2a:de:28:1d:d4:d7:2e:f1:86:77:4c:0f:d2:ad:9d:
                    a8:6b:e2:4c:7f:63:6e:8a:7d:92:9a:aa:f9:47:07:
                    71:28:0d:4f:33:c9:0e:f2:07:cf:48:73:7c:9f:c7:
                    10:06:07:b7:fe:0d:73:72:95:ff:ab:ee:a1:ca:16:
                    59:1b:bd:62:9c:92:f1:96:ec:67:ce:d3:68:fc:ad:
                    58:20:29:27:95:e4:67:33:81:3c:9f:61:e5:ce:f3:
                    bc:e4:79:b8:02:a0:a4:ee:6f:74:87:e4:2e:28:1d:
                    d3:99:a5:fd:7d:0f:19:b5:b1:60:ec:87:02:a5:ec:
                    87:0c:ae:31:a3:ca:6f:f3:10:85:69:16:f9:5b:98:
                    28:29:c6:23:42:a6:87:91:b3:16:1f:23:25:e3:90:
                    5f:a8:4e:81:7a:14:66:dd:27:ab:80:f7:52:aa:d5:
                    2a:31:16:09:b1:00:c2:db:36:55:73:8e:cc:61:25:
                    21:45:98:82:e0:f2:ba:49:e3:af:a5:2c:f6:a4:f0:
                    78:fa:49:95:63:28:37:a5:1f:c8:76:2c:02:0e:d5:
                    23:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:80:93:35:4E:56:5A:C4:83:8A:51:F4:7D:27:69:76:9C:66:94:4E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ee9ddc-acd0-481d-8c0b-788b46e10497/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ee9ddc-acd0-481d-8c0b-788b46e10497/1/qoCTNU5WWsSDilH0fSdpdpxmlE4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:de:6b:c0:a3:8b:17:38:93:05:7d:75:93:b4:ff:ab:2d:0b:
         d4:f1:b2:b0:c6:fb:df:32:c4:87:c7:fa:39:4d:4b:55:2d:97:
         28:5c:95:42:ef:ba:fc:ac:83:09:2b:63:e8:26:a3:9e:08:6d:
         88:60:45:83:37:da:8c:44:97:e3:94:3f:dc:a0:40:28:41:3f:
         a2:cb:0a:7c:88:19:85:3f:bf:a8:8e:fd:d0:57:6e:10:fb:e4:
         9d:dc:38:34:c3:70:15:fb:31:c7:fd:4c:e6:c5:b3:e9:74:f2:
         b3:21:49:40:90:71:76:1d:29:f1:ee:cc:db:f5:a6:a6:00:11:
         c3:3e:5b:a7:97:bc:ad:25:fe:10:0c:ca:10:80:f5:50:f5:01:
         8c:d5:ea:d1:f3:bd:00:63:a4:76:7a:a9:d2:68:32:06:1b:59:
         bb:2a:1a:dc:cd:83:e2:c3:88:bc:27:fe:8d:77:c5:15:ed:d6:
         66:56:59:c8:00:d4:28:6c:ca:e4:c4:9b:5d:47:dd:73:8a:4e:
         a9:35:27:25:9a:83:b0:00:39:67:c1:8c:43:6b:89:cc:e5:0f:
         80:f5:77:1a:4e:84:88:f0:5d:f7:a8:cc:82:42:5a:a6:c0:54:
         4e:5e:c9:7b:44:13:38:d0:43:56:48:39:cc:a8:ec:06:48:72:
         1d:00:e7:ff
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzDtrP8sVshgw9/7trBPS7hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTgwOTMzNTRlNTY1YWM0ODM4YTUxZjQ3ZDI3Njk3NjljNjY5NDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnsbBv8+0hgO7PAoj5QGFKeq3yVd
4YagY9oAw1g4iyGJTTLsUEI+M3in6acq3igd1Ncu8YZ3TA/SrZ2oa+JMf2Nuin2S
mqr5RwdxKA1PM8kO8gfPSHN8n8cQBge3/g1zcpX/q+6hyhZZG71inJLxluxnztNo
/K1YICknleRnM4E8n2HlzvO85Hm4AqCk7m90h+QuKB3TmaX9fQ8ZtbFg7IcCpeyH
DK4xo8pv8xCFaRb5W5goKcYjQqaHkbMWHyMl45BfqE6BehRm3SergPdSqtUqMRYJ
sQDC2zZVc47MYSUhRZiC4PK6SeOvpSz2pPB4+kmVYyg3pR/IdiwCDtUjYQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFKqAkzVOVlrEg4pR9H0naXacZpROMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJhL2VlOWRk
Yy1hY2QwLTQ4MWQtOGMwYi03ODhiNDZlMTA0OTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmEvZWU5ZGRj
LWFjZDAtNDgxZC04YzBiLTc4OGI0NmUxMDQ5Ny8xL3FvQ1ROVTVXV3NTRGlsSDBm
U2RwZHB4bWxFNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwaOqMA0GCSqGSIb3DQEBCwUAA4IBAQCd3mvA
o4sXOJMFfXWTtP+rLQvU8bKwxvvfMsSHx/o5TUtVLZcoXJVC77r8rIMJK2PoJqOe
CG2IYEWDN9qMRJfjlD/coEAoQT+iywp8iBmFP7+ojv3QV24Q++Sd3Dg0w3AV+zHH
/UzmxbPpdPKzIUlAkHF2HSnx7szb9aamABHDPlunl7ytJf4QDMoQgPVQ9QGM1erR
870AY6R2eqnSaDIGG1m7KhrczYPiw4i8J/6Nd8UV7dZmVlnIANQobMrkxJtdR91z
ik6pNSclmoOwADlnwYxDa4nM5Q+A9XcaToSI8F33qMyCQlqmwFROXsl7RBM40ENW
SDnMqOwGSHIdAOf/
-----END CERTIFICATE-----