Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/rXLWZFEKa_uW8qalwSCYfcl3S_g.cer
File:                     rXLWZFEKa_uW8qalwSCYfcl3S_g.cer (raw, json)
Hash identifier:          my8iLYw7+Iu4N1Vnmsz3UQyghYPbZldZSvQuSSlJt/g=
Subject key identifier:   AD:72:D6:64:51:0A:6B:FB:96:F2:A6:A5:C1:20:98:7D:C9:77:4B:F8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC64AF31D47ABB9306E3C40158EBEFEB8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d8/94f2b9-cff6-42d5-8fb9-770d9a389295/1/rXLWZFEKa_uW8qalwSCYfcl3S_g.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d8/94f2b9-cff6-42d5-8fb9-770d9a389295/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:30:49 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.163.90.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:f3:1d:47:ab:b9:30:6e:3c:40:15:8e:be:fe:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad72d664510a6bfb96f2a6a5c120987dc9774bf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:da:14:41:23:72:6b:a2:98:4b:9d:6b:d7:a2:
                    f4:57:96:c8:26:0e:ba:12:76:18:eb:29:2f:ed:c8:
                    d3:a5:87:47:0c:5e:4a:85:d6:d9:50:50:b7:63:a7:
                    f2:d1:24:bc:89:b9:23:56:55:d8:fc:24:c8:99:78:
                    24:29:b1:c1:71:c5:18:86:b1:d7:88:c5:b3:03:17:
                    18:01:2b:f1:f8:a7:f6:2c:f7:9e:b2:c2:ad:50:bd:
                    69:73:f2:2d:fc:63:08:f0:0f:b9:55:57:b6:8f:7f:
                    67:eb:35:8d:00:24:f9:12:26:0a:68:20:3d:20:5b:
                    30:56:5d:c3:07:42:ba:97:0d:24:39:6c:7a:3d:d1:
                    f5:7e:34:48:65:4d:f5:0b:43:2d:65:cf:e5:12:c0:
                    60:ea:50:59:7a:be:9d:59:ba:6a:2b:ec:cb:6e:f3:
                    36:de:f3:c9:a3:ac:76:29:c8:94:54:b0:ca:d7:8a:
                    d5:03:37:ce:d6:21:c9:40:84:01:13:c1:5f:41:85:
                    c1:fc:f1:fb:ae:3f:d3:1a:98:4e:36:76:d3:f8:dd:
                    20:79:0c:99:cf:a3:cb:3d:cb:8c:d3:43:2e:58:89:
                    8d:03:d9:10:24:c1:bc:9e:8b:3b:ea:52:50:46:a2:
                    4d:e7:7c:db:4c:fb:e6:15:4f:c5:6e:6a:30:29:a7:
                    28:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:72:D6:64:51:0A:6B:FB:96:F2:A6:A5:C1:20:98:7D:C9:77:4B:F8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/94f2b9-cff6-42d5-8fb9-770d9a389295/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/94f2b9-cff6-42d5-8fb9-770d9a389295/1/rXLWZFEKa_uW8qalwSCYfcl3S_g.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:39:05:ac:d0:07:c7:23:3b:dc:8d:f9:8b:3c:ae:05:3c:3c:
         e6:3d:d5:40:dc:5a:b1:3d:91:62:cf:7c:26:7a:dc:08:92:df:
         57:84:32:fe:86:e1:2f:fa:d2:13:58:6b:32:9e:f1:a0:0f:74:
         bd:c5:8a:97:12:ee:51:22:ad:83:6e:78:b4:88:fc:d3:72:f3:
         50:a7:26:89:ec:6c:f4:ab:3e:98:bb:d9:f7:bb:b9:88:4e:37:
         ad:1f:ac:20:33:d7:24:5f:4f:f5:b5:1f:6c:9c:41:49:72:c0:
         f8:dc:93:c3:cd:c4:83:6d:0c:21:a8:7e:78:fe:a9:d0:97:b3:
         41:5d:31:aa:e7:c1:f8:2a:ee:12:88:7e:02:41:5e:fe:59:b2:
         14:d6:f3:a6:bf:db:c8:a9:11:f4:02:ef:0e:5e:8b:d4:5b:35:
         fa:f7:57:e9:d6:06:20:1e:e1:7d:e2:32:1b:27:4c:a0:29:c8:
         46:03:b9:00:09:a4:91:d9:73:05:3c:9e:b0:4a:d6:ed:30:2c:
         ab:7f:24:8d:82:e0:23:a1:5d:74:38:e6:e3:46:fd:ca:a7:89:
         4f:6a:e0:9e:99:a4:e2:0e:3f:27:b0:d8:f5:66:9b:e2:b2:1f:
         ee:a7:51:0b:27:15:7d:ae:25:98:24:e5:a4:08:2b:fa:1f:06:
         38:e0:29:13
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzGSvMdR6u5MG48QBWOvv64MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDcyZDY2NDUxMGE2YmZiOTZmMmE2YTVjMTIwOTg3ZGM5Nzc0YmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA99oUQSNya6KYS51r16L0V5bIJg66
EnYY6ykv7cjTpYdHDF5KhdbZUFC3Y6fy0SS8ibkjVlXY/CTImXgkKbHBccUYhrHX
iMWzAxcYASvx+Kf2LPeessKtUL1pc/It/GMI8A+5VVe2j39n6zWNACT5EiYKaCA9
IFswVl3DB0K6lw0kOWx6PdH1fjRIZU31C0MtZc/lEsBg6lBZer6dWbpqK+zLbvM2
3vPJo6x2KciUVLDK14rVAzfO1iHJQIQBE8FfQYXB/PH7rj/TGphONnbT+N0geQyZ
z6PLPcuM00MuWImNA9kQJMG8nos76lJQRqJN53zbTPvmFU/FbmowKacoawIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFK1y1mRRCmv7lvKmpcEgmH3Jd0v4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q4Lzk0ZjJi
OS1jZmY2LTQyZDUtOGZiOS03NzBkOWEzODkyOTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDgvOTRmMmI5
LWNmZjYtNDJkNS04ZmI5LTc3MGQ5YTM4OTI5NS8xL3JYTFdaRkVLYV91VzhxYWx3
U0NZZmNsM1NfZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwaNaMA0GCSqGSIb3DQEBCwUAA4IBAQANOQWs
0AfHIzvcjfmLPK4FPDzmPdVA3FqxPZFiz3wmetwIkt9XhDL+huEv+tITWGsynvGg
D3S9xYqXEu5RIq2Dbni0iPzTcvNQpyaJ7Gz0qz6Yu9n3u7mITjetH6wgM9ckX0/1
tR9snEFJcsD43JPDzcSDbQwhqH54/qnQl7NBXTGq58H4Ku4SiH4CQV7+WbIU1vOm
v9vIqRH0Au8OXovUWzX691fp1gYgHuF94jIbJ0ygKchGA7kACaSR2XMFPJ6wStbt
MCyrfySNguAjoV10OObjRv3Kp4lPauCemaTiDj8nsNj1Zpvish/up1ELJxV9riWY
JOWkCCv6HwY44CkT
-----END CERTIFICATE-----