Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/rnIxk3EEsmkAemyoPH_ZKes59Hc.cer
File:                     rnIxk3EEsmkAemyoPH_ZKes59Hc.cer (raw, json)
Hash identifier:          ZPlm9/tuV3MUa1xSx2rr0RQtHt6vt1eBxoWgHmJ1X1s=
Subject key identifier:   AE:72:31:93:71:04:B2:69:00:7A:6C:A8:3C:7F:D9:29:EB:39:F4:77
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56EC8D88D39862D946BA9F90B21CCA4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/39/aeb1cc-2c4b-46ed-bc23-f35f0c6c46a9/1/rnIxk3EEsmkAemyoPH_ZKes59Hc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/39/aeb1cc-2c4b-46ed-bc23-f35f0c6c46a9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:30:21 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.202.19.0/24
                          IP: 2001:67c:1068::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:c8:d8:8d:39:86:2d:94:6b:a9:f9:0b:21:cc:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae7231937104b269007a6ca83c7fd929eb39f477
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:84:2e:42:f1:40:cb:ad:ad:bf:83:86:47:6f:
                    16:29:68:0d:d4:2d:43:a5:29:c9:6e:d3:9d:6e:61:
                    20:47:23:f8:df:65:c6:55:e7:b3:57:8b:db:2f:e6:
                    0e:12:bf:cf:04:46:ff:84:14:25:b5:e0:af:1b:ea:
                    9b:09:d4:1e:fb:95:38:5c:e8:f1:ac:bd:c6:01:71:
                    53:99:1a:d7:e2:b8:16:21:94:60:c1:bf:53:27:70:
                    31:6a:7f:d6:d6:5c:31:52:d8:15:18:f2:a1:4d:78:
                    1c:cd:a3:2e:db:61:4f:73:10:f7:c6:1e:17:e3:bd:
                    6a:7c:40:9d:95:fd:a5:31:5f:6e:fc:1b:19:14:f7:
                    15:70:86:38:12:d7:bd:37:ed:d1:36:55:b7:a3:4f:
                    b4:29:76:9e:0e:62:d5:0e:bb:a4:1c:90:75:7c:ef:
                    5c:fc:51:08:6f:e6:ff:f6:fd:09:73:c3:91:41:20:
                    6e:ea:4b:d8:7c:b3:e8:04:aa:b5:48:52:2a:45:08:
                    11:d0:83:75:09:dc:81:3d:c7:12:e5:5e:8f:d7:25:
                    d4:23:a5:49:47:4b:ec:bc:33:2d:0d:df:20:dc:dd:
                    a1:b5:e9:2f:0f:ed:5b:c8:6b:6a:82:8a:c4:a1:01:
                    80:54:4c:c5:26:bd:31:5b:5b:de:d2:36:99:8a:46:
                    0f:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:72:31:93:71:04:B2:69:00:7A:6C:A8:3C:7F:D9:29:EB:39:F4:77
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/aeb1cc-2c4b-46ed-bc23-f35f0c6c46a9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/aeb1cc-2c4b-46ed-bc23-f35f0c6c46a9/1/rnIxk3EEsmkAemyoPH_ZKes59Hc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.202.19.0/24
                IPv6:
                  2001:67c:1068::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:2a:0f:b1:af:9f:80:62:73:52:75:4c:15:0a:02:5d:e3:3b:
         71:c0:9b:2f:72:33:0f:75:87:f0:77:93:fc:94:4b:0e:fb:5b:
         6c:f5:06:14:c8:34:e1:2f:ac:1b:43:1d:ff:00:3c:3b:11:ff:
         34:ad:7f:b3:85:27:28:2a:1b:28:2a:b3:d9:dc:ec:23:9d:5d:
         c2:17:14:ec:25:5a:31:17:7b:8e:0e:e8:51:35:18:bc:74:f5:
         c7:37:79:ed:99:1b:cb:bc:be:5a:46:68:4b:eb:2c:e6:c1:15:
         ee:a5:6e:22:a0:0c:23:46:fd:af:75:c6:0a:64:03:6f:67:57:
         e3:08:46:c4:8c:dc:b4:b0:3e:2e:0f:68:21:b8:fe:3b:87:55:
         3a:fb:04:4e:b1:a4:44:0c:a8:49:34:aa:54:d8:0d:c8:f7:20:
         6d:c8:07:e4:95:9d:21:a9:41:30:18:42:12:73:08:cc:5b:3d:
         cb:c5:9f:84:54:df:b7:3e:63:00:b1:63:19:6e:dd:37:2e:b7:
         5b:82:7a:49:c3:3e:55:85:f5:a3:3c:89:1c:22:a9:49:1d:af:
         38:58:dd:d8:e1:c6:14:05:88:2e:d8:36:05:f3:e3:c8:b6:92:
         84:ab:61:f4:02:81:41:75:5c:3e:e9:55:e5:8a:9b:8f:29:3e:
         f7:48:a6:25
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgISAYzFbsjYjTmGLZRrqfkLIcykMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTcyMzE5MzcxMDRiMjY5MDA3YTZjYTgzYzdmZDkyOWViMzlmNDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5IQuQvFAy62tv4OGR28WKWgN1C1D
pSnJbtOdbmEgRyP432XGVeezV4vbL+YOEr/PBEb/hBQlteCvG+qbCdQe+5U4XOjx
rL3GAXFTmRrX4rgWIZRgwb9TJ3Axan/W1lwxUtgVGPKhTXgczaMu22FPcxD3xh4X
471qfECdlf2lMV9u/BsZFPcVcIY4Ete9N+3RNlW3o0+0KXaeDmLVDrukHJB1fO9c
/FEIb+b/9v0Jc8ORQSBu6kvYfLPoBKq1SFIqRQgR0IN1CdyBPccS5V6P1yXUI6VJ
R0vsvDMtDd8g3N2htekvD+1byGtqgorEoQGAVEzFJr0xW1ve0jaZikYPDQIDAQAB
o4IClTCCApEwHQYDVR0OBBYEFK5yMZNxBLJpAHpsqDx/2SnrOfR3MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM5L2FlYjFj
Yy0yYzRiLTQ2ZWQtYmMyMy1mMzVmMGM2YzQ2YTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzkvYWViMWNj
LTJjNGItNDZlZC1iYzIzLWYzNWYwYzZjNDZhOS8xL3JuSXhrM0VFc21rQWVteW9Q
SF9aS2VzNTlIYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUF
BwEHAQH/BCEwHzAMBAIAATAGAwQAwcoTMA8EAgACMAkDBwAgAQZ8EGgwDQYJKoZI
hvcNAQELBQADggEBAAYqD7Gvn4Bic1J1TBUKAl3jO3HAmy9yMw91h/B3k/yUSw77
W2z1BhTINOEvrBtDHf8APDsR/zStf7OFJygqGygqs9nc7COdXcIXFOwlWjEXe44O
6FE1GLx09cc3ee2ZG8u8vlpGaEvrLObBFe6lbiKgDCNG/a91xgpkA29nV+MIRsSM
3LSwPi4PaCG4/juHVTr7BE6xpEQMqEk0qlTYDcj3IG3IB+SVnSGpQTAYQhJzCMxb
PcvFn4RU37c+YwCxYxlu3Tcut1uCeknDPlWF9aM8iRwiqUkdrzhY3djhxhQFiC7Y
NgXz48i2koSrYfQCgUF1XD7pVeWKm48pPvdIpiU=
-----END CERTIFICATE-----