Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/s-mxeistvPcCrLZCIvegojDNKv0.cer
File:                     s-mxeistvPcCrLZCIvegojDNKv0.cer (raw, json)
Hash identifier:          XwD9u+DCCUlW2gAor84sfybWFnKpZiYAffNnLNcRsDY=
Subject key identifier:   B3:E9:B1:7A:2B:2D:BC:F7:02:AC:B6:42:22:F7:A0:A2:30:CD:2A:FD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B67CAA1E89F7A49E9BA1D44E227425
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e2/6d1814-2310-4062-a453-9a8dc309536f/1/s-mxeistvPcCrLZCIvegojDNKv0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e2/6d1814-2310-4062-a453-9a8dc309536f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:29:25 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 194.50.228.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:7c:aa:1e:89:f7:a4:9e:9b:a1:d4:4e:22:74:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3e9b17a2b2dbcf702acb64222f7a0a230cd2afd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:8a:36:b8:7d:07:de:ff:e3:46:08:a8:34:71:
                    87:86:44:73:2e:db:40:df:4f:42:e4:61:0f:18:46:
                    a8:b1:ee:2d:04:f5:25:eb:02:fb:5b:0d:21:df:40:
                    14:46:6e:81:66:02:17:1f:73:5e:7b:34:50:8b:dc:
                    99:24:2b:c0:79:77:d8:7f:c2:b1:7c:82:8c:8e:ac:
                    0a:78:ef:a8:aa:db:61:ef:95:e1:91:fd:9f:f7:40:
                    65:eb:2f:a6:17:b0:1e:f0:83:3d:01:1a:ef:d0:40:
                    33:4e:72:37:17:83:e8:e1:db:de:49:63:25:69:4f:
                    6a:38:7a:81:66:21:80:81:c0:87:fc:61:3d:28:06:
                    36:01:d7:3c:2c:c4:c6:9c:35:f1:26:ec:5a:f7:44:
                    18:bb:6d:fc:1a:6c:88:b0:38:bd:06:01:47:50:59:
                    58:0d:cd:c6:dd:21:66:ed:ce:30:46:18:c2:c4:ea:
                    2b:8d:6c:11:92:ef:9e:32:92:ff:26:bf:43:87:86:
                    91:6f:d4:5a:5f:63:35:d5:ef:20:87:30:c1:8c:f5:
                    b1:e0:44:bb:9b:34:a9:d2:b9:4a:5f:e7:8d:d1:00:
                    8b:d9:e5:d6:eb:41:2b:51:8f:9e:4f:3f:d4:a2:1c:
                    ae:7c:90:c4:e4:d1:de:34:42:fc:99:0a:e1:a9:33:
                    1f:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:E9:B1:7A:2B:2D:BC:F7:02:AC:B6:42:22:F7:A0:A2:30:CD:2A:FD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/6d1814-2310-4062-a453-9a8dc309536f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/6d1814-2310-4062-a453-9a8dc309536f/1/s-mxeistvPcCrLZCIvegojDNKv0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6d:5a:96:b8:cb:0f:33:a6:7e:7f:f1:cb:16:80:df:27:92:7e:
         db:fc:aa:66:fd:ae:0b:64:23:a1:3f:1f:ef:99:6b:c3:22:de:
         e2:de:9b:03:de:69:e0:18:06:05:9d:c4:b5:49:56:9c:f1:4c:
         d0:04:df:26:05:e8:7f:19:bd:cd:ff:14:5b:9d:bf:27:c5:05:
         9e:fb:a2:b5:b8:70:7e:cd:53:56:d2:9a:e1:44:c8:7b:40:59:
         0f:a6:ec:c3:58:c1:c0:4a:ee:58:f3:b8:b8:51:ee:c1:ad:78:
         6c:47:41:f9:e9:37:c0:f5:50:3d:e5:8b:e9:10:73:db:ac:fd:
         47:14:25:a9:e5:69:c2:22:fb:1d:cc:de:61:eb:1b:83:7a:67:
         20:78:7f:69:be:6b:47:42:b7:31:65:be:52:13:93:ec:9d:64:
         ea:ee:9b:2a:a6:e4:a1:82:78:25:72:9d:47:c8:34:12:03:e2:
         99:34:e2:d1:15:18:7f:cd:2e:b5:da:48:11:5d:aa:b6:39:c6:
         c2:e0:e1:d9:fa:66:3a:7e:1a:32:3f:c5:f1:a0:4a:4f:23:d7:
         65:96:1f:fd:00:0e:64:f8:1a:ab:62:35:fa:6f:0f:27:4f:33:
         d5:32:16:04:b2:4a:b9:ff:b2:70:ba:2b:01:1b:07:6d:3c:3b:
         ce:dd:47:fe
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzDtnyqHon3pJ6bodROInQlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2U5YjE3YTJiMmRiY2Y3MDJhY2I2NDIyMmY3YTBhMjMwY2QyYWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4o2uH0H3v/jRgioNHGHhkRzLttA
309C5GEPGEaose4tBPUl6wL7Ww0h30AURm6BZgIXH3NeezRQi9yZJCvAeXfYf8Kx
fIKMjqwKeO+oqtth75Xhkf2f90Bl6y+mF7Ae8IM9ARrv0EAzTnI3F4Po4dveSWMl
aU9qOHqBZiGAgcCH/GE9KAY2Adc8LMTGnDXxJuxa90QYu238GmyIsDi9BgFHUFlY
Dc3G3SFm7c4wRhjCxOorjWwRku+eMpL/Jr9Dh4aRb9RaX2M11e8ghzDBjPWx4ES7
mzSp0rlKX+eN0QCL2eXW60ErUY+eTz/UohyufJDE5NHeNEL8mQrhqTMfPwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFLPpsXorLbz3Aqy2QiL3oKIwzSr9MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2UyLzZkMTgx
NC0yMzEwLTQwNjItYTQ1My05YThkYzMwOTUzNmYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvNmQxODE0
LTIzMTAtNDA2Mi1hNDUzLTlhOGRjMzA5NTM2Zi8xL3MtbXhlaXN0dlBjQ3JMWkNJ
dmVnb2pETkt2MC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwjLkMA0GCSqGSIb3DQEBCwUAA4IBAQBtWpa4
yw8zpn5/8csWgN8nkn7b/Kpm/a4LZCOhPx/vmWvDIt7i3psD3mngGAYFncS1SVac
8UzQBN8mBeh/Gb3N/xRbnb8nxQWe+6K1uHB+zVNW0prhRMh7QFkPpuzDWMHASu5Y
87i4Ue7BrXhsR0H56TfA9VA95YvpEHPbrP1HFCWp5WnCIvsdzN5h6xuDemcgeH9p
vmtHQrcxZb5SE5PsnWTq7psqpuShgnglcp1HyDQSA+KZNOLRFRh/zS612kgRXaq2
OcbC4OHZ+mY6fhoyP8XxoEpPI9dllh/9AA5k+BqrYjX6bw8nTzPVMhYEskq5/7Jw
uisBGwdtPDvO3Uf+
-----END CERTIFICATE-----