Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/sA4l9V67rLBp8QOssIZnA4Nc_M0.cer
File:                     sA4l9V67rLBp8QOssIZnA4Nc_M0.cer (raw, json)
Hash identifier:          OOquUhGoCxcbqWJHSAMmDA5tI/AcTJPXGpGxtP4LPS4=
Subject key identifier:   B0:0E:25:F5:5E:BB:AC:B0:69:F1:03:AC:B0:86:67:03:83:5C:FC:CD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC349589F9933C88D862EBF6110A59CDF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e1/31a0ec-d9b8-49e4-b436-8b4215e58028/1/sA4l9V67rLBp8QOssIZnA4Nc_M0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e1/31a0ec-d9b8-49e4-b436-8b4215e58028/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:30:13 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.197.181.0/24
                          IP: 2a10:8940::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:58:9f:99:33:c8:8d:86:2e:bf:61:10:a5:9c:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b00e25f55ebbacb069f103acb0866703835cfccd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ee:92:9d:f6:2e:7f:05:80:6a:d3:68:f7:da:
                    57:bb:ba:51:0d:79:2e:68:26:db:d2:fb:63:f2:df:
                    49:32:81:4d:56:06:6b:e4:15:58:a3:7e:13:31:28:
                    e4:c8:c0:d0:99:a7:3f:53:b4:0b:59:d4:17:58:54:
                    d7:90:a2:6c:a5:25:d2:55:7d:5c:f4:54:0b:c6:d6:
                    58:6d:94:79:58:5f:b9:08:90:bd:3b:26:6a:b6:39:
                    d9:ab:4b:27:64:ba:94:83:15:80:4d:8f:35:0b:ac:
                    93:f1:ed:13:ce:ce:fe:b7:ff:da:1a:3a:84:fe:43:
                    aa:26:48:2a:60:a4:08:8b:d8:3d:4d:cb:0f:49:dd:
                    e0:c4:14:fe:03:08:9b:b6:82:94:25:8e:88:f0:a3:
                    2b:3c:33:de:04:97:76:d0:bd:c8:15:f0:bf:9b:03:
                    fa:36:9f:45:6b:44:6c:8d:60:5e:a3:b1:1e:e2:0b:
                    5f:92:b5:3b:23:f0:48:c8:82:82:d7:15:20:59:52:
                    72:ee:37:17:89:d9:84:63:82:c1:b4:03:79:f4:c5:
                    12:aa:b5:87:16:4b:d1:43:fb:da:36:9a:0d:b7:53:
                    d8:b5:e8:cc:ce:81:a2:ac:fc:26:33:c8:c1:53:83:
                    cb:e0:b2:ef:a5:2e:74:58:35:78:3e:f0:0b:b4:6d:
                    36:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:0E:25:F5:5E:BB:AC:B0:69:F1:03:AC:B0:86:67:03:83:5C:FC:CD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/31a0ec-d9b8-49e4-b436-8b4215e58028/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/31a0ec-d9b8-49e4-b436-8b4215e58028/1/sA4l9V67rLBp8QOssIZnA4Nc_M0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.197.181.0/24
                IPv6:
                  2a10:8940::/29

    Signature Algorithm: sha256WithRSAEncryption
         a7:db:f6:a0:e7:9d:cd:2d:96:61:8c:35:37:3a:51:8d:a1:68:
         81:f1:b1:8d:3d:7d:59:dc:23:03:11:4e:c2:65:20:6c:f0:de:
         62:5b:58:c0:e2:d7:09:98:75:db:c2:bd:ed:7a:72:48:dc:51:
         a5:1e:0c:aa:6f:20:1e:fc:8e:a2:bd:dd:6b:0c:95:7b:95:d2:
         b6:67:fd:b2:3e:bd:b0:b8:75:e8:3f:c3:ff:13:59:b2:91:be:
         16:00:6d:bd:b9:2d:2a:e9:f8:0d:86:d0:a1:03:d9:68:e2:04:
         a7:3f:5f:3a:e7:73:df:2b:cf:a8:9b:7d:b2:a1:7f:99:5f:21:
         40:73:6a:78:77:28:c9:09:c0:72:0d:e4:94:e3:63:ea:37:b2:
         d8:c8:20:0f:99:e7:56:25:7a:65:46:b4:ee:a1:70:06:a8:a3:
         fb:cc:ed:15:3e:d4:26:40:cf:0d:e2:53:c1:02:e7:43:ce:37:
         6d:46:9f:7e:68:7e:0e:b3:fb:ec:79:34:d3:85:40:b1:fd:92:
         7e:b4:bf:21:79:2f:ba:36:eb:c4:d8:b6:e2:f9:85:a6:2f:6a:
         43:83:50:4a:66:4f:d8:5f:5f:68:39:38:d1:c8:56:c5:46:fc:
         80:41:43:8c:3e:31:36:30:2d:1b:58:d5:5c:e8:36:a3:59:cd:
         06:b4:c2:be
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzDSVifmTPIjYYuv2EQpZzfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDBlMjVmNTVlYmJhY2IwNjlmMTAzYWNiMDg2NjcwMzgzNWNmY2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAye6SnfYufwWAatNo99pXu7pRDXku
aCbb0vtj8t9JMoFNVgZr5BVYo34TMSjkyMDQmac/U7QLWdQXWFTXkKJspSXSVX1c
9FQLxtZYbZR5WF+5CJC9OyZqtjnZq0snZLqUgxWATY81C6yT8e0Tzs7+t//aGjqE
/kOqJkgqYKQIi9g9TcsPSd3gxBT+AwibtoKUJY6I8KMrPDPeBJd20L3IFfC/mwP6
Np9Fa0RsjWBeo7Ee4gtfkrU7I/BIyIKC1xUgWVJy7jcXidmEY4LBtAN59MUSqrWH
FkvRQ/vaNpoNt1PYtejMzoGirPwmM8jBU4PL4LLvpS50WDV4PvALtG02wQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFLAOJfVeu6ywafEDrLCGZwODXPzNMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2UxLzMxYTBl
Yy1kOWI4LTQ5ZTQtYjQzNi04YjQyMTVlNTgwMjgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTEvMzFhMGVj
LWQ5YjgtNDllNC1iNDM2LThiNDIxNWU1ODAyOC8xL3NBNGw5VjY3ckxCcDhRT3Nz
SVpuQTROY19NMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAucW1MA0EAgACMAcDBQMqEIlAMA0GCSqGSIb3
DQEBCwUAA4IBAQCn2/ag553NLZZhjDU3OlGNoWiB8bGNPX1Z3CMDEU7CZSBs8N5i
W1jA4tcJmHXbwr3tenJI3FGlHgyqbyAe/I6ivd1rDJV7ldK2Z/2yPr2wuHXoP8P/
E1mykb4WAG29uS0q6fgNhtChA9lo4gSnP18653PfK8+om32yoX+ZXyFAc2p4dyjJ
CcByDeSU42PqN7LYyCAPmedWJXplRrTuoXAGqKP7zO0VPtQmQM8N4lPBAudDzjdt
Rp9+aH4Os/vseTTThUCx/ZJ+tL8heS+6NuvE2Lbi+YWmL2pDg1BKZk/YX19oOTjR
yFbFRvyAQUOMPjE2MC0bWNVc6DajWc0GtMK+
-----END CERTIFICATE-----