Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/sFf1RPU_NdjS5zyylltPTX0CKVk.cer
File:                     sFf1RPU_NdjS5zyylltPTX0CKVk.cer (raw, json)
Hash identifier:          3fvZRYfn7ohyIo44jIz1Wd64cxROUUsth0qxkmH5cHo=
Subject key identifier:   B0:57:F5:44:F5:3F:35:D8:D2:E7:3C:B2:96:5B:4F:4D:7D:02:29:59
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC6B82D188E12A26D050353537FD29458
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/db/efe0e0-34f7-429e-9f38-4ea7a1ae98de/1/sFf1RPU_NdjS5zyylltPTX0CKVk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/db/efe0e0-34f7-429e-9f38-4ea7a1ae98de/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 20:30:08 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 149.222.0.0/16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:2d:18:8e:12:a2:6d:05:03:53:53:7f:d2:94:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b057f544f53f35d8d2e73cb2965b4f4d7d022959
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:2b:67:b0:05:33:bf:9a:c9:ae:3d:61:35:f3:
                    d7:b8:76:4e:21:2b:8c:d5:62:40:be:31:4e:92:e6:
                    e9:0d:a7:4b:2c:ac:1f:c4:25:4d:38:ef:87:36:24:
                    5c:53:c8:c6:4a:a9:cc:0f:34:cd:51:ae:7d:4f:25:
                    21:c6:9b:00:a4:3b:0d:72:18:ee:7a:2b:99:e6:45:
                    f8:95:db:8d:91:d2:4a:ef:ef:d9:de:b4:3b:a7:2c:
                    c8:45:8e:67:6e:51:68:cf:d2:3e:75:8e:e2:f2:fc:
                    ce:d8:7d:a0:c6:03:c9:29:e1:46:a7:b9:09:c5:81:
                    a3:96:5c:02:f5:e7:a2:2e:87:98:a2:76:5f:28:d8:
                    03:fd:cf:d5:ea:ba:8a:a0:07:2b:88:99:7e:cd:c0:
                    ea:4c:02:d5:61:61:88:af:63:c1:65:a7:2d:a3:4f:
                    35:61:39:d1:d2:1c:ca:04:20:ba:f9:25:a2:58:91:
                    73:c7:4a:9d:ed:fa:9b:f6:73:68:2c:98:a6:7f:77:
                    50:71:7e:18:78:f6:10:bc:a9:41:89:52:67:52:82:
                    2e:78:92:28:e0:58:2b:5a:72:02:5e:a2:ff:8f:76:
                    da:7b:88:78:a8:09:d3:72:3b:58:3f:5e:ce:51:4d:
                    aa:b9:0d:0a:dc:15:6d:05:45:e6:be:7b:cf:ea:b3:
                    fd:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:57:F5:44:F5:3F:35:D8:D2:E7:3C:B2:96:5B:4F:4D:7D:02:29:59
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/efe0e0-34f7-429e-9f38-4ea7a1ae98de/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/efe0e0-34f7-429e-9f38-4ea7a1ae98de/1/sFf1RPU_NdjS5zyylltPTX0CKVk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.222.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         76:41:c5:ed:74:d3:66:86:18:73:b8:ff:27:f5:3e:09:13:92:
         7d:76:80:f3:89:99:2f:1b:43:34:4c:27:af:e7:ab:a6:16:0d:
         c0:a3:c3:10:f7:f2:17:3e:08:c7:b2:68:c6:48:cd:0e:b9:76:
         60:84:2a:86:16:4c:19:e1:3a:30:87:22:8e:e6:2b:55:fe:ee:
         f8:97:f0:0f:aa:91:57:84:7c:02:cb:39:6a:6f:30:86:0f:9f:
         a1:96:49:a1:24:1e:9c:bb:3f:7e:f4:cc:f7:80:bd:50:76:75:
         32:1e:be:4c:8c:1f:3d:9a:f2:b9:8c:e3:da:10:f1:99:de:57:
         d1:84:ff:ff:5c:89:3f:0b:d8:31:ea:2a:71:57:19:f8:05:75:
         ea:f7:14:ba:c9:7c:0f:93:44:aa:e2:4a:ef:86:7c:dc:93:03:
         05:49:88:4b:7e:c3:f2:54:79:cc:a7:07:50:4b:36:b8:c5:2c:
         b9:5e:0f:0e:41:97:70:b0:f8:fc:90:a8:a7:cc:4b:ab:e8:72:
         2a:db:75:45:f6:5a:f7:65:ee:d6:40:17:10:5b:cb:55:a8:91:
         71:5c:28:72:8f:3d:9b:36:7b:1b:f2:5f:4d:75:6b:af:8d:eb:
         de:3c:11:54:b4:16:29:43:6d:79:87:ad:e4:c1:4c:3e:6a:ff:
         98:fa:81:1d
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAYzGuC0YjhKibQUDU1N/0pRYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjAzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDU3ZjU0NGY1M2YzNWQ4ZDJlNzNjYjI5NjViNGY0ZDdkMDIyOTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjitnsAUzv5rJrj1hNfPXuHZOISuM
1WJAvjFOkubpDadLLKwfxCVNOO+HNiRcU8jGSqnMDzTNUa59TyUhxpsApDsNchju
eiuZ5kX4lduNkdJK7+/Z3rQ7pyzIRY5nblFoz9I+dY7i8vzO2H2gxgPJKeFGp7kJ
xYGjllwC9eeiLoeYonZfKNgD/c/V6rqKoAcriJl+zcDqTALVYWGIr2PBZacto081
YTnR0hzKBCC6+SWiWJFzx0qd7fqb9nNoLJimf3dQcX4YePYQvKlBiVJnUoIueJIo
4FgrWnICXqL/j3bae4h4qAnTcjtYP17OUU2quQ0K3BVtBUXmvnvP6rP9WQIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFLBX9UT1PzXY0uc8spZbT019AilZMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2RiL2VmZTBl
MC0zNGY3LTQyOWUtOWYzOC00ZWE3YTFhZTk4ZGUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGIvZWZlMGUw
LTM0ZjctNDI5ZS05ZjM4LTRlYTdhMWFlOThkZS8xL3NGZjFSUFVfTmRqUzV6eXls
bHRQVFgwQ0tWay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUF
BwEHAQH/BA8wDTALBAIAATAFAwMAld4wDQYJKoZIhvcNAQELBQADggEBAHZBxe10
02aGGHO4/yf1PgkTkn12gPOJmS8bQzRMJ6/nq6YWDcCjwxD38hc+CMeyaMZIzQ65
dmCEKoYWTBnhOjCHIo7mK1X+7viX8A+qkVeEfALLOWpvMIYPn6GWSaEkHpy7P370
zPeAvVB2dTIevkyMHz2a8rmM49oQ8ZneV9GE//9ciT8L2DHqKnFXGfgFder3FLrJ
fA+TRKriSu+GfNyTAwVJiEt+w/JUecynB1BLNrjFLLleDw5Bl3Cw+PyQqKfMS6vo
cirbdUX2Wvdl7tZAFxBby1WokXFcKHKPPZs2exvyX011a6+N6948EVS0FilDbXmH
reTBTD5q/5j6gR0=
-----END CERTIFICATE-----