Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/sIrODrPi30n9u3dyZxb7Zed3eWQ.cer
File:                     sIrODrPi30n9u3dyZxb7Zed3eWQ.cer (raw, json)
Hash identifier:          Dz0AE5Jrh9uvOZoFnFX+X1kUlFd75yO6sPgW5reUEwc=
Subject key identifier:   B0:8A:CE:0E:B3:E2:DF:49:FD:BB:77:72:67:16:FB:65:E7:77:79:64
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DB2BC9DC2ADED7D1DFD38F335289CF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/sIrODrPi30n9u3dyZxb7Zed3eWQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:52 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 45.135.228.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:2b:c9:dc:2a:de:d7:d1:df:d3:8f:33:52:89:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b08ace0eb3e2df49fdbb77726716fb65e7777964
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:50:3e:b9:82:69:c9:d6:48:8c:65:09:31:73:
                    9d:91:62:f1:8c:d3:3d:c2:55:c8:d4:c7:96:0d:a2:
                    45:f5:f7:41:44:0c:aa:40:aa:73:fc:b5:a2:e7:f7:
                    2d:10:60:ca:3b:f7:96:b0:0d:17:53:a7:2c:73:41:
                    4d:d9:44:0a:e5:57:ee:91:49:d3:79:cc:ce:31:b1:
                    94:08:ab:c1:54:5d:29:c1:62:3f:8f:0e:64:7a:64:
                    8c:e9:df:e2:80:f4:9c:ed:b6:01:f2:a0:2a:20:cb:
                    c5:ee:8c:2f:94:d3:c8:65:a0:c0:71:f5:d3:e4:35:
                    46:af:d2:20:cf:d7:84:b2:73:1b:6c:90:12:c0:1d:
                    64:0c:d0:88:59:40:69:6b:86:34:9b:db:a6:2f:57:
                    c9:26:61:6c:c0:de:a9:dc:e1:91:d8:16:aa:2e:0a:
                    c9:e1:a2:05:d4:fb:16:08:0b:15:29:81:5b:ef:37:
                    fb:59:d9:df:8c:7b:7f:2d:0b:b8:3e:37:a4:0d:82:
                    26:60:7b:64:76:10:99:ef:18:b2:bf:b4:2d:5f:d6:
                    17:3e:bb:e6:e3:bf:79:47:28:20:fa:d0:42:d1:11:
                    9e:6a:c4:ce:7c:35:f5:98:7b:9a:b4:d5:0b:78:9e:
                    fb:fc:8e:0d:91:8d:c9:92:a0:63:9c:22:db:d1:ea:
                    13:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:8A:CE:0E:B3:E2:DF:49:FD:BB:77:72:67:16:FB:65:E7:77:79:64
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4537dd-78b6-467e-914d-865b4cfbd4cd/1/sIrODrPi30n9u3dyZxb7Zed3eWQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:be:57:1d:1e:37:1e:7f:97:a1:2c:fb:29:0c:14:42:87:5c:
         b5:9f:d3:98:fe:cb:6d:ee:6b:ec:25:f3:b2:de:81:2c:be:1a:
         52:79:bb:92:45:86:c0:b6:1d:be:c1:3f:0b:6d:63:7a:1a:a3:
         1a:9b:a8:62:e9:c4:25:a4:0b:9e:f2:5c:9f:b5:0b:ab:6a:f6:
         55:4d:45:fe:97:97:34:2f:35:20:ca:e2:e4:c5:e1:a7:4f:db:
         ab:2d:0d:a1:ba:6d:40:40:98:10:bb:9d:1d:bd:6f:80:c3:21:
         30:43:c3:a7:72:d5:5d:74:f9:4b:d0:f9:b5:f2:09:6a:e7:4c:
         84:12:78:4e:51:7a:75:c1:aa:a4:bb:95:80:1d:0a:8c:94:3f:
         6c:ae:9f:cf:2c:24:6a:5f:d0:b8:24:7a:7d:e8:16:35:dd:5a:
         af:1e:48:17:30:fd:28:be:c3:7e:29:c7:34:a2:e2:33:1d:39:
         f3:cb:47:63:06:c4:0a:4b:9b:af:2b:2c:a4:f1:b4:04:52:e8:
         c1:d7:7e:f9:9e:73:e3:22:b8:6b:a5:6e:59:4d:d5:cc:3a:3a:
         11:41:a9:5e:4d:46:78:b2:73:cf:76:cb:3a:50:3f:7e:45:f0:
         85:3a:d1:aa:70:1a:75:1f:a7:5f:8e:16:9e:54:2a:fb:ff:ad:
         97:10:3d:24
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzC2yvJ3Cre19Hf048zUonPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDhhY2UwZWIzZTJkZjQ5ZmRiYjc3NzI2NzE2ZmI2NWU3Nzc3OTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1A+uYJpydZIjGUJMXOdkWLxjNM9
wlXI1MeWDaJF9fdBRAyqQKpz/LWi5/ctEGDKO/eWsA0XU6csc0FN2UQK5VfukUnT
eczOMbGUCKvBVF0pwWI/jw5kemSM6d/igPSc7bYB8qAqIMvF7owvlNPIZaDAcfXT
5DVGr9Igz9eEsnMbbJASwB1kDNCIWUBpa4Y0m9umL1fJJmFswN6p3OGR2BaqLgrJ
4aIF1PsWCAsVKYFb7zf7WdnfjHt/LQu4PjekDYImYHtkdhCZ7xiyv7QtX9YXPrvm
4795Rygg+tBC0RGeasTOfDX1mHuatNULeJ77/I4NkY3JkqBjnCLb0eoTeQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFLCKzg6z4t9J/bt3cmcW+2Xnd3lkMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VkLzQ1Mzdk
ZC03OGI2LTQ2N2UtOTE0ZC04NjViNGNmYmQ0Y2QvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWQvNDUzN2Rk
LTc4YjYtNDY3ZS05MTRkLTg2NWI0Y2ZiZDRjZC8xL3NJck9EclBpMzBuOXUzZHla
eGI3WmVkM2VXUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCLYfkMA0GCSqGSIb3DQEBCwUAA4IBAQA5vlcd
Hjcef5ehLPspDBRCh1y1n9OY/stt7mvsJfOy3oEsvhpSebuSRYbAth2+wT8LbWN6
GqMam6hi6cQlpAue8lyftQuravZVTUX+l5c0LzUgyuLkxeGnT9urLQ2hum1AQJgQ
u50dvW+AwyEwQ8OnctVddPlL0Pm18glq50yEEnhOUXp1waqku5WAHQqMlD9srp/P
LCRqX9C4JHp96BY13VqvHkgXMP0ovsN+Kcc0ouIzHTnzy0djBsQKS5uvKyyk8bQE
UujB1375nnPjIrhrpW5ZTdXMOjoRQaleTUZ4snPPdss6UD9+RfCFOtGqcBp1H6df
jhaeVCr7/62XED0k
-----END CERTIFICATE-----