Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/svg6PraHtBmUyJ94I4qZETPfJfY.cer
File:                     svg6PraHtBmUyJ94I4qZETPfJfY.cer (raw, json)
Hash identifier:          WkT29HnupxiTZsNMsm37ElTgkn+RhcLbfM0FN1OfSI4=
Subject key identifier:   B2:F8:3A:3E:B6:87:B4:19:94:C8:9F:78:23:8A:99:11:33:DF:25:F6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC86FB1389FBC17450BC89F76B5E1CE1B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c2/21b36e-742c-4ae5-b735-f6141e03f3a7/1/svg6PraHtBmUyJ94I4qZETPfJfY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c2/21b36e-742c-4ae5-b735-f6141e03f3a7/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 04:30:12 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.149.212.0/22
                          IP: 2a02:c6a0::/30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:b1:38:9f:bc:17:45:0b:c8:9f:76:b5:e1:ce:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2f83a3eb687b41994c89f78238a991133df25f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:de:40:50:8e:9d:99:77:6e:04:32:69:57:ee:
                    ce:b5:c1:67:8d:06:ae:5f:ea:84:b5:13:8a:da:1e:
                    73:8d:f4:c3:58:c9:c8:94:a7:76:eb:36:6c:44:c3:
                    22:fc:8e:8e:78:fb:b0:ea:0b:25:8b:16:e3:71:cc:
                    9b:db:49:32:ef:06:84:a4:88:5d:86:d3:ee:d3:06:
                    7a:3f:ef:67:6e:e2:b9:f6:ed:2e:73:ca:1b:c7:5b:
                    0f:a1:bd:b4:c6:5d:3a:81:00:38:8c:d3:c4:4a:41:
                    22:6c:f3:19:7a:ed:9f:0a:5d:ec:97:d9:0f:1c:7c:
                    c3:2a:2d:cf:3a:a0:15:cd:9f:ba:f8:7d:dc:96:92:
                    24:d4:38:51:dc:29:06:ce:f6:0e:7c:1d:b5:78:02:
                    25:dd:c4:f9:9f:b6:52:f4:85:8f:82:16:bb:5d:c9:
                    e8:49:d6:15:74:dc:95:d0:8f:12:dc:39:3f:5f:9c:
                    0d:be:d8:85:9d:68:2a:02:a0:c9:75:8f:32:d9:fd:
                    75:b6:bc:f3:40:c6:a2:2e:ec:76:a8:b7:5e:0f:fd:
                    00:9b:b8:df:b6:11:1a:26:38:d4:dd:70:e5:cd:f5:
                    98:77:9e:55:97:aa:7d:4e:0a:b9:6b:74:a4:7f:87:
                    86:d7:46:36:f1:60:f0:99:3a:40:db:cd:ea:0a:70:
                    17:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:F8:3A:3E:B6:87:B4:19:94:C8:9F:78:23:8A:99:11:33:DF:25:F6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/21b36e-742c-4ae5-b735-f6141e03f3a7/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/21b36e-742c-4ae5-b735-f6141e03f3a7/1/svg6PraHtBmUyJ94I4qZETPfJfY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.212.0/22
                IPv6:
                  2a02:c6a0::/30

    Signature Algorithm: sha256WithRSAEncryption
         a0:3e:70:35:62:a9:09:0a:7f:1e:10:8b:ec:8c:ff:79:72:96:
         66:02:fc:5e:ef:0d:9f:58:1d:40:6d:8c:e3:96:c8:cc:77:9e:
         c2:0b:0d:6a:70:0b:f8:91:cc:16:3d:d2:b7:06:e7:7a:52:a1:
         84:24:3c:2c:0c:47:2a:63:fc:49:f6:9b:d6:31:fb:f5:45:a3:
         98:16:0d:a8:bc:b4:50:39:d7:0d:11:68:3a:c2:bd:36:0a:ac:
         f0:cb:8c:80:89:00:bc:1f:ad:8b:e2:48:b6:b6:0d:4f:fd:06:
         bd:a8:68:ea:50:4e:c1:0d:7e:af:65:bc:62:36:b9:9c:27:14:
         a1:2b:74:b2:64:19:82:9e:23:1c:1d:d4:68:26:75:8e:a1:cf:
         3e:e0:00:81:a8:38:92:0a:d2:ca:a1:71:62:03:c9:c8:28:2f:
         b1:f4:89:a3:71:fe:dc:49:c3:78:86:2a:56:a7:07:6b:a6:8a:
         15:fb:b0:f0:9a:2b:a2:9b:bd:3a:2d:4c:15:d0:ca:09:5e:82:
         5b:cf:02:3e:fd:15:17:3b:cb:2a:18:c8:92:4f:9d:ae:d3:57:
         51:ba:02:38:7b:79:db:09:87:52:c7:ea:0b:1e:c9:d8:e1:c7:
         59:26:e5:72:c3:0b:f8:ab:b9:f3:bd:12:a7:73:3e:3c:4c:7c:
         c0:d1:b6:d7
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzIb7E4n7wXRQvIn3a14c4bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmY4M2EzZWI2ODdiNDE5OTRjODlmNzgyMzhhOTkxMTMzZGYyNWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqd5AUI6dmXduBDJpV+7OtcFnjQau
X+qEtROK2h5zjfTDWMnIlKd26zZsRMMi/I6OePuw6gslixbjccyb20ky7waEpIhd
htPu0wZ6P+9nbuK59u0uc8obx1sPob20xl06gQA4jNPESkEibPMZeu2fCl3sl9kP
HHzDKi3POqAVzZ+6+H3clpIk1DhR3CkGzvYOfB21eAIl3cT5n7ZS9IWPgha7Xcno
SdYVdNyV0I8S3Dk/X5wNvtiFnWgqAqDJdY8y2f11trzzQMaiLux2qLdeD/0Am7jf
thEaJjjU3XDlzfWYd55Vl6p9Tgq5a3Skf4eG10Y28WDwmTpA283qCnAXtQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFLL4Oj62h7QZlMifeCOKmREz3yX2MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MyLzIxYjM2
ZS03NDJjLTRhZTUtYjczNS1mNjE0MWUwM2YzYTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzIvMjFiMzZl
LTc0MmMtNGFlNS1iNzM1LWY2MTQxZTAzZjNhNy8xL3N2ZzZQcmFIdEJtVXlKOTRJ
NHFaRVRQZkpmWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuZXUMA0EAgACMAcDBQIqAsagMA0GCSqGSIb3
DQEBCwUAA4IBAQCgPnA1YqkJCn8eEIvsjP95cpZmAvxe7w2fWB1AbYzjlsjMd57C
Cw1qcAv4kcwWPdK3Bud6UqGEJDwsDEcqY/xJ9pvWMfv1RaOYFg2ovLRQOdcNEWg6
wr02Cqzwy4yAiQC8H62L4ki2tg1P/Qa9qGjqUE7BDX6vZbxiNrmcJxShK3SyZBmC
niMcHdRoJnWOoc8+4ACBqDiSCtLKoXFiA8nIKC+x9Imjcf7cScN4hipWpwdrpooV
+7Dwmiuim706LUwV0MoJXoJbzwI+/RUXO8sqGMiST52u01dRugI4e3nbCYdSx+oL
HsnY4cdZJuVywwv4q7nzvRKncz48THzA0bbX
-----END CERTIFICATE-----