Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/t060sgvFlKwro6pa7zDnTiXhVuE.cer
File:                     t060sgvFlKwro6pa7zDnTiXhVuE.cer (raw, json)
Hash identifier:          8NW7iR9He+sgyvGIfvbagBL2MOXs0MWpyb+KHmVEcOo=
Subject key identifier:   B7:4E:B4:B2:0B:C5:94:AC:2B:A3:AA:5A:EF:30:E7:4E:25:E1:56:E1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC26D0D4CCB9FED7CFCFC54FE8A4A1B41
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9c/dcd512-0cb7-49a0-a618-6fbb19483287/1/t060sgvFlKwro6pa7zDnTiXhVuE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9c/dcd512-0cb7-49a0-a618-6fbb19483287/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 00:29:35 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.46.180.0/22
                          IP: 2a04:8140::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:0d:4c:cb:9f:ed:7c:fc:fc:54:fe:8a:4a:1b:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b74eb4b20bc594ac2ba3aa5aef30e74e25e156e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:3e:08:cd:a7:cc:60:5c:29:79:49:ac:a2:6c:
                    71:73:7d:ee:e5:56:fb:9f:14:4b:d1:12:db:d6:7f:
                    aa:78:a2:a4:e5:38:68:f8:1a:b6:d5:a8:4b:58:0a:
                    c7:3e:87:e6:75:51:77:0f:3f:32:0f:48:a5:02:7a:
                    35:7c:a0:b4:77:0d:0f:38:54:49:d9:00:56:3d:bb:
                    0b:73:1e:65:6e:2a:73:e8:1c:9c:27:58:b7:e3:9a:
                    fc:c1:81:b5:8a:41:d6:9a:14:d5:40:f9:1c:d7:51:
                    57:f9:3c:31:d3:83:38:55:15:04:73:4b:f6:9d:08:
                    6b:1d:7b:2b:b4:79:ec:95:a0:5b:88:a2:20:74:89:
                    72:c7:a7:e8:3a:a3:32:11:47:53:b4:d1:13:8b:50:
                    89:c5:d0:bc:39:59:ef:2b:43:2a:30:cc:a7:d4:9b:
                    43:3e:f8:2e:e4:a5:42:8f:44:72:85:6a:9b:b0:61:
                    86:f7:1e:db:23:b2:9e:6f:58:27:ba:ee:ae:26:62:
                    ff:ad:f5:85:7f:f1:1f:c6:2a:1e:a1:56:97:ff:0a:
                    e8:9a:90:04:bb:c6:8a:b7:4b:19:e1:db:b1:a9:c1:
                    e8:df:5e:b7:9c:1d:c9:76:9a:72:5d:22:aa:53:3a:
                    2b:c3:95:c0:fc:26:3e:6a:9e:83:30:67:46:89:23:
                    7d:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:4E:B4:B2:0B:C5:94:AC:2B:A3:AA:5A:EF:30:E7:4E:25:E1:56:E1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/dcd512-0cb7-49a0-a618-6fbb19483287/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/dcd512-0cb7-49a0-a618-6fbb19483287/1/t060sgvFlKwro6pa7zDnTiXhVuE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.180.0/22
                IPv6:
                  2a04:8140::/29

    Signature Algorithm: sha256WithRSAEncryption
         a6:46:0c:b4:a6:ac:ea:2f:af:42:23:55:df:64:9f:21:2b:f4:
         84:4e:e9:2c:92:9e:1b:70:1b:90:48:85:c9:a0:b0:ef:b4:66:
         32:00:92:93:9a:9b:bb:73:32:3f:13:db:be:29:ba:ee:ea:19:
         e3:34:b2:41:bc:0d:16:ec:59:fb:90:d8:5c:54:d3:e9:00:b9:
         d4:9d:b2:fb:62:4c:f0:7e:8b:b5:da:a7:67:04:f4:44:95:f1:
         86:4e:74:ec:31:60:6c:af:a3:d5:4f:b4:5f:34:ec:5f:b6:7f:
         5f:47:34:a6:98:84:6d:fd:27:3b:bd:fd:9a:e8:1a:b8:fe:35:
         63:38:4e:29:f4:d1:5e:7c:60:c5:0c:f9:5f:ae:33:60:14:bd:
         3a:a9:7f:52:d5:71:5c:c2:e1:10:d6:81:de:4d:76:4d:85:48:
         dc:24:45:38:f3:3a:7d:b9:1b:36:20:61:ae:0f:ad:b0:31:7e:
         49:79:f5:00:3a:4a:30:73:6a:cb:01:4a:f6:81:6f:c8:72:b8:
         42:19:b8:7d:d7:a7:78:06:bd:88:c9:63:71:7f:8a:25:fd:99:
         a1:50:47:18:d9:8e:d1:58:24:59:1a:82:fa:79:24:cb:a8:f3:
         8c:78:71:1c:c6:b6:22:be:20:28:c9:ef:ff:a1:59:1a:8d:ef:
         a8:f0:c7:6d
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzCbQ1My5/tfPz8VP6KShtBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzRlYjRiMjBiYzU5NGFjMmJhM2FhNWFlZjMwZTc0ZTI1ZTE1NmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6T4IzafMYFwpeUmsomxxc33u5Vb7
nxRL0RLb1n+qeKKk5Tho+Bq21ahLWArHPofmdVF3Dz8yD0ilAno1fKC0dw0POFRJ
2QBWPbsLcx5lbipz6BycJ1i345r8wYG1ikHWmhTVQPkc11FX+Twx04M4VRUEc0v2
nQhrHXsrtHnslaBbiKIgdIlyx6foOqMyEUdTtNETi1CJxdC8OVnvK0MqMMyn1JtD
Pvgu5KVCj0RyhWqbsGGG9x7bI7Keb1gnuu6uJmL/rfWFf/EfxioeoVaX/wrompAE
u8aKt0sZ4duxqcHo3163nB3JdppyXSKqUzorw5XA/CY+ap6DMGdGiSN9PQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFLdOtLILxZSsK6OqWu8w504l4VbhMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzljL2RjZDUx
Mi0wY2I3LTQ5YTAtYTYxOC02ZmJiMTk0ODMyODcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWMvZGNkNTEy
LTBjYjctNDlhMC1hNjE4LTZmYmIxOTQ4MzI4Ny8xL3QwNjBzZ3ZGbEt3cm82cGE3
ekRuVGlYaFZ1RS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuS60MA0EAgACMAcDBQMqBIFAMA0GCSqGSIb3
DQEBCwUAA4IBAQCmRgy0pqzqL69CI1XfZJ8hK/SETukskp4bcBuQSIXJoLDvtGYy
AJKTmpu7czI/E9u+Kbru6hnjNLJBvA0W7Fn7kNhcVNPpALnUnbL7Ykzwfou12qdn
BPRElfGGTnTsMWBsr6PVT7RfNOxftn9fRzSmmIRt/Sc7vf2a6Bq4/jVjOE4p9NFe
fGDFDPlfrjNgFL06qX9S1XFcwuEQ1oHeTXZNhUjcJEU48zp9uRs2IGGuD62wMX5J
efUAOkowc2rLAUr2gW/IcrhCGbh916d4Br2IyWNxf4ol/ZmhUEcY2Y7RWCRZGoL6
eSTLqPOMeHEcxrYiviAoye//oVkaje+o8Mdt
-----END CERTIFICATE-----