Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/tcr-HjrqL22RHtEHoIqv7peaT1E.cer
File:                     tcr-HjrqL22RHtEHoIqv7peaT1E.cer (raw, json)
Hash identifier:          X6D2NJMfO0K1GdykLO3Q/zzyeffrXLgz8YUJu91xMCk=
Subject key identifier:   B5:CA:FE:1E:3A:EA:2F:6D:91:1E:D1:07:A0:8A:AF:EE:97:9A:4F:51
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC26CF45B3E4E3C830D92F9BD68C01B98
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/06/77f99c-35cb-47a6-bac3-caba81c9a152/1/tcr-HjrqL22RHtEHoIqv7peaT1E.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/06/77f99c-35cb-47a6-bac3-caba81c9a152/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 00:29:29 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.207.134.0/23
                          IP: 195.234.0.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f4:5b:3e:4e:3c:83:0d:92:f9:bd:68:c0:1b:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5cafe1e3aea2f6d911ed107a08aafee979a4f51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:75:81:74:a1:39:55:2f:be:a4:ed:78:e7:1c:
                    42:86:67:f1:2b:24:e7:5d:85:cc:0a:3d:76:6b:00:
                    77:7c:b1:77:10:5a:0c:3f:93:2b:07:a3:08:c5:c3:
                    be:0e:1d:b2:f1:10:1b:1b:7a:65:fe:9a:ac:ad:1c:
                    d5:1c:c1:9e:b7:50:a8:7c:59:a7:d1:1d:6a:34:81:
                    56:75:41:a0:97:bd:c9:48:2c:dc:00:b3:ef:c6:9c:
                    e5:34:cd:c3:2b:18:8a:b6:22:30:f3:4f:2c:59:03:
                    b4:76:1a:b1:f6:c2:6b:e2:41:9d:e6:15:e9:47:c9:
                    af:74:bc:f6:93:8f:89:c9:3d:40:71:ed:e5:a8:25:
                    d3:f8:6d:b9:dd:09:93:8d:12:bb:0d:98:42:b8:cd:
                    82:08:1a:3b:54:22:2a:c5:ec:5a:68:23:ee:9f:7c:
                    86:68:f1:74:81:06:5c:e3:77:e3:33:3c:3f:8c:0a:
                    8c:53:34:06:6d:d8:80:33:fa:f1:0a:13:d7:2b:69:
                    99:15:c4:ae:4a:40:0e:0b:eb:93:0e:dd:45:56:83:
                    36:28:d1:57:83:cb:72:0e:f5:a9:25:2c:ff:1c:99:
                    ae:05:f8:e6:b7:b7:a2:68:f0:63:84:46:ff:73:c5:
                    22:99:2a:0a:9a:e1:a5:64:f5:19:5a:de:30:39:eb:
                    8d:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:CA:FE:1E:3A:EA:2F:6D:91:1E:D1:07:A0:8A:AF:EE:97:9A:4F:51
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/77f99c-35cb-47a6-bac3-caba81c9a152/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/77f99c-35cb-47a6-bac3-caba81c9a152/1/tcr-HjrqL22RHtEHoIqv7peaT1E.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.134.0/23
                  195.234.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:d5:fd:e0:59:62:50:dd:ac:ca:e3:06:54:67:3e:f6:ad:8f:
         7d:1a:f3:e4:f0:e8:7c:69:1c:63:22:dd:1d:db:08:28:4d:e6:
         e8:49:1c:f2:89:7f:d7:c0:3b:b5:08:a0:db:74:ac:b7:84:37:
         5f:ec:56:62:ef:7b:f3:37:1c:98:b2:7a:c1:12:46:52:84:4a:
         20:5a:41:f6:30:4a:ef:57:24:a7:18:d2:0b:f9:cc:fa:8d:75:
         2a:b9:5b:69:49:b5:a3:19:8f:e4:50:53:dc:7c:86:44:0f:60:
         e3:ec:58:c2:d0:22:21:1b:3f:a7:40:82:2e:64:7d:f0:8d:ab:
         34:be:b7:42:70:20:bc:a1:8d:fd:f7:ba:82:eb:fa:7f:77:61:
         ad:9e:69:d3:b2:fa:cb:d6:ef:97:2b:04:e6:03:77:59:8b:23:
         02:ee:0f:5e:35:1c:e4:9b:ef:92:96:b0:59:6c:a2:5c:6a:dc:
         e5:21:b4:11:ba:62:25:2a:80:d6:99:82:48:11:2d:38:b4:6c:
         0a:fa:0b:fc:b3:77:6a:aa:e7:d6:34:14:55:fa:41:a0:b5:75:
         aa:d3:1d:e9:91:bc:30:38:ed:42:8b:6a:04:7a:70:1e:12:7e:
         c4:00:84:25:16:71:2b:c7:b0:fe:74:cb:92:94:99:36:49:a4:
         fa:ed:1f:6f
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAYzCbPRbPk48gw2S+b1owBuYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWNhZmUxZTNhZWEyZjZkOTExZWQxMDdhMDhhYWZlZTk3OWE0ZjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHWBdKE5VS++pO145xxChmfxKyTn
XYXMCj12awB3fLF3EFoMP5MrB6MIxcO+Dh2y8RAbG3pl/pqsrRzVHMGet1CofFmn
0R1qNIFWdUGgl73JSCzcALPvxpzlNM3DKxiKtiIw808sWQO0dhqx9sJr4kGd5hXp
R8mvdLz2k4+JyT1Ace3lqCXT+G253QmTjRK7DZhCuM2CCBo7VCIqxexaaCPun3yG
aPF0gQZc43fjMzw/jAqMUzQGbdiAM/rxChPXK2mZFcSuSkAOC+uTDt1FVoM2KNFX
g8tyDvWpJSz/HJmuBfjmt7eiaPBjhEb/c8UimSoKmuGlZPUZWt4wOeuNrQIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFLXK/h466i9tkR7RB6CKr+6Xmk9RMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzA2Lzc3Zjk5
Yy0zNWNiLTQ3YTYtYmFjMy1jYWJhODFjOWExNTIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDYvNzdmOTlj
LTM1Y2ItNDdhNi1iYWMzLWNhYmE4MWM5YTE1Mi8xL3Rjci1IanJxTDIyUkh0RUhv
SXF2N3BlYVQxRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQBW8+GAwQBw+oAMA0GCSqGSIb3DQEBCwUAA4IB
AQAF1f3gWWJQ3azK4wZUZz72rY99GvPk8Oh8aRxjIt0d2wgoTeboSRzyiX/XwDu1
CKDbdKy3hDdf7FZi73vzNxyYsnrBEkZShEogWkH2MErvVySnGNIL+cz6jXUquVtp
SbWjGY/kUFPcfIZED2Dj7FjC0CIhGz+nQIIuZH3wjas0vrdCcCC8oY3997qC6/p/
d2GtnmnTsvrL1u+XKwTmA3dZiyMC7g9eNRzkm++SlrBZbKJcatzlIbQRumIlKoDW
mYJIES04tGwK+gv8s3dqqufWNBRV+kGgtXWq0x3pkbwwOO1Ci2oEenAeEn7EAIQl
FnErx7D+dMuSlJk2SaT67R9v
-----END CERTIFICATE-----