Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/u1dWHKLb91Do9eC3OJ7wnOm1vOo.cer
File:                     u1dWHKLb91Do9eC3OJ7wnOm1vOo.cer (raw, json)
Hash identifier:          CHX+N/3u1NaZrYiFDS2uWdDIHJ83cKx/div+0A1k/t4=
Subject key identifier:   BB:57:56:1C:A2:DB:F7:50:E8:F5:E0:B7:38:9E:F0:9C:E9:B5:BC:EA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC64A37D28ED972566DAE5B4690A2149B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/19/d5f9aa-337b-4d60-8f5e-02125e44e3a8/1/u1dWHKLb91Do9eC3OJ7wnOm1vOo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/19/d5f9aa-337b-4d60-8f5e-02125e44e3a8/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:30:01 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.84.32.0/20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:37:d2:8e:d9:72:56:6d:ae:5b:46:90:a2:14:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb57561ca2dbf750e8f5e0b7389ef09ce9b5bcea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:1d:3f:f0:47:a6:a6:97:a4:da:27:be:a4:90:
                    7d:22:d1:97:ee:d8:1f:05:e8:2c:d4:71:70:f7:9e:
                    dc:a6:c0:dc:77:30:f1:10:b3:d2:2b:64:88:a5:f7:
                    a7:63:5f:0c:fa:e4:08:f9:67:65:2d:75:5a:0d:52:
                    68:ec:67:56:1d:60:3d:41:81:bf:b1:d3:c7:55:d1:
                    30:47:41:a3:92:d8:de:63:ed:a8:a4:73:07:04:02:
                    92:5f:1f:61:87:68:ee:c4:eb:87:ac:34:67:2d:62:
                    9e:45:50:35:43:80:f1:c4:d8:41:61:57:b8:be:27:
                    bc:e4:49:0f:33:20:83:d1:1b:2d:af:17:88:98:c6:
                    97:83:30:07:13:cd:e7:ea:e5:72:53:f6:9b:60:07:
                    75:fe:70:e0:c3:66:6f:de:80:02:48:df:1d:12:39:
                    13:19:bd:d4:c4:c8:78:56:3c:62:20:d6:fd:09:58:
                    8e:3b:f4:8b:ee:54:a1:37:ff:1b:f4:84:85:b1:73:
                    25:09:c3:da:0d:1c:1b:e2:8d:db:4a:78:80:47:59:
                    a1:3f:7e:1a:e7:41:be:18:9a:fa:71:35:34:7b:2b:
                    86:4d:f2:1e:61:52:61:06:c2:9e:e3:ae:5d:f9:f2:
                    69:57:66:a4:89:07:49:4f:f8:86:1f:92:ac:14:90:
                    3f:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:57:56:1C:A2:DB:F7:50:E8:F5:E0:B7:38:9E:F0:9C:E9:B5:BC:EA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d5f9aa-337b-4d60-8f5e-02125e44e3a8/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d5f9aa-337b-4d60-8f5e-02125e44e3a8/1/u1dWHKLb91Do9eC3OJ7wnOm1vOo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         4e:f1:b9:f7:3c:34:b8:a0:55:c5:2c:1e:74:7a:a7:70:b6:2d:
         b4:3f:cd:61:db:88:9a:e6:a1:5d:74:31:d5:b8:12:b1:39:78:
         4d:e1:f4:77:ca:e1:b7:f9:a3:fe:a3:61:e7:0a:46:ca:ae:aa:
         a8:1f:e1:23:43:3f:4d:8f:84:c6:ba:8b:05:46:9f:34:bc:c5:
         26:d2:b3:1b:5c:9c:4d:e3:9d:1f:4b:29:e1:6c:03:de:1f:46:
         b2:ef:db:2a:e1:59:d4:9d:21:10:c0:c7:89:e3:aa:2b:40:6e:
         c4:58:8c:a7:43:57:4f:e6:18:c7:17:a5:ed:0f:5d:de:2e:1f:
         06:1c:83:46:f7:f5:3e:ab:64:35:dc:2c:e2:26:dc:ea:de:54:
         26:d2:2b:a9:82:21:46:7d:fa:28:b9:ad:40:96:cc:db:ae:82:
         fe:e7:95:a4:c4:ae:9d:04:db:10:2f:3b:b5:77:ae:09:c3:9e:
         bd:e7:89:03:ae:e7:1c:0e:68:97:3c:ad:e3:a6:b7:56:ae:c5:
         2f:16:ab:cf:5b:b0:4b:11:61:26:25:65:1a:62:80:95:0d:ab:
         f1:90:b5:91:89:36:ed:db:81:f0:bd:aa:5b:b6:0f:2c:6e:61:
         f7:70:6f:80:39:26:54:6c:b2:71:18:9d:39:9f:60:ed:e9:95:
         e9:e8:07:0d
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzGSjfSjtlyVm2uW0aQohSbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjU3NTYxY2EyZGJmNzUwZThmNWUwYjczODllZjA5Y2U5YjViY2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoR0/8Eemppek2ie+pJB9ItGX7tgf
Begs1HFw957cpsDcdzDxELPSK2SIpfenY18M+uQI+WdlLXVaDVJo7GdWHWA9QYG/
sdPHVdEwR0GjktjeY+2opHMHBAKSXx9hh2juxOuHrDRnLWKeRVA1Q4DxxNhBYVe4
vie85EkPMyCD0RstrxeImMaXgzAHE83n6uVyU/abYAd1/nDgw2Zv3oACSN8dEjkT
Gb3UxMh4VjxiINb9CViOO/SL7lShN/8b9ISFsXMlCcPaDRwb4o3bSniAR1mhP34a
50G+GJr6cTU0eyuGTfIeYVJhBsKe465d+fJpV2akiQdJT/iGH5KsFJA/XwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFLtXVhyi2/dQ6PXgtzie8JzptbzqMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE5L2Q1Zjlh
YS0zMzdiLTRkNjAtOGY1ZS0wMjEyNWU0NGUzYTgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTkvZDVmOWFh
LTMzN2ItNGQ2MC04ZjVlLTAyMTI1ZTQ0ZTNhOC8xL3UxZFdIS0xiOTFEbzllQzNP
Sjd3bk9tMXZPby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQEwVQgMA0GCSqGSIb3DQEBCwUAA4IBAQBO8bn3
PDS4oFXFLB50eqdwti20P81h24ia5qFddDHVuBKxOXhN4fR3yuG3+aP+o2HnCkbK
rqqoH+EjQz9Nj4TGuosFRp80vMUm0rMbXJxN450fSynhbAPeH0ay79sq4VnUnSEQ
wMeJ46orQG7EWIynQ1dP5hjHF6XtD13eLh8GHING9/U+q2Q13CziJtzq3lQm0iup
giFGffooua1AlszbroL+55WkxK6dBNsQLzu1d64Jw56954kDruccDmiXPK3jprdW
rsUvFqvPW7BLEWEmJWUaYoCVDavxkLWRiTbt24Hwvapbtg8sbmH3cG+AOSZUbLJx
GJ05n2Dt6ZXp6AcN
-----END CERTIFICATE-----