Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ukoNHYD_HuzTZZB0pJe_voxVQ_Y.cer
File:                     ukoNHYD_HuzTZZB0pJe_voxVQ_Y.cer (raw, json)
Hash identifier:          KWjmn+ABbToWsll8b8a+VusNVu9TNVtETd/enBFiyrg=
Subject key identifier:   BA:4A:0D:1D:80:FF:1E:EC:D3:65:90:74:A4:97:BF:BE:8C:55:43:F6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56EC2550B306DA799D94022089968E0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/55/b5fa3e-a218-4a91-bf88-cc8ec6f3d875/1/ukoNHYD_HuzTZZB0pJe_voxVQ_Y.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/55/b5fa3e-a218-4a91-bf88-cc8ec6f3d875/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:30:19 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.53.204.0/22
                          IP: 2a04:cf40::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:c2:55:0b:30:6d:a7:99:d9:40:22:08:99:68:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba4a0d1d80ff1eecd3659074a497bfbe8c5543f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ba:f3:1a:82:33:d7:4b:9c:e6:2b:33:2b:1f:
                    03:50:16:ef:40:15:26:79:48:d6:86:01:f7:1f:7b:
                    06:1e:20:d7:21:f5:15:44:65:ef:6d:51:09:83:a3:
                    f6:98:ca:9f:df:5c:a3:45:d5:e9:5a:5e:1b:02:aa:
                    5e:a2:75:5b:65:33:44:35:f2:de:35:27:67:a9:bd:
                    f3:1a:ef:5a:15:aa:04:bd:c1:a7:c2:aa:89:83:f4:
                    d9:72:1f:06:4b:6d:d0:b7:fd:df:a5:2d:16:b1:5a:
                    c0:2e:36:3b:22:82:31:45:54:fb:ea:50:d4:27:d4:
                    d4:7d:ba:b8:5c:54:fe:61:8a:28:54:24:40:64:19:
                    70:ce:d7:c9:34:26:87:ad:e4:2e:15:99:e8:d8:ce:
                    61:a4:cc:cd:1d:49:e9:71:bb:85:cf:4f:03:60:72:
                    0c:43:da:8b:07:dc:d9:31:5c:e9:12:a7:09:dc:fe:
                    db:52:39:bd:3f:39:be:a0:f1:33:92:4e:44:6f:d2:
                    18:72:8b:75:2f:09:f1:5a:64:56:e5:06:6c:d3:10:
                    b7:6e:9e:07:c8:d0:7e:74:b0:d1:22:cf:b0:90:64:
                    7f:01:87:c2:7f:0c:60:a7:d0:e1:93:d3:e4:15:09:
                    d8:69:a9:6e:e7:51:95:2a:ac:c0:0f:1e:07:5c:54:
                    27:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:4A:0D:1D:80:FF:1E:EC:D3:65:90:74:A4:97:BF:BE:8C:55:43:F6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/b5fa3e-a218-4a91-bf88-cc8ec6f3d875/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/b5fa3e-a218-4a91-bf88-cc8ec6f3d875/1/ukoNHYD_HuzTZZB0pJe_voxVQ_Y.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.53.204.0/22
                IPv6:
                  2a04:cf40::/29

    Signature Algorithm: sha256WithRSAEncryption
         69:ee:b8:43:0a:c6:ca:ef:3f:39:43:e0:b8:b7:ee:9e:4a:49:
         2b:3d:86:1c:84:a2:f5:98:ca:22:a2:48:f2:71:97:04:73:89:
         ff:6d:24:99:be:b4:fd:26:c8:00:a4:aa:62:92:0a:82:f2:53:
         c0:68:7c:40:43:b9:6f:4e:0a:41:25:2f:eb:3f:8e:78:45:fa:
         11:ec:85:94:b1:76:33:86:65:0a:0c:6e:4a:fa:a8:d8:9a:54:
         d8:1e:73:91:50:bf:25:0c:5d:26:5a:94:e9:eb:ef:de:78:ce:
         66:a3:08:64:b8:4c:41:c7:0b:8a:75:17:4c:ff:bb:fe:58:30:
         92:82:2e:41:dc:72:9f:f4:d2:5c:b0:7c:8e:f0:4c:f3:92:06:
         38:69:6d:88:e2:f5:5f:c9:c7:d2:56:42:61:02:9a:83:2c:49:
         3a:2f:ee:65:3a:14:4e:eb:d0:24:fd:4d:00:de:65:a4:c7:6c:
         19:2a:d5:09:c1:bf:e3:c7:97:61:62:06:d1:12:98:f3:b8:16:
         db:fb:7c:49:93:23:4f:d1:05:b4:08:59:9a:9a:95:d7:5f:ad:
         7f:dd:7a:00:e7:f1:40:a2:67:25:a7:b3:7e:20:ef:6b:b3:df:
         28:3e:64:fe:f7:a5:38:bd:e6:d0:3d:89:41:21:df:c9:07:58:
         aa:92:f5:9d
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzFbsJVCzBtp5nZQCIImWjgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTRhMGQxZDgwZmYxZWVjZDM2NTkwNzRhNDk3YmZiZThjNTU0M2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLrzGoIz10uc5iszKx8DUBbvQBUm
eUjWhgH3H3sGHiDXIfUVRGXvbVEJg6P2mMqf31yjRdXpWl4bAqpeonVbZTNENfLe
NSdnqb3zGu9aFaoEvcGnwqqJg/TZch8GS23Qt/3fpS0WsVrALjY7IoIxRVT76lDU
J9TUfbq4XFT+YYooVCRAZBlwztfJNCaHreQuFZno2M5hpMzNHUnpcbuFz08DYHIM
Q9qLB9zZMVzpEqcJ3P7bUjm9Pzm+oPEzkk5Eb9IYcot1LwnxWmRW5QZs0xC3bp4H
yNB+dLDRIs+wkGR/AYfCfwxgp9Dhk9PkFQnYaalu51GVKqzADx4HXFQnWQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFLpKDR2A/x7s02WQdKSXv76MVUP2MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU1L2I1ZmEz
ZS1hMjE4LTRhOTEtYmY4OC1jYzhlYzZmM2Q4NzUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTUvYjVmYTNl
LWEyMTgtNGE5MS1iZjg4LWNjOGVjNmYzZDg3NS8xL3Vrb05IWURfSHV6VFpaQjBw
SmVfdm94VlFfWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuTXMMA0EAgACMAcDBQMqBM9AMA0GCSqGSIb3
DQEBCwUAA4IBAQBp7rhDCsbK7z85Q+C4t+6eSkkrPYYchKL1mMoiokjycZcEc4n/
bSSZvrT9JsgApKpikgqC8lPAaHxAQ7lvTgpBJS/rP454RfoR7IWUsXYzhmUKDG5K
+qjYmlTYHnORUL8lDF0mWpTp6+/eeM5mowhkuExBxwuKdRdM/7v+WDCSgi5B3HKf
9NJcsHyO8EzzkgY4aW2I4vVfycfSVkJhApqDLEk6L+5lOhRO69Ak/U0A3mWkx2wZ
KtUJwb/jx5dhYgbREpjzuBbb+3xJkyNP0QW0CFmampXXX61/3XoA5/FAomclp7N+
IO9rs98oPmT+96U4vebQPYlBId/JB1iqkvWd
-----END CERTIFICATE-----