Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/v0_LZK6zRV-zmJfjEpXd6DrdTQ4.cer
File:                     v0_LZK6zRV-zmJfjEpXd6DrdTQ4.cer (raw, json)
Hash identifier:          +jBjh7NgLZ5suvE2B67oqV6SJkkV6cozgHJtIH5KoNQ=
Subject key identifier:   BF:4F:CB:64:AE:B3:45:5F:B3:98:97:E3:12:95:DD:E8:3A:DD:4D:0E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC86F43A756B38E19A7B2A73CC965D6D1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d0/3e7980-7e31-4fd1-b79d-0bd62c83e92b/1/v0_LZK6zRV-zmJfjEpXd6DrdTQ4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d0/3e7980-7e31-4fd1-b79d-0bd62c83e92b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 04:29:44 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.36.46.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:43:a7:56:b3:8e:19:a7:b2:a7:3c:c9:65:d6:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf4fcb64aeb3455fb39897e31295dde83add4d0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:cf:46:79:f5:24:c8:a0:68:34:69:43:f8:f9:
                    d4:de:2b:11:b1:8d:4d:43:04:86:22:f8:e5:47:99:
                    f7:da:c1:bd:77:4c:81:2e:d7:a6:81:90:dd:6e:c0:
                    9c:ee:7f:ed:26:ad:db:19:34:5b:2f:11:87:a8:44:
                    2c:4d:51:96:5b:c3:fb:e0:83:d7:aa:82:af:e8:21:
                    d8:ae:47:07:e6:11:ea:ac:e1:55:d2:b5:b5:8b:d1:
                    c0:af:14:d7:46:50:69:50:d8:5e:5e:f3:05:67:44:
                    0f:0a:d8:97:5f:24:3a:0b:7c:39:0f:05:d4:9b:cf:
                    61:fb:6f:94:d4:ea:fb:c8:13:e7:2a:53:c8:40:06:
                    35:bf:26:b3:d8:a9:87:1f:0f:93:dc:a5:c1:99:5f:
                    76:47:4b:3d:2b:0f:a6:7f:6e:fd:26:cc:e4:68:2d:
                    19:2d:c6:20:11:bf:e8:48:9e:28:9e:33:28:e5:7d:
                    72:27:19:5e:27:8e:6a:90:55:85:b2:19:44:66:71:
                    56:89:94:59:bf:22:40:da:ac:a5:cc:71:7d:db:1f:
                    96:33:c1:a9:29:6c:95:c7:bc:8d:51:2e:46:58:f3:
                    99:5d:5b:b8:6d:10:90:9f:d8:e9:42:41:1c:3f:f5:
                    32:bb:a7:cc:36:94:2d:4c:2c:a9:f6:bb:17:ed:11:
                    5b:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:4F:CB:64:AE:B3:45:5F:B3:98:97:E3:12:95:DD:E8:3A:DD:4D:0E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/3e7980-7e31-4fd1-b79d-0bd62c83e92b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/3e7980-7e31-4fd1-b79d-0bd62c83e92b/1/v0_LZK6zRV-zmJfjEpXd6DrdTQ4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:66:59:2d:13:12:d5:b0:e6:03:8f:55:59:bf:ad:86:71:ec:
         b3:f3:1b:21:38:98:a3:e9:54:5b:1b:f3:c6:e3:d5:23:97:87:
         84:63:7f:de:34:a6:df:a4:a4:b3:e8:dd:ff:d9:05:9c:14:d8:
         dd:8b:5b:14:94:ea:85:72:5c:74:0a:6b:ff:c7:42:82:7f:8e:
         4e:88:ad:9c:2d:53:1c:13:1e:13:c9:70:64:e8:83:08:62:63:
         17:79:bc:b4:4c:28:f0:d4:b1:e3:d0:ba:1b:0e:ee:65:91:ed:
         ee:50:13:35:fc:6e:4d:4e:fe:f3:fe:30:db:ac:fb:34:de:2a:
         2d:1d:b5:4d:e3:a6:1d:c1:b6:d0:43:7f:b2:a5:5b:20:43:96:
         e2:69:20:cf:89:df:28:00:6a:1e:02:e1:66:8b:2d:2d:4a:b7:
         a2:d9:64:ff:66:ce:b9:b2:2c:4b:b8:2c:10:4a:40:4e:b4:16:
         e5:69:73:00:e7:9e:c8:f9:57:b6:98:47:2a:9e:c1:58:d5:04:
         1e:c7:12:86:c9:d9:98:c8:5d:ef:82:b4:75:06:6e:a9:7f:0d:
         10:a6:63:80:76:c6:b8:64:eb:0d:cb:b1:52:95:3c:16:00:11:
         fb:98:69:72:6d:f1:9c:93:14:b9:37:e3:4d:3e:49:71:bf:61:
         59:f6:d5:52
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzIb0OnVrOOGaeypzzJZdbRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjRmY2I2NGFlYjM0NTVmYjM5ODk3ZTMxMjk1ZGRlODNhZGQ0ZDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoc9GefUkyKBoNGlD+PnU3isRsY1N
QwSGIvjlR5n32sG9d0yBLtemgZDdbsCc7n/tJq3bGTRbLxGHqEQsTVGWW8P74IPX
qoKv6CHYrkcH5hHqrOFV0rW1i9HArxTXRlBpUNheXvMFZ0QPCtiXXyQ6C3w5DwXU
m89h+2+U1Or7yBPnKlPIQAY1vyaz2KmHHw+T3KXBmV92R0s9Kw+mf279JszkaC0Z
LcYgEb/oSJ4onjMo5X1yJxleJ45qkFWFshlEZnFWiZRZvyJA2qylzHF92x+WM8Gp
KWyVx7yNUS5GWPOZXVu4bRCQn9jpQkEcP/Uyu6fMNpQtTCyp9rsX7RFbGQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFL9Py2Sus0Vfs5iX4xKV3eg63U0OMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2QwLzNlNzk4
MC03ZTMxLTRmZDEtYjc5ZC0wYmQ2MmM4M2U5MmIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDAvM2U3OTgw
LTdlMzEtNGZkMS1iNzlkLTBiZDYyYzgzZTkyYi8xL3YwX0xaSzZ6UlYtem1KZmpF
cFhkNkRyZFRRNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwSQuMA0GCSqGSIb3DQEBCwUAA4IBAQCOZlkt
ExLVsOYDj1VZv62Gceyz8xshOJij6VRbG/PG49Ujl4eEY3/eNKbfpKSz6N3/2QWc
FNjdi1sUlOqFclx0Cmv/x0KCf45OiK2cLVMcEx4TyXBk6IMIYmMXeby0TCjw1LHj
0LobDu5lke3uUBM1/G5NTv7z/jDbrPs03iotHbVN46YdwbbQQ3+ypVsgQ5biaSDP
id8oAGoeAuFmiy0tSrei2WT/Zs65sixLuCwQSkBOtBblaXMA557I+Ve2mEcqnsFY
1QQexxKGydmYyF3vgrR1Bm6pfw0QpmOAdsa4ZOsNy7FSlTwWABH7mGlybfGckxS5
N+NNPklxv2FZ9tVS
-----END CERTIFICATE-----