Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/v6bpb8p6J4PLlyHrti3htTbBY6k.cer
File:                     v6bpb8p6J4PLlyHrti3htTbBY6k.cer (raw, json)
Hash identifier:          1I0CNQx+X1//tJNjl3webGiUO5OlY+pQtg13gZP4oIU=
Subject key identifier:   BF:A6:E9:6F:CA:7A:27:83:CB:97:21:EB:B6:2D:E1:B5:36:C1:63:A9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA9986CBCE78BB8CC6C614066F862F42
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/16/856ea4-de5a-4f11-8228-87bf6fdbe193/1/v6bpb8p6J4PLlyHrti3htTbBY6k.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/16/856ea4-de5a-4f11-8228-87bf6fdbe193/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 14:35:08 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.157.80.0/22
                          IP: 2a07:a440::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:86:cb:ce:78:bb:8c:c6:c6:14:06:6f:86:2f:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 14:35:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfa6e96fca7a2783cb9721ebb62de1b536c163a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:4b:33:52:47:94:da:eb:ca:c1:65:be:51:c6:
                    da:b7:be:7c:21:9a:25:d4:7f:b1:a6:38:da:a9:93:
                    16:d0:73:12:b4:ea:87:81:6d:31:5d:bb:b3:2a:c5:
                    c0:9f:42:8c:03:b4:0f:2b:7f:f2:f5:2e:e3:ee:3f:
                    19:05:20:bb:80:a0:5f:bd:33:b2:55:ac:94:3c:f1:
                    cf:d6:3b:f8:f3:6a:34:4e:60:76:62:4c:23:d1:38:
                    b7:08:a2:09:51:f0:d3:f8:85:65:6e:12:23:90:ff:
                    1d:71:95:57:20:9c:f9:e2:91:23:06:8c:11:27:da:
                    9f:67:3f:4c:a0:23:f9:06:34:3a:97:03:c6:9b:ae:
                    ab:54:e0:ec:82:f6:96:d3:65:15:aa:3e:db:76:8d:
                    63:e9:f3:31:8e:28:05:7c:3e:95:6b:ec:91:65:f7:
                    c3:f6:38:42:60:c4:4b:99:a6:7e:dd:98:8c:d1:d5:
                    b7:93:06:19:ec:73:3b:36:ce:04:93:a3:41:bf:a5:
                    1c:8d:97:c4:cc:65:b1:9a:ff:fd:b3:b4:a9:c4:77:
                    24:35:f9:2d:71:e6:4a:2d:1b:6e:9d:50:f2:4b:c7:
                    d3:f9:5f:30:09:39:40:99:f8:35:44:d1:82:c2:e1:
                    fd:37:44:d6:ec:25:46:e2:00:21:9e:3c:41:5c:2c:
                    5c:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:A6:E9:6F:CA:7A:27:83:CB:97:21:EB:B6:2D:E1:B5:36:C1:63:A9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/856ea4-de5a-4f11-8228-87bf6fdbe193/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/856ea4-de5a-4f11-8228-87bf6fdbe193/1/v6bpb8p6J4PLlyHrti3htTbBY6k.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.80.0/22
                IPv6:
                  2a07:a440::/29

    Signature Algorithm: sha256WithRSAEncryption
         37:98:42:8d:f4:36:bd:86:38:04:4d:dd:b2:53:86:82:61:cd:
         80:67:81:c7:8a:23:d3:b1:33:11:f4:16:a0:2f:ec:fa:b1:19:
         4e:e8:1a:26:88:db:6c:17:c4:5d:f9:e6:94:68:1c:9a:40:a2:
         b0:68:7b:98:eb:4b:db:2d:88:cb:be:53:62:80:5c:50:cc:7e:
         54:a9:4a:74:03:ba:3d:33:17:34:f5:cc:c6:75:17:e3:40:24:
         87:f6:16:3e:8a:a5:de:cb:86:bd:6f:a2:72:b8:57:9a:07:ee:
         28:a5:81:aa:a1:b7:eb:39:57:fd:8a:20:44:82:97:60:4f:ae:
         72:eb:cb:c0:a8:33:3b:81:8e:f4:48:62:52:1b:b2:9f:eb:7e:
         35:54:e9:6e:e4:55:ba:8c:ce:83:73:6e:8c:6d:6c:f0:f1:6d:
         26:ca:0a:d1:01:f9:7d:cc:f6:a3:b6:ac:66:53:84:9b:6e:ba:
         76:32:ed:c6:3e:46:6e:2f:73:ba:00:aa:44:a6:ac:c0:9b:ec:
         18:b8:0f:ed:9b:c5:e5:16:09:6d:81:fa:f5:a4:3d:28:64:df:
         a9:cf:0c:69:4a:27:4a:0b:f9:d4:c3:d9:78:63:47:74:62:25:
         bd:7b:ac:4b:7b:b9:78:62:b2:20:e4:33:06:a7:e9:eb:fe:22:
         7b:2e:12:3e
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzKmYbLzni7jMbGFAZvhi9CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTQzNTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmE2ZTk2ZmNhN2EyNzgzY2I5NzIxZWJiNjJkZTFiNTM2YzE2M2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUszUkeU2uvKwWW+Ucbat758IZol
1H+xpjjaqZMW0HMStOqHgW0xXbuzKsXAn0KMA7QPK3/y9S7j7j8ZBSC7gKBfvTOy
VayUPPHP1jv482o0TmB2Ykwj0Ti3CKIJUfDT+IVlbhIjkP8dcZVXIJz54pEjBowR
J9qfZz9MoCP5BjQ6lwPGm66rVODsgvaW02UVqj7bdo1j6fMxjigFfD6Va+yRZffD
9jhCYMRLmaZ+3ZiM0dW3kwYZ7HM7Ns4Ek6NBv6UcjZfEzGWxmv/9s7SpxHckNfkt
ceZKLRtunVDyS8fT+V8wCTlAmfg1RNGCwuH9N0TW7CVG4gAhnjxBXCxcAwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFL+m6W/KeieDy5ch67Yt4bU2wWOpMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE2Lzg1NmVh
NC1kZTVhLTRmMTEtODIyOC04N2JmNmZkYmUxOTMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTYvODU2ZWE0
LWRlNWEtNGYxMS04MjI4LTg3YmY2ZmRiZTE5My8xL3Y2YnBiOHA2SjRQTGx5SHJ0
aTNodFRiQlk2ay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuZ1QMA0EAgACMAcDBQMqB6RAMA0GCSqGSIb3
DQEBCwUAA4IBAQA3mEKN9Da9hjgETd2yU4aCYc2AZ4HHiiPTsTMR9BagL+z6sRlO
6BomiNtsF8Rd+eaUaByaQKKwaHuY60vbLYjLvlNigFxQzH5UqUp0A7o9Mxc09czG
dRfjQCSH9hY+iqXey4a9b6JyuFeaB+4opYGqobfrOVf9iiBEgpdgT65y68vAqDM7
gY70SGJSG7Kf6341VOlu5FW6jM6Dc26MbWzw8W0mygrRAfl9zPajtqxmU4Sbbrp2
Mu3GPkZuL3O6AKpEpqzAm+wYuA/tm8XlFgltgfr1pD0oZN+pzwxpSidKC/nUw9l4
Y0d0YiW9e6xLe7l4YrIg5DMGp+nr/iJ7LhI+
-----END CERTIFICATE-----