Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/vJ9arpo3Z27gp3Ev8xDdCwpvIsY.cer
File:                     vJ9arpo3Z27gp3Ev8xDdCwpvIsY.cer (raw, json)
Hash identifier:          XsuEXgFei4oXFpwBj7z2LqQXRJwU/OSragIA0/ZW/JE=
Subject key identifier:   BC:9F:5A:AE:9A:37:67:6E:E0:A7:71:2F:F3:10:DD:0B:0A:6F:22:C6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B71BFA555E3B42E465C7CF662D2ADB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d1/6cb081-8a7d-4024-ae85-9c4cb3bd925e/1/vJ9arpo3Z27gp3Ev8xDdCwpvIsY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d1/6cb081-8a7d-4024-ae85-9c4cb3bd925e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:30:06 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 194.147.70.0/24
                          IP: 2001:678:4c4::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1b:fa:55:5e:3b:42:e4:65:c7:cf:66:2d:2a:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc9f5aae9a37676ee0a7712ff310dd0b0a6f22c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:24:d5:f7:2f:db:f6:2f:05:f8:c8:1d:b6:5e:
                    cb:c1:7a:25:a4:b5:bd:ba:eb:97:d5:fc:fd:58:20:
                    bc:ba:b3:0e:16:b8:e4:1b:76:16:8e:10:ec:e8:7e:
                    57:1f:c2:00:c5:4f:90:9c:5a:5f:40:e8:61:50:2c:
                    41:b3:d7:4e:02:2c:57:db:b4:da:36:84:7d:87:b3:
                    6e:db:85:ce:9f:14:67:7d:c4:03:b0:17:83:08:40:
                    4b:20:6c:48:5f:51:4e:0d:85:06:fe:ca:e4:25:b4:
                    b3:39:b6:ee:75:26:b7:82:c0:ba:87:6a:22:43:56:
                    15:37:10:ad:77:59:f0:19:46:41:5a:75:39:31:83:
                    ed:67:81:87:90:69:cb:db:1c:3d:7b:07:37:2f:61:
                    cb:1c:d7:a9:a5:0d:b6:a3:4b:77:49:7a:f1:89:7d:
                    39:2b:b2:6e:df:7c:8b:c5:c7:bf:69:36:05:44:b5:
                    58:10:09:86:16:7e:9d:63:5e:1e:37:47:54:74:b3:
                    fa:49:64:ee:38:50:84:6c:d7:22:80:7f:96:c7:cd:
                    a7:b1:4e:dc:66:f2:4c:b1:d9:02:78:0e:95:ea:f5:
                    5b:b2:26:b1:84:98:81:dd:49:3e:23:c5:8a:2b:5a:
                    e4:96:a9:1b:c4:5f:8c:3b:cb:8a:99:fb:63:f1:7d:
                    82:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:9F:5A:AE:9A:37:67:6E:E0:A7:71:2F:F3:10:DD:0B:0A:6F:22:C6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/6cb081-8a7d-4024-ae85-9c4cb3bd925e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/6cb081-8a7d-4024-ae85-9c4cb3bd925e/1/vJ9arpo3Z27gp3Ev8xDdCwpvIsY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.70.0/24
                IPv6:
                  2001:678:4c4::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:e2:cc:92:75:9b:26:bb:04:b4:11:b4:37:1c:aa:50:6f:75:
         39:9f:af:17:82:a8:2e:7e:e3:b2:e2:ad:cd:56:e9:5a:e2:38:
         0c:7a:8f:6d:c5:7f:75:5b:0e:0d:c9:53:f7:06:01:70:68:6a:
         15:25:7a:d4:09:40:dd:ee:11:51:c0:e9:4c:5d:97:88:64:fd:
         e4:10:d8:00:f5:bc:61:64:d4:66:f9:54:1c:54:60:39:6b:70:
         f7:02:63:a2:8c:d9:0e:21:06:f9:db:1a:db:03:aa:5e:6a:aa:
         c9:7a:28:d5:1b:1e:cf:bf:fe:09:51:d3:27:39:f6:9f:a5:26:
         00:c9:f9:70:71:03:cd:57:e2:fa:bb:f8:a6:fd:d0:66:4c:7c:
         ea:fb:5f:f1:48:60:61:e8:1f:cb:31:b2:02:7c:6e:d6:d4:70:
         51:c0:6e:ae:f9:d0:78:01:7d:35:55:2c:f4:12:4a:18:61:fb:
         c1:3a:f6:ed:2f:3a:6a:96:e3:b4:b8:7e:d6:dd:5f:57:97:48:
         36:48:ec:1d:ed:6f:10:16:12:e7:30:6a:60:01:51:e6:f4:77:
         a7:d9:ee:17:d8:17:e8:06:cb:61:0a:56:e1:5b:79:44:26:a3:
         60:7f:83:74:19:9b:6f:c5:56:ee:24:37:b0:eb:f3:2d:b4:52:
         76:6d:11:9b
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgISAYzDtxv6VV47QuRlx89mLSrbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzlmNWFhZTlhMzc2NzZlZTBhNzcxMmZmMzEwZGQwYjBhNmYyMmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1iTV9y/b9i8F+Mgdtl7LwXolpLW9
uuuX1fz9WCC8urMOFrjkG3YWjhDs6H5XH8IAxU+QnFpfQOhhUCxBs9dOAixX27Ta
NoR9h7Nu24XOnxRnfcQDsBeDCEBLIGxIX1FODYUG/srkJbSzObbudSa3gsC6h2oi
Q1YVNxCtd1nwGUZBWnU5MYPtZ4GHkGnL2xw9ewc3L2HLHNeppQ22o0t3SXrxiX05
K7Ju33yLxce/aTYFRLVYEAmGFn6dY14eN0dUdLP6SWTuOFCEbNcigH+Wx82nsU7c
ZvJMsdkCeA6V6vVbsiaxhJiB3Uk+I8WKK1rklqkbxF+MO8uKmftj8X2CQQIDAQAB
o4IClTCCApEwHQYDVR0OBBYEFLyfWq6aN2du4KdxL/MQ3QsKbyLGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2QxLzZjYjA4
MS04YTdkLTQwMjQtYWU4NS05YzRjYjNiZDkyNWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDEvNmNiMDgx
LThhN2QtNDAyNC1hZTg1LTljNGNiM2JkOTI1ZS8xL3ZKOWFycG8zWjI3Z3AzRXY4
eERkQ3dwdklzWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUF
BwEHAQH/BCEwHzAMBAIAATAGAwQAwpNGMA8EAgACMAkDBwAgAQZ4BMQwDQYJKoZI
hvcNAQELBQADggEBAA3izJJ1mya7BLQRtDccqlBvdTmfrxeCqC5+47Lirc1W6Vri
OAx6j23Ff3VbDg3JU/cGAXBoahUletQJQN3uEVHA6Uxdl4hk/eQQ2AD1vGFk1Gb5
VBxUYDlrcPcCY6KM2Q4hBvnbGtsDql5qqsl6KNUbHs+//glR0yc59p+lJgDJ+XBx
A81X4vq7+Kb90GZMfOr7X/FIYGHoH8sxsgJ8btbUcFHAbq750HgBfTVVLPQSShhh
+8E69u0vOmqW47S4ftbdX1eXSDZI7B3tbxAWEucwamABUeb0d6fZ7hfYF+gGy2EK
VuFbeUQmo2B/g3QZm2/FVu4kN7Dr8y20UnZtEZs=
-----END CERTIFICATE-----