Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/vw3BRJMWtlZ8Ph43S4LtiStdD2M.cer
File:                     vw3BRJMWtlZ8Ph43S4LtiStdD2M.cer (raw, json)
Hash identifier:          cupWRUnesDwBWJkX3E0CjKRYW/zuWd1xi/W6ig6Fo9k=
Subject key identifier:   BF:0D:C1:44:93:16:B6:56:7C:3E:1E:37:4B:82:ED:89:2B:5D:0F:63
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC64B71315A4B5982F6DF516369948991
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9f/266e62-9498-46e0-a14c-5755b2f10418/1/vw3BRJMWtlZ8Ph43S4LtiStdD2M.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9f/266e62-9498-46e0-a14c-5755b2f10418/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:31:22 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 213065
                          IP: 145.84.0.0/16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:71:31:5a:4b:59:82:f6:df:51:63:69:94:89:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf0dc1449316b6567c3e1e374b82ed892b5d0f63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:02:d0:16:53:b0:c6:67:89:8e:99:05:8b:00:
                    ad:c1:10:93:71:37:e2:a4:74:54:a6:21:a5:e1:d1:
                    94:c0:5d:5a:71:6c:b6:0e:1d:0f:38:d9:ff:d6:92:
                    53:81:1f:8e:67:5b:4d:c1:d7:7c:63:47:b4:67:5a:
                    37:fe:8f:2f:3f:d2:91:b4:19:54:c8:28:79:c4:fd:
                    f4:6a:1c:54:ba:73:88:22:3e:e1:c3:d4:b9:55:8f:
                    5e:38:aa:0d:b6:59:cd:45:38:e0:32:14:9b:a4:26:
                    c2:89:65:19:58:c3:ac:8e:6c:4b:39:6a:4a:be:77:
                    5c:0d:60:81:b7:0a:fe:34:6e:ad:82:e7:41:fa:4b:
                    1e:94:c2:ee:d5:9c:c1:c8:f4:df:3f:ca:42:b1:41:
                    d3:60:77:7d:1d:54:e9:29:38:69:ed:1f:61:e9:4d:
                    d0:7f:a5:2d:ba:1f:1f:e6:ac:c6:13:d9:d8:72:dc:
                    26:b6:fe:bd:b4:7d:f4:06:a1:3a:75:3b:90:4c:0b:
                    98:b1:78:14:65:14:ec:ef:ad:c0:37:55:18:f6:57:
                    0d:d5:8f:53:98:1e:6e:76:ca:04:37:56:ab:6a:d2:
                    45:40:bc:9e:2a:65:10:80:04:f4:e0:40:2b:e1:19:
                    79:e3:da:27:30:60:29:6c:17:16:0e:a5:11:4e:ec:
                    16:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:0D:C1:44:93:16:B6:56:7C:3E:1E:37:4B:82:ED:89:2B:5D:0F:63
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/266e62-9498-46e0-a14c-5755b2f10418/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/266e62-9498-46e0-a14c-5755b2f10418/1/vw3BRJMWtlZ8Ph43S4LtiStdD2M.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.84.0.0/16

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213065

    Signature Algorithm: sha256WithRSAEncryption
         1b:49:64:79:ad:f6:c5:ab:23:21:ff:72:75:3f:29:68:dc:0d:
         77:0c:5a:69:73:37:20:52:9c:67:66:fb:96:97:fd:9c:26:ff:
         0e:09:ae:e9:b5:f3:f7:81:a8:b8:3c:79:57:7b:a6:a6:c6:fc:
         36:f6:18:07:0c:1b:1c:6a:d7:22:34:c3:0b:c1:ab:f0:c8:d9:
         0a:c9:13:1b:e6:84:14:0a:ea:a2:03:07:08:71:25:17:0c:11:
         c5:18:dc:47:32:5d:b7:be:77:c4:ed:74:b5:fc:d8:90:44:44:
         24:0b:20:39:b7:df:53:98:07:6b:a9:42:16:bd:ff:9d:4f:d8:
         9c:25:f3:09:30:bc:f3:d8:7d:2a:32:d0:3b:95:c1:db:b8:f6:
         d4:71:0b:e6:88:ad:cd:94:69:3a:14:3e:b4:c8:21:a7:cb:b4:
         bb:88:74:a3:89:36:9d:92:2c:15:8e:8e:3b:48:ae:0b:a0:72:
         98:6b:64:c9:14:1e:bc:79:c2:41:77:73:c0:5c:fd:cd:44:b7:
         52:04:ca:1d:d9:83:13:3c:36:ee:d6:db:a1:62:e2:b2:3c:f4:
         33:c0:52:6c:43:63:0f:a5:e4:24:e6:b8:80:21:7e:5e:62:28:
         e1:7c:35:7e:b3:4c:a9:d6:71:43:6f:0e:fa:1e:b2:5b:d5:95:
         d3:81:4e:17
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAYzGS3ExWktZgvbfUWNplImRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjBkYzE0NDkzMTZiNjU2N2MzZTFlMzc0YjgyZWQ4OTJiNWQwZjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ALQFlOwxmeJjpkFiwCtwRCTcTfi
pHRUpiGl4dGUwF1acWy2Dh0PONn/1pJTgR+OZ1tNwdd8Y0e0Z1o3/o8vP9KRtBlU
yCh5xP30ahxUunOIIj7hw9S5VY9eOKoNtlnNRTjgMhSbpCbCiWUZWMOsjmxLOWpK
vndcDWCBtwr+NG6tgudB+kselMLu1ZzByPTfP8pCsUHTYHd9HVTpKThp7R9h6U3Q
f6Utuh8f5qzGE9nYctwmtv69tH30BqE6dTuQTAuYsXgUZRTs763AN1UY9lcN1Y9T
mB5udsoEN1aratJFQLyeKmUQgAT04EAr4Rl549onMGApbBcWDqURTuwWAQIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFL8NwUSTFrZWfD4eN0uC7YkrXQ9jMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzlmLzI2NmU2
Mi05NDk4LTQ2ZTAtYTE0Yy01NzU1YjJmMTA0MTgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWYvMjY2ZTYy
LTk0OTgtNDZlMC1hMTRjLTU3NTViMmYxMDQxOC8xL3Z3M0JSSk1XdGxaOFBoNDNT
NEx0aVN0ZEQyTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUF
BwEHAQH/BA8wDTALBAIAATAFAwMAkVQwGgYIKwYBBQUHAQgBAf8ECzAJoAcwBQID
A0BJMA0GCSqGSIb3DQEBCwUAA4IBAQAbSWR5rfbFqyMh/3J1Pylo3A13DFppczcg
UpxnZvuWl/2cJv8OCa7ptfP3gai4PHlXe6amxvw29hgHDBscatciNMMLwavwyNkK
yRMb5oQUCuqiAwcIcSUXDBHFGNxHMl23vnfE7XS1/NiQREQkCyA5t99TmAdrqUIW
vf+dT9icJfMJMLzz2H0qMtA7lcHbuPbUcQvmiK3NlGk6FD60yCGny7S7iHSjiTad
kiwVjo47SK4LoHKYa2TJFB68ecJBd3PAXP3NRLdSBMod2YMTPDbu1tuhYuKyPPQz
wFJsQ2MPpeQk5riAIX5eYijhfDV+s0yp1nFDbw76HrJb1ZXTgU4X
-----END CERTIFICATE-----