Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/wlbSXx_dANyA3W0iWyERm_ISHok.cer
File:                     wlbSXx_dANyA3W0iWyERm_ISHok.cer (raw, json)
Hash identifier:          09+jxzKfbdZsiZFLqiELPeiDKqMev5jjBTXm2OtluTI=
Subject key identifier:   C2:56:D2:5F:1F:DD:00:DC:80:DD:6D:22:5B:21:11:9B:F2:12:1E:89
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC26D611F20EE9E4ADA9ED5FEE23F4360
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/da/e5a814-16a5-403b-93f3-cf32a0d92825/1/wlbSXx_dANyA3W0iWyERm_ISHok.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/da/e5a814-16a5-403b-93f3-cf32a0d92825/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 00:29:57 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.255.216.0/22
                          IP: 2a0c:6040::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:61:1f:20:ee:9e:4a:da:9e:d5:fe:e2:3f:43:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c256d25f1fdd00dc80dd6d225b21119bf2121e89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:8c:1f:5e:1a:38:5e:e4:f3:22:f8:99:3a:af:
                    cc:1e:c4:83:1a:39:bf:5a:6d:45:b4:36:72:4f:b3:
                    81:69:2f:b2:c7:c2:f8:d9:ee:92:71:33:5b:d1:89:
                    86:22:ef:1a:ae:84:a8:90:2b:e2:fd:11:d7:d6:1b:
                    cf:d1:99:20:5a:8f:44:dc:64:93:80:1b:0a:33:0a:
                    cb:0e:fa:21:72:f4:fa:69:20:06:ad:0e:a1:ce:8f:
                    25:26:f0:79:3c:60:20:8b:53:f3:6b:1d:7f:2f:a3:
                    22:2a:00:b3:82:69:5a:6d:dd:33:5f:a8:10:4c:cc:
                    7d:0f:d4:12:d4:f1:87:9e:f9:1f:9e:00:8b:be:a8:
                    38:53:4b:d0:a7:4f:c5:3f:00:73:07:20:bd:d0:4f:
                    78:ac:ae:bd:9c:b3:e1:63:3e:04:50:ba:5a:c2:1f:
                    9c:a9:7a:29:5c:f9:b1:14:1f:fc:55:0e:8d:a5:44:
                    58:0e:20:f9:ce:b6:d4:7f:fb:61:cc:34:d1:1d:39:
                    ef:72:b7:1a:3d:e7:48:6f:4a:39:0a:a3:99:6f:16:
                    44:bd:87:a2:74:41:45:94:e6:2f:86:96:f0:df:5f:
                    91:00:4d:83:b5:c4:18:2b:af:f2:7f:89:be:bb:b2:
                    e1:e3:ec:31:14:20:7e:d0:f5:3d:b0:ff:c4:44:eb:
                    3d:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:56:D2:5F:1F:DD:00:DC:80:DD:6D:22:5B:21:11:9B:F2:12:1E:89
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/e5a814-16a5-403b-93f3-cf32a0d92825/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/e5a814-16a5-403b-93f3-cf32a0d92825/1/wlbSXx_dANyA3W0iWyERm_ISHok.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.216.0/22
                IPv6:
                  2a0c:6040::/29

    Signature Algorithm: sha256WithRSAEncryption
         21:ec:4a:cd:6c:4c:73:34:e3:9c:bd:ac:6b:7e:71:7c:ab:0f:
         84:93:7e:b7:82:24:29:86:7b:69:74:41:2b:1a:05:75:7e:80:
         a0:95:d0:e6:b6:d4:9b:9b:bf:2c:5c:41:27:26:da:24:ef:68:
         f5:65:c3:4f:9a:17:e4:1e:4b:2e:0c:ed:56:a9:11:97:05:c4:
         9b:4a:4d:0a:b5:7f:4a:7b:55:73:05:b0:16:a5:00:d4:43:a9:
         01:09:6c:ab:32:fa:81:6f:20:22:cb:e3:d3:ac:e1:c8:50:16:
         bf:dd:fd:04:8e:90:b9:d1:0a:9b:50:2e:3c:eb:1d:fb:a4:d4:
         97:76:ff:57:a2:a5:e1:af:53:f9:43:08:f2:c0:10:db:89:fe:
         cc:a7:6b:a8:2b:90:bc:f8:c4:2a:8e:e3:24:db:e1:34:4a:34:
         7f:01:84:57:5a:54:32:fd:8b:2f:9b:d1:78:74:5e:0b:57:06:
         83:91:e0:a5:cb:a2:0c:9f:2b:63:72:c8:ab:fd:67:e6:31:c7:
         7d:1a:49:e0:6e:f7:74:04:4a:c4:6c:71:8d:b0:4f:9e:a2:dc:
         ca:cf:da:16:cb:de:cb:9b:ec:4f:de:c8:2d:5c:64:62:d7:85:
         3a:f2:bc:48:aa:bb:54:af:58:61:09:82:fe:20:0b:15:00:44:
         8c:75:f3:00
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzCbWEfIO6eStqe1f7iP0NgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjU2ZDI1ZjFmZGQwMGRjODBkZDZkMjI1YjIxMTE5YmYyMTIxZTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4wfXho4XuTzIviZOq/MHsSDGjm/
Wm1FtDZyT7OBaS+yx8L42e6ScTNb0YmGIu8aroSokCvi/RHX1hvP0ZkgWo9E3GST
gBsKMwrLDvohcvT6aSAGrQ6hzo8lJvB5PGAgi1Pzax1/L6MiKgCzgmlabd0zX6gQ
TMx9D9QS1PGHnvkfngCLvqg4U0vQp0/FPwBzByC90E94rK69nLPhYz4EULpawh+c
qXopXPmxFB/8VQ6NpURYDiD5zrbUf/thzDTRHTnvcrcaPedIb0o5CqOZbxZEvYei
dEFFlOYvhpbw31+RAE2DtcQYK6/yf4m+u7Lh4+wxFCB+0PU9sP/EROs9nQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFMJW0l8f3QDcgN1tIlshEZvyEh6JMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2RhL2U1YTgx
NC0xNmE1LTQwM2ItOTNmMy1jZjMyYTBkOTI4MjUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGEvZTVhODE0
LTE2YTUtNDAzYi05M2YzLWNmMzJhMGQ5MjgyNS8xL3dsYlNYeF9kQU55QTNXMGlX
eUVSbV9JU0hvay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuf/YMA0EAgACMAcDBQMqDGBAMA0GCSqGSIb3
DQEBCwUAA4IBAQAh7ErNbExzNOOcvaxrfnF8qw+Ek363giQphntpdEErGgV1foCg
ldDmttSbm78sXEEnJtok72j1ZcNPmhfkHksuDO1WqRGXBcSbSk0KtX9Ke1VzBbAW
pQDUQ6kBCWyrMvqBbyAiy+PTrOHIUBa/3f0EjpC50QqbUC486x37pNSXdv9XoqXh
r1P5QwjywBDbif7Mp2uoK5C8+MQqjuMk2+E0SjR/AYRXWlQy/Ysvm9F4dF4LVwaD
keCly6IMnytjcsir/WfmMcd9Gkngbvd0BErEbHGNsE+eotzKz9oWy97Lm+xP3sgt
XGRi14U68rxIqrtUr1hhCYL+IAsVAESMdfMA
-----END CERTIFICATE-----