Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/x8_M1olXoPcEOajWD_PIuNkRowg.cer
File:                     x8_M1olXoPcEOajWD_PIuNkRowg.cer (raw, json)
Hash identifier:          qfwtZ9AnNAHarXW5oJ3FqsAlty8LgzMCT436rKsaSGM=
Subject key identifier:   C7:CF:CC:D6:89:57:A0:F7:04:39:A8:D6:0F:F3:C8:B8:D9:11:A3:08
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC348A84F405B9511A1D30D000CE80DAB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/1f/5b7387-3aae-497d-aabd-abb7438bc8a5/1/x8_M1olXoPcEOajWD_PIuNkRowg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/1f/5b7387-3aae-497d-aabd-abb7438bc8a5/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:29:28 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 2001:67c:1368::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a8:4f:40:5b:95:11:a1:d3:0d:00:0c:e8:0d:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7cfccd68957a0f70439a8d60ff3c8b8d911a308
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:08:08:65:c6:d0:1f:49:76:29:d3:fd:eb:47:
                    79:6e:8e:38:03:bd:62:b5:dc:85:54:67:96:7a:15:
                    f5:34:99:93:1b:b8:ed:49:09:4f:83:2e:2d:0b:a0:
                    b6:af:3a:3d:b7:f3:43:ac:69:ad:50:a5:1c:63:59:
                    61:97:04:a6:6a:e4:12:1e:75:3d:0f:c4:17:d9:a6:
                    57:f6:18:f0:88:e4:5b:2e:67:1e:ae:63:bb:5d:c2:
                    6b:0f:dc:8b:dc:6d:fa:82:1c:04:77:41:16:22:9c:
                    f6:19:5d:f8:08:0a:e7:9c:c8:64:f0:ed:a7:39:00:
                    d5:82:1a:59:e9:12:9c:65:8b:69:29:8e:73:a9:29:
                    b9:e3:5b:d1:f0:b6:da:b2:8d:a3:f7:bf:03:d1:0f:
                    0f:e8:e9:fe:e3:0a:14:85:e4:4c:1e:2a:e4:19:b3:
                    d4:45:49:47:6a:38:6b:73:0a:83:04:47:09:f2:bc:
                    e3:5f:1d:49:73:12:66:c0:83:bb:c6:df:bb:a7:05:
                    da:f4:9f:2a:4b:28:94:34:8e:b7:24:15:07:1c:93:
                    80:ed:85:68:65:ee:44:c6:ba:52:19:d1:96:0f:19:
                    6a:ef:d8:df:56:43:f1:81:3b:2e:ac:58:89:67:79:
                    6e:89:c2:53:75:06:3c:24:d6:a3:d0:74:f3:d9:65:
                    14:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:CF:CC:D6:89:57:A0:F7:04:39:A8:D6:0F:F3:C8:B8:D9:11:A3:08
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/5b7387-3aae-497d-aabd-abb7438bc8a5/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/5b7387-3aae-497d-aabd-abb7438bc8a5/1/x8_M1olXoPcEOajWD_PIuNkRowg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1368::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:4e:ff:fe:25:df:93:70:37:cf:36:dd:44:eb:8d:2e:26:89:
         e0:ae:e3:c8:f5:b7:7e:35:3d:43:2d:d5:77:1d:c1:0c:79:fa:
         e5:91:3e:49:d0:77:db:60:7a:14:1a:9f:e9:60:c7:31:47:56:
         2b:ce:4a:cf:25:87:40:07:75:ac:de:19:ce:99:7e:d2:29:a4:
         26:0d:44:ce:4e:bd:7f:cd:2c:63:47:31:f2:70:e6:0a:56:01:
         8d:d7:40:af:eb:eb:d4:bc:8b:b0:76:3a:d9:84:e8:b0:26:96:
         62:bc:ed:1d:0e:20:70:a1:5c:91:8a:9c:57:4b:9b:c0:54:18:
         ed:a9:9c:67:4f:46:52:b0:1d:82:4c:ee:b4:29:5f:62:51:a6:
         35:27:ce:80:a5:3e:34:7a:ff:84:6f:ba:98:83:4a:ea:7e:1b:
         ee:95:ec:72:76:8b:4f:7f:21:fa:6d:32:f7:49:ec:97:24:ff:
         14:3a:65:ba:ab:05:3b:92:e5:af:c6:76:fb:e6:9d:26:7e:49:
         6b:5a:13:03:44:11:3d:46:e5:69:89:a5:5f:0d:d7:e2:92:24:
         6b:1c:11:aa:da:10:72:58:60:8e:e8:ad:5b:a9:e5:c1:9b:50:
         e9:02:9c:03:5a:85:1a:4b:7d:9d:c1:55:cc:91:72:c6:79:7c:
         e3:1e:20:17
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgISAYzDSKhPQFuVEaHTDQAM6A2rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2NmY2NkNjg5NTdhMGY3MDQzOWE4ZDYwZmYzYzhiOGQ5MTFhMzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqggIZcbQH0l2KdP960d5bo44A71i
tdyFVGeWehX1NJmTG7jtSQlPgy4tC6C2rzo9t/NDrGmtUKUcY1lhlwSmauQSHnU9
D8QX2aZX9hjwiORbLmcermO7XcJrD9yL3G36ghwEd0EWIpz2GV34CArnnMhk8O2n
OQDVghpZ6RKcZYtpKY5zqSm541vR8Lbaso2j978D0Q8P6On+4woUheRMHirkGbPU
RUlHajhrcwqDBEcJ8rzjXx1JcxJmwIO7xt+7pwXa9J8qSyiUNI63JBUHHJOA7YVo
Ze5ExrpSGdGWDxlq79jfVkPxgTsurFiJZ3luicJTdQY8JNaj0HTz2WUU+QIDAQAB
o4IChzCCAoMwHQYDVR0OBBYEFMfPzNaJV6D3BDmo1g/zyLjZEaMIMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFmLzViNzM4
Ny0zYWFlLTQ5N2QtYWFiZC1hYmI3NDM4YmM4YTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWYvNWI3Mzg3
LTNhYWUtNDk3ZC1hYWJkLWFiYjc0MzhiYzhhNS8xL3g4X00xb2xYb1BjRU9haldE
X1BJdU5rUm93Zy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBNoMA0GCSqGSIb3DQEBCwUAA4IBAQAy
Tv/+Jd+TcDfPNt1E640uJongruPI9bd+NT1DLdV3HcEMefrlkT5J0HfbYHoUGp/p
YMcxR1YrzkrPJYdAB3Ws3hnOmX7SKaQmDUTOTr1/zSxjRzHycOYKVgGN10Cv6+vU
vIuwdjrZhOiwJpZivO0dDiBwoVyRipxXS5vAVBjtqZxnT0ZSsB2CTO60KV9iUaY1
J86ApT40ev+Eb7qYg0rqfhvulexydotPfyH6bTL3SeyXJP8UOmW6qwU7kuWvxnb7
5p0mfklrWhMDRBE9RuVpiaVfDdfikiRrHBGq2hByWGCO6K1bqeXBm1DpApwDWoUa
S32dwVXMkXLGeXzjHiAX
-----END CERTIFICATE-----