Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/xAqOocjcM7gpD-vTTkU4vZWXROg.cer
File:                     xAqOocjcM7gpD-vTTkU4vZWXROg.cer (raw, json)
Hash identifier:          hCdE10QXyyqHwlME7mC4MBKXCRAHmalntXsVEFTfGSk=
Subject key identifier:   C4:0A:8E:A1:C8:DC:33:B8:29:0F:EB:D3:4E:45:38:BD:95:97:44:E8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B69156AF404F7294C8E084666E893D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e6/e98bf7-c5c8-4561-97e8-e13160ac3e23/1/xAqOocjcM7gpD-vTTkU4vZWXROg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e6/e98bf7-c5c8-4561-97e8-e13160ac3e23/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:29:31 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.216.105.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:91:56:af:40:4f:72:94:c8:e0:84:66:6e:89:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c40a8ea1c8dc33b8290febd34e4538bd959744e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ad:0b:c4:8e:2e:bf:da:0a:70:5c:34:2a:4c:
                    aa:a4:fc:fa:26:c9:fc:45:0a:c9:f2:47:29:c8:42:
                    b4:a1:fb:59:2c:1c:6d:07:87:50:55:2e:6e:21:ab:
                    f4:75:70:bc:3e:15:9f:90:66:b0:e6:69:49:92:a1:
                    96:bd:9c:da:90:b2:d3:ba:e5:f0:cf:f1:5a:4f:29:
                    4d:77:9f:31:b6:22:dc:01:f2:e3:a8:06:16:8f:35:
                    fc:72:ac:00:0e:0e:cd:89:a5:37:cd:9b:38:b8:d5:
                    2b:98:42:86:2d:9b:86:a9:e7:76:a9:3b:39:fb:0e:
                    73:66:27:8d:3e:3d:a1:77:67:55:f5:68:d6:ff:a4:
                    ec:b4:ba:3d:31:04:53:98:bb:eb:ce:b4:be:0d:79:
                    19:f7:dc:30:ca:26:df:48:6d:2d:82:aa:a0:74:af:
                    ab:16:6a:d7:28:57:61:5d:15:21:a8:6a:7c:97:cc:
                    f8:06:c7:06:1e:c4:a6:62:ee:b6:fb:51:33:d7:b9:
                    33:59:0a:a3:9a:1d:a5:13:18:c7:a7:c6:9c:fc:d6:
                    3f:db:9e:fd:1a:c3:08:be:35:51:ad:e2:af:b3:03:
                    a6:ef:6a:66:99:38:fb:04:a9:8a:28:34:b6:da:08:
                    f4:57:a8:e5:62:d4:01:3d:a0:f3:5c:1a:42:5e:74:
                    c6:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:0A:8E:A1:C8:DC:33:B8:29:0F:EB:D3:4E:45:38:BD:95:97:44:E8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e98bf7-c5c8-4561-97e8-e13160ac3e23/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e98bf7-c5c8-4561-97e8-e13160ac3e23/1/xAqOocjcM7gpD-vTTkU4vZWXROg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:37:93:89:26:27:67:99:90:f7:d6:ed:01:74:ac:01:8b:03:
         6d:b5:d9:16:85:f8:bd:15:23:bb:29:84:f0:1f:5b:28:d5:2e:
         36:56:c5:47:2c:44:e4:d1:c2:6b:0a:ca:53:d7:86:6d:86:35:
         fa:d9:89:1c:86:fd:29:60:d3:0b:ed:0e:37:1d:71:08:4d:37:
         67:c5:5a:c5:bc:6d:ba:33:55:ab:55:2e:14:b4:d2:02:91:9a:
         17:a6:de:25:68:da:0f:22:a0:a0:c2:40:36:bc:95:44:2d:7a:
         2f:77:d5:cd:2f:b8:4e:46:32:c8:ae:70:f2:fe:02:4e:e5:64:
         83:24:05:5f:4a:b9:1c:33:7c:db:7b:9e:23:65:4f:e4:fb:d9:
         58:a9:17:71:78:5c:ba:cf:17:63:94:f8:90:58:05:34:e0:33:
         88:55:0e:13:63:bf:8a:c9:8f:05:8d:3e:af:ca:b9:e8:3a:9f:
         ae:51:3e:49:58:26:b1:8d:d8:c9:07:61:55:0d:36:b3:2a:ba:
         3c:ad:d6:92:26:0b:70:70:29:05:e7:72:fa:38:4f:07:ec:dc:
         69:b1:95:48:8d:cb:f8:6c:9e:ea:96:1f:31:d0:d8:9b:cd:ae:
         17:7f:c6:6f:a5:4b:76:18:8f:13:c3:c1:71:d0:90:98:07:b0:
         3c:3a:1a:c4
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzDtpFWr0BPcpTI4IRmbok9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDBhOGVhMWM4ZGMzM2I4MjkwZmViZDM0ZTQ1MzhiZDk1OTc0NGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv60LxI4uv9oKcFw0KkyqpPz6Jsn8
RQrJ8kcpyEK0oftZLBxtB4dQVS5uIav0dXC8PhWfkGaw5mlJkqGWvZzakLLTuuXw
z/FaTylNd58xtiLcAfLjqAYWjzX8cqwADg7NiaU3zZs4uNUrmEKGLZuGqed2qTs5
+w5zZieNPj2hd2dV9WjW/6TstLo9MQRTmLvrzrS+DXkZ99wwyibfSG0tgqqgdK+r
FmrXKFdhXRUhqGp8l8z4BscGHsSmYu62+1Ez17kzWQqjmh2lExjHp8ac/NY/2579
GsMIvjVRreKvswOm72pmmTj7BKmKKDS22gj0V6jlYtQBPaDzXBpCXnTG4wIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFMQKjqHI3DO4KQ/r005FOL2Vl0ToMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U2L2U5OGJm
Ny1jNWM4LTQ1NjEtOTdlOC1lMTMxNjBhYzNlMjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTYvZTk4YmY3
LWM1YzgtNDU2MS05N2U4LWUxMzE2MGFjM2UyMy8xL3hBcU9vY2pjTTdncEQtdlRU
a1U0dlpXWFJPZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9hpMA0GCSqGSIb3DQEBCwUAA4IBAQA8N5OJ
JidnmZD31u0BdKwBiwNttdkWhfi9FSO7KYTwH1so1S42VsVHLETk0cJrCspT14Zt
hjX62Ykchv0pYNML7Q43HXEITTdnxVrFvG26M1WrVS4UtNICkZoXpt4laNoPIqCg
wkA2vJVELXovd9XNL7hORjLIrnDy/gJO5WSDJAVfSrkcM3zbe54jZU/k+9lYqRdx
eFy6zxdjlPiQWAU04DOIVQ4TY7+KyY8FjT6vyrnoOp+uUT5JWCaxjdjJB2FVDTaz
Kro8rdaSJgtwcCkF53L6OE8H7NxpsZVIjcv4bJ7qlh8x0Nibza4Xf8ZvpUt2GI8T
w8Fx0JCYB7A8OhrE
-----END CERTIFICATE-----