Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/xRZ0_uVVZygXXvtW6qi5nzgVr6c.cer
File:                     xRZ0_uVVZygXXvtW6qi5nzgVr6c.cer (raw, json)
Hash identifier:          +/KK3yTnGz/V+4EjxkGRzXz2TJUGme03j2/9e4XJ77o=
Subject key identifier:   C5:16:74:FE:E5:55:67:28:17:5E:FB:56:EA:A8:B9:9F:38:15:AF:A7
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC871528A7D9E7A440E522BF1E7F75876
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fd/5fb089-2589-4c71-b026-3cbe1af3b82c/1/xRZ0_uVVZygXXvtW6qi5nzgVr6c.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fd/5fb089-2589-4c71-b026-3cbe1af3b82c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 04:31:59 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.179.246.0/24
                          IP: 2a10:4d40::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:52:8a:7d:9e:7a:44:0e:52:2b:f1:e7:f7:58:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:31:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c51674fee5556728175efb56eaa8b99f3815afa7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:06:ec:a8:67:87:35:99:a0:8d:8e:00:99:d2:
                    79:e7:7d:39:8c:65:e7:fa:1e:2d:73:6d:a0:8d:d8:
                    02:38:e4:84:46:81:8b:bf:f2:bd:57:77:55:a4:b5:
                    9d:53:ec:9b:50:89:88:8c:19:0a:00:bb:de:0e:c9:
                    67:c0:c3:69:4a:51:52:9b:43:fc:a4:66:87:0d:3b:
                    d3:b7:c6:88:3f:bf:99:d5:e4:0f:c2:fb:d4:8b:bc:
                    eb:f7:60:0c:b6:bf:04:95:be:a1:72:f4:fc:37:40:
                    94:60:38:d3:42:a6:1a:e0:2e:43:bc:db:e0:c6:1f:
                    32:04:6e:73:ee:f8:82:34:3d:97:a4:07:43:32:10:
                    43:bf:d0:85:46:6a:33:74:23:ac:12:cf:70:e3:79:
                    d2:e2:9b:ad:73:36:36:db:a4:f1:85:7c:02:a9:ac:
                    e4:90:be:f7:84:46:07:ed:98:ab:18:a0:be:67:13:
                    f5:7b:55:20:e1:de:85:df:c9:3d:30:c6:1d:19:4f:
                    8a:cf:87:55:87:df:6f:dd:d1:0a:d9:7e:17:15:6d:
                    60:3d:61:06:0f:55:fb:8c:ce:4b:9d:fa:1d:56:0b:
                    56:05:8f:a2:f4:2d:23:ce:8f:9f:44:1f:13:a7:b6:
                    87:cc:5d:3b:2b:e2:ce:c7:86:aa:fd:5d:4e:f4:e3:
                    2d:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:16:74:FE:E5:55:67:28:17:5E:FB:56:EA:A8:B9:9F:38:15:AF:A7
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5fb089-2589-4c71-b026-3cbe1af3b82c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5fb089-2589-4c71-b026-3cbe1af3b82c/1/xRZ0_uVVZygXXvtW6qi5nzgVr6c.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.246.0/24
                IPv6:
                  2a10:4d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         b1:23:cc:3c:74:95:5b:e6:4f:43:e9:86:ed:4b:26:10:75:5b:
         3f:99:06:f0:64:6d:ad:7a:87:8e:5a:26:73:24:87:d2:7e:e3:
         b4:b3:49:0d:96:87:fa:59:f0:ec:a7:60:42:ab:7f:d4:72:59:
         71:27:cf:e8:6d:6f:90:04:66:6a:b6:7a:c6:fd:63:e4:86:0e:
         5c:b8:7d:37:09:1e:a7:c2:27:fc:02:d4:52:55:74:d6:a4:0d:
         e2:8b:f6:cd:21:c3:3b:96:17:45:3f:65:d0:aa:ee:7f:65:52:
         22:1f:df:b8:0b:42:11:d1:7f:36:8f:f4:4c:8c:19:c9:5e:ab:
         81:a6:a1:8a:85:8b:f0:76:b4:90:bf:4b:b6:d2:fa:a9:35:b6:
         a0:1f:cf:d7:10:28:58:a8:99:1d:d2:90:29:89:2b:63:a0:f7:
         38:7e:2f:98:fc:59:eb:0a:5d:a7:65:d5:3a:89:81:7e:6e:a9:
         b7:e2:1a:1a:22:84:02:17:74:95:4c:08:22:72:63:07:94:32:
         b2:92:a2:4f:c2:50:be:24:40:a3:71:4d:26:27:e8:f3:7f:3c:
         2e:82:d7:b7:f0:2b:94:31:93:a2:d9:e5:5a:21:8e:76:00:f5:
         8d:4e:b4:41:84:1b:92:a6:5c:37:77:dc:4c:9a:1f:7c:f2:50:
         bf:0e:d4:b8
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzIcVKKfZ56RA5SK/Hn91h2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDQzMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTE2NzRmZWU1NTU2NzI4MTc1ZWZiNTZlYWE4Yjk5ZjM4MTVhZmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwbsqGeHNZmgjY4AmdJ55305jGXn
+h4tc22gjdgCOOSERoGLv/K9V3dVpLWdU+ybUImIjBkKALveDslnwMNpSlFSm0P8
pGaHDTvTt8aIP7+Z1eQPwvvUi7zr92AMtr8Elb6hcvT8N0CUYDjTQqYa4C5DvNvg
xh8yBG5z7viCND2XpAdDMhBDv9CFRmozdCOsEs9w43nS4putczY226TxhXwCqazk
kL73hEYH7ZirGKC+ZxP1e1Ug4d6F38k9MMYdGU+Kz4dVh99v3dEK2X4XFW1gPWEG
D1X7jM5LnfodVgtWBY+i9C0jzo+fRB8Tp7aHzF07K+LOx4aq/V1O9OMtNQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFMUWdP7lVWcoF177VuqouZ84Fa+nMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZkLzVmYjA4
OS0yNTg5LTRjNzEtYjAyNi0zY2JlMWFmM2I4MmMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmQvNWZiMDg5
LTI1ODktNGM3MS1iMDI2LTNjYmUxYWYzYjgyYy8xL3hSWjBfdVZWWnlnWFh2dFc2
cWk1bnpnVnI2Yy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAubP2MA0EAgACMAcDBQMqEE1AMA0GCSqGSIb3
DQEBCwUAA4IBAQCxI8w8dJVb5k9D6YbtSyYQdVs/mQbwZG2teoeOWiZzJIfSfuO0
s0kNlof6WfDsp2BCq3/UcllxJ8/obW+QBGZqtnrG/WPkhg5cuH03CR6nwif8AtRS
VXTWpA3ii/bNIcM7lhdFP2XQqu5/ZVIiH9+4C0IR0X82j/RMjBnJXquBpqGKhYvw
drSQv0u20vqpNbagH8/XEChYqJkd0pApiStjoPc4fi+Y/FnrCl2nZdU6iYF+bqm3
4hoaIoQCF3SVTAgicmMHlDKykqJPwlC+JECjcU0mJ+jzfzwugte38CuUMZOi2eVa
IY52APWNTrRBhBuSplw3d9xMmh988lC/DtS4
-----END CERTIFICATE-----