Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/xcSzrlnZgfJQzIfatZeFSr7XowA.cer
File:                     xcSzrlnZgfJQzIfatZeFSr7XowA.cer (raw, json)
Hash identifier:          Rr3BAAgxI2HYTi6OfJK2HvzZ1vu1+nqk98fa6DUwG+8=
Subject key identifier:   C5:C4:B3:AE:59:D9:81:F2:50:CC:87:DA:B5:97:85:4A:BE:D7:A3:00
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018E755101A06899C8D2184385F74DE5BCEE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2e/9f54a6-933f-47de-8726-eddf527e8f2d/1/xcSzrlnZgfJQzIfatZeFSr7XowA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2e/9f54a6-933f-47de-8726-eddf527e8f2d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 25 Mar 2024 11:13:46 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.223.56.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:75:51:01:a0:68:99:c8:d2:18:43:85:f7:4d:e5:bc:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar 25 11:13:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5c4b3ae59d981f250cc87dab597854abed7a300
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:e7:54:a7:59:12:94:db:19:7a:71:64:ed:65:
                    f5:d9:4c:e2:08:61:07:5b:cc:91:54:71:89:16:fa:
                    ab:7a:3e:b4:a3:16:0d:b5:79:e0:6a:65:ed:8a:cb:
                    db:ef:0a:03:3e:3b:18:c7:b8:91:e9:0d:89:b2:7e:
                    72:af:eb:69:13:24:bd:19:e9:a9:6e:0f:7e:ba:f7:
                    34:d9:4c:9c:2a:e5:4f:b7:6a:8e:98:f7:1c:b1:ce:
                    52:4c:19:ca:36:eb:fb:86:99:7a:38:cf:53:f8:96:
                    2c:87:e1:53:87:43:92:a8:16:c1:dd:f3:40:2d:18:
                    73:75:7b:ae:58:7b:48:28:1a:f4:80:90:9f:22:49:
                    ab:2c:80:2d:35:76:48:22:db:db:0c:2e:92:66:c4:
                    b8:09:8c:1c:f5:f8:85:f8:4a:bc:97:7b:75:3f:67:
                    63:89:00:5c:da:34:9c:6e:18:e3:f1:83:51:18:1a:
                    bb:3d:65:b4:ae:63:e4:ca:85:de:0c:22:89:69:f5:
                    42:e7:0a:e0:5e:09:03:c3:10:da:70:60:46:6d:7f:
                    64:34:74:d9:93:24:6d:d7:24:a0:3c:60:0e:d6:09:
                    99:cb:2d:0f:07:fd:00:be:3d:da:43:ef:ac:af:09:
                    0a:d7:60:46:b0:17:cd:e6:2e:e9:c6:56:f6:34:fe:
                    4b:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:C4:B3:AE:59:D9:81:F2:50:CC:87:DA:B5:97:85:4A:BE:D7:A3:00
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/9f54a6-933f-47de-8726-eddf527e8f2d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/9f54a6-933f-47de-8726-eddf527e8f2d/1/xcSzrlnZgfJQzIfatZeFSr7XowA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:33:b9:82:e1:ae:a1:bb:61:95:e3:98:1a:01:6f:9c:81:4f:
         a4:8b:10:6e:e4:38:4f:a5:e0:68:0e:9c:c6:b0:cd:6d:30:0d:
         d1:e0:fe:4d:dc:6c:db:9d:57:ff:c2:47:26:a6:a4:32:0d:13:
         99:68:7a:86:dd:9e:76:03:48:1e:d7:d3:71:83:47:cc:a3:20:
         90:14:e3:d3:dd:8d:37:98:0e:bf:c8:bb:ed:ac:79:e9:2a:2e:
         43:90:80:fc:6d:1f:89:0a:2f:ef:4d:a0:6d:c8:83:d3:11:bc:
         85:f3:9c:26:d0:97:29:77:18:e1:c6:e3:f2:c1:18:a8:8b:30:
         c2:40:ba:9c:97:e3:35:e0:e6:c4:be:f8:12:cd:ed:3e:b3:12:
         00:a8:ab:7b:56:17:45:e6:62:9f:28:ff:53:7d:5f:3a:1a:b8:
         d6:99:19:62:d9:48:2c:86:91:e3:42:1f:b4:90:ef:db:db:47:
         3e:55:13:03:d7:34:39:6e:25:0c:c8:7d:90:6e:84:97:52:3a:
         a9:65:69:58:f9:99:22:1a:fe:e3:d7:a5:23:99:71:d8:60:36:
         f3:9d:08:31:9e:49:be:41:0a:07:da:8a:2a:d5:d1:bf:81:38:
         ab:54:41:5e:06:fe:41:3c:df:9e:63:d1:14:2e:d3:1a:28:da:
         14:de:64:6a
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAY51UQGgaJnI0hhDhfdN5bzuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMzI1MTExMzQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWM0YjNhZTU5ZDk4MWYyNTBjYzg3ZGFiNTk3ODU0YWJlZDdhMzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzedUp1kSlNsZenFk7WX12UziCGEH
W8yRVHGJFvqrej60oxYNtXngamXtisvb7woDPjsYx7iR6Q2Jsn5yr+tpEyS9Gemp
bg9+uvc02UycKuVPt2qOmPccsc5STBnKNuv7hpl6OM9T+JYsh+FTh0OSqBbB3fNA
LRhzdXuuWHtIKBr0gJCfIkmrLIAtNXZIItvbDC6SZsS4CYwc9fiF+Eq8l3t1P2dj
iQBc2jScbhjj8YNRGBq7PWW0rmPkyoXeDCKJafVC5wrgXgkDwxDacGBGbX9kNHTZ
kyRt1ySgPGAO1gmZyy0PB/0Avj3aQ++srwkK12BGsBfN5i7pxlb2NP5L3QIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFMXEs65Z2YHyUMyH2rWXhUq+16MAMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJlLzlmNTRh
Ni05MzNmLTQ3ZGUtODcyNi1lZGRmNTI3ZThmMmQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmUvOWY1NGE2
LTkzM2YtNDdkZS04NzI2LWVkZGY1MjdlOGYyZC8xL3hjU3pybG5aZ2ZKUXpJZmF0
WmVGU3I3WG93QS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW984MA0GCSqGSIb3DQEBCwUAA4IBAQCiM7mC
4a6hu2GV45gaAW+cgU+kixBu5DhPpeBoDpzGsM1tMA3R4P5N3GzbnVf/wkcmpqQy
DROZaHqG3Z52A0ge19Nxg0fMoyCQFOPT3Y03mA6/yLvtrHnpKi5DkID8bR+JCi/v
TaBtyIPTEbyF85wm0JcpdxjhxuPywRioizDCQLqcl+M14ObEvvgSze0+sxIAqKt7
VhdF5mKfKP9TfV86GrjWmRli2UgshpHjQh+0kO/b20c+VRMD1zQ5biUMyH2QboSX
UjqpZWlY+ZkiGv7j16UjmXHYYDbznQgxnkm+QQoH2ooq1dG/gTirVEFeBv5BPN+e
Y9EULtMaKNoU3mRq
-----END CERTIFICATE-----