Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/xxnK2ZIhFbz6dFK6Cm5Dpq9OTCQ.cer
File:                     xxnK2ZIhFbz6dFK6Cm5Dpq9OTCQ.cer (raw, json)
Hash identifier:          LkjuMw04JeMSzpwomLf1Xy6+jmtvt9aLuaQWCCR/Djs=
Subject key identifier:   C7:19:CA:D9:92:21:15:BC:FA:74:52:BA:0A:6E:43:A6:AF:4E:4C:24
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8DCC7F3351ACA6B43CC430194FA1A6A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a7/149332-6969-4c4b-b591-7c2c08b5ee49/1/xxnK2ZIhFbz6dFK6Cm5Dpq9OTCQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a7/149332-6969-4c4b-b591-7c2c08b5ee49/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 06:29:21 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 2001:67c:2d90::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:c7:f3:35:1a:ca:6b:43:cc:43:01:94:fa:1a:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c719cad9922115bcfa7452ba0a6e43a6af4e4c24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:4a:5e:1d:38:e3:df:e5:f0:a8:9f:cc:f0:10:
                    cd:86:bd:5a:02:a2:8c:44:06:f5:60:b3:62:f7:b0:
                    34:c4:e4:5d:af:c4:d6:d2:4c:31:9f:63:5a:2c:39:
                    7a:67:62:4f:96:fe:b1:b4:db:58:8e:16:8e:5b:97:
                    1a:e0:fd:bc:f7:42:87:02:33:5c:ec:9e:9f:cd:37:
                    1d:7a:cd:52:81:72:58:62:9e:5e:49:bd:17:a8:90:
                    9f:05:04:7c:f4:9d:cf:1f:96:a6:5b:65:f3:a2:48:
                    c0:70:c1:07:2b:44:79:21:cb:0c:8e:e5:62:ed:7d:
                    ed:f7:38:3b:e2:25:a7:a0:90:af:ff:9a:5c:4b:31:
                    17:d6:35:f7:26:29:5c:03:39:d7:0c:4a:cf:5d:e7:
                    5f:d3:b2:c6:e2:a4:4f:42:62:68:e5:7c:48:f9:92:
                    71:6a:34:57:31:e7:63:f4:54:f6:16:9b:30:51:2a:
                    42:df:3c:f0:02:22:db:65:0c:c6:b8:a4:6f:85:4f:
                    9a:11:b6:72:24:f4:9f:08:f2:e6:ec:ff:a6:f9:48:
                    e3:07:5e:ac:08:1a:c0:16:43:fa:00:ab:a0:d5:77:
                    5f:24:af:a9:45:f2:5c:a9:ac:6a:33:d0:0a:63:a5:
                    fe:6f:76:70:2f:5b:e0:72:a6:b1:90:bc:d0:9c:3a:
                    ae:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:19:CA:D9:92:21:15:BC:FA:74:52:BA:0A:6E:43:A6:AF:4E:4C:24
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/149332-6969-4c4b-b591-7c2c08b5ee49/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/149332-6969-4c4b-b591-7c2c08b5ee49/1/xxnK2ZIhFbz6dFK6Cm5Dpq9OTCQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2d90::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:70:26:f9:7a:06:ab:bc:6b:c9:f2:f3:a1:14:7f:97:2d:96:
         6a:10:ed:b2:d4:2e:68:f0:ac:8a:a8:f3:6e:24:bf:cd:45:2e:
         6d:6d:3b:80:10:a8:74:7d:93:88:d3:3a:29:f9:26:d9:c8:e2:
         ca:03:b7:c2:49:3d:54:b0:c0:8f:3b:f9:0b:85:6c:20:7b:66:
         13:fd:9b:e2:3d:aa:f4:14:0f:27:f7:f6:4b:de:1f:90:7c:5f:
         c9:8d:70:cc:2d:21:7b:8a:9e:45:c7:06:87:ac:60:1c:cf:35:
         9b:ce:6d:81:d4:3e:3b:93:40:66:7b:0c:3f:3e:82:c5:a3:7b:
         40:bf:25:a4:d5:28:f0:11:af:ae:b4:a0:06:19:bf:e8:20:ce:
         23:9c:98:c0:1b:71:f5:78:ff:48:21:d8:82:a3:23:6b:93:9f:
         bd:d6:fd:2e:9b:c6:c8:db:74:48:f4:b4:6b:a6:ac:28:d4:a9:
         59:77:84:28:6a:42:5e:79:60:bd:ab:96:4f:60:26:72:86:c0:
         78:3e:7b:2f:e4:16:a9:8a:eb:e2:7d:3b:04:8f:90:de:de:c6:
         f4:ed:3f:8d:71:30:2b:66:d7:3e:5b:64:27:b8:cb:a3:53:20:
         00:91:42:6a:7e:46:6d:f5:f8:41:6d:f2:ba:0e:33:eb:24:68:
         04:b3:11:14
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgISAYzI3MfzNRrKa0PMQwGU+hpqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDYyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzE5Y2FkOTkyMjExNWJjZmE3NDUyYmEwYTZlNDNhNmFmNGU0YzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2kpeHTjj3+XwqJ/M8BDNhr1aAqKM
RAb1YLNi97A0xORdr8TW0kwxn2NaLDl6Z2JPlv6xtNtYjhaOW5ca4P2890KHAjNc
7J6fzTcdes1SgXJYYp5eSb0XqJCfBQR89J3PH5amW2XzokjAcMEHK0R5IcsMjuVi
7X3t9zg74iWnoJCv/5pcSzEX1jX3JilcAznXDErPXedf07LG4qRPQmJo5XxI+ZJx
ajRXMedj9FT2FpswUSpC3zzwAiLbZQzGuKRvhU+aEbZyJPSfCPLm7P+m+UjjB16s
CBrAFkP6AKug1XdfJK+pRfJcqaxqM9AKY6X+b3ZwL1vgcqaxkLzQnDquiwIDAQAB
o4IChzCCAoMwHQYDVR0OBBYEFMcZytmSIRW8+nRSugpuQ6avTkwkMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2E3LzE0OTMz
Mi02OTY5LTRjNGItYjU5MS03YzJjMDhiNWVlNDkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTcvMTQ5MzMy
LTY5NjktNGM0Yi1iNTkxLTdjMmMwOGI1ZWU0OS8xL3h4bksyWkloRmJ6NmRGSzZD
bTVEcHE5T1RDUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC2QMA0GCSqGSIb3DQEBCwUAA4IBAQBA
cCb5egarvGvJ8vOhFH+XLZZqEO2y1C5o8KyKqPNuJL/NRS5tbTuAEKh0fZOI0zop
+SbZyOLKA7fCST1UsMCPO/kLhWwge2YT/ZviPar0FA8n9/ZL3h+QfF/JjXDMLSF7
ip5FxwaHrGAczzWbzm2B1D47k0Bmeww/PoLFo3tAvyWk1SjwEa+utKAGGb/oIM4j
nJjAG3H1eP9IIdiCoyNrk5+91v0um8bI23RI9LRrpqwo1KlZd4QoakJeeWC9q5ZP
YCZyhsB4Pnsv5BapiuvifTsEj5De3sb07T+NcTArZtc+W2QnuMujUyAAkUJqfkZt
9fhBbfK6DjPrJGgEsxEU
-----END CERTIFICATE-----