Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/zgQm-dLl8wq4eoJ2f9iW7rpLHFc.cer
File:                     zgQm-dLl8wq4eoJ2f9iW7rpLHFc.cer (raw, json)
Hash identifier:          7AwN8E3tDVJ4cKJi2WghpZg/xQ6xooEgjuCPr0nZUnw=
Subject key identifier:   CE:04:26:F9:D2:E5:F3:0A:B8:7A:82:76:7F:D8:96:EE:BA:4B:1C:57
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2A0F59780B5F8DE72EBFC79EB43278
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e2/394dc0-75aa-40a8-8222-ee4a4618524c/1/zgQm-dLl8wq4eoJ2f9iW7rpLHFc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e2/394dc0-75aa-40a8-8222-ee4a4618524c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:33:23 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.213.1.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:0f:59:78:0b:5f:8d:e7:2e:bf:c7:9e:b4:32:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:33:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce0426f9d2e5f30ab87a82767fd896eeba4b1c57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:70:aa:c3:7f:59:fe:75:77:74:32:fe:c6:08:
                    66:8c:e1:a6:af:3e:41:9d:c2:ad:a2:c3:48:a0:0f:
                    37:e0:62:8e:a4:ad:b5:1f:cf:37:43:8d:8c:8d:45:
                    e8:d4:f8:5b:96:21:e3:36:27:12:bc:59:c0:6e:78:
                    7e:84:25:c9:a2:79:22:fb:56:49:d9:de:bf:46:1d:
                    b5:d2:a8:e1:85:07:cf:d3:86:ac:8f:de:26:f2:5e:
                    f4:6e:cd:90:cf:51:84:1a:19:cb:01:39:e7:a7:51:
                    b2:fe:a7:f9:fc:c7:b3:dc:13:bc:e9:e6:cb:a9:cb:
                    8a:92:57:ce:2f:0a:15:f8:60:26:7a:54:af:c0:60:
                    21:7b:56:d1:8c:e5:6f:6b:66:50:81:64:7c:e2:64:
                    64:50:4e:13:c7:b4:cf:6b:aa:a9:f4:d4:b2:db:51:
                    d4:e4:15:cb:39:d7:d6:99:e1:fa:e7:85:f5:43:12:
                    cb:b1:ea:05:8d:57:22:37:61:84:4b:ab:2b:ac:f4:
                    11:37:76:25:d2:22:8e:1a:fe:4d:6b:c9:1c:63:b4:
                    76:5a:f0:38:24:e9:49:d3:58:08:6d:52:a2:99:02:
                    dc:c2:75:60:b4:64:b5:2d:22:73:1d:d2:22:c4:42:
                    88:29:86:3a:6e:d4:26:2b:48:38:aa:74:75:22:c9:
                    4d:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:04:26:F9:D2:E5:F3:0A:B8:7A:82:76:7F:D8:96:EE:BA:4B:1C:57
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/394dc0-75aa-40a8-8222-ee4a4618524c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/394dc0-75aa-40a8-8222-ee4a4618524c/1/zgQm-dLl8wq4eoJ2f9iW7rpLHFc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:7b:99:49:cf:e5:39:62:be:d5:bc:bd:c9:fc:5e:8d:e7:cc:
         ff:a8:7e:a4:1b:38:91:8a:3a:ed:a0:40:1d:98:10:9b:77:7d:
         47:48:8a:6e:9c:bd:f0:ef:40:be:7e:b6:d2:17:b9:89:22:d0:
         c2:9b:3d:bf:8c:5f:51:3f:aa:c4:82:22:8b:78:1f:29:34:d0:
         53:39:a9:7c:ae:00:2c:2b:b9:e6:33:e8:9a:9a:b7:c0:21:18:
         5f:f2:c2:19:aa:2a:77:1a:3e:25:27:58:2f:f0:21:6d:cd:35:
         35:ad:f1:23:37:7f:74:25:e1:a5:14:19:a5:2f:0f:43:6d:c7:
         8a:a8:17:e4:04:86:6b:a1:b5:a5:c4:18:02:09:84:8b:36:4f:
         ef:62:83:cd:5a:cf:66:8f:ff:58:a3:d9:01:de:bd:24:76:88:
         c0:83:99:ac:a3:9c:4b:d7:2e:a4:5c:f5:cb:53:05:c1:da:06:
         ab:dc:64:e7:84:22:63:23:12:7c:b7:cf:d3:9b:20:1d:05:d1:
         53:44:da:5c:df:bc:85:41:11:ab:6a:75:44:ef:4e:8c:10:b4:
         30:9e:57:41:f8:1a:0f:64:e0:47:0a:6a:cb:52:9e:5f:5f:47:
         ab:2d:c6:d3:e1:be:f6:0d:b9:0e:6a:d0:12:7c:39:c7:35:71:
         c2:6b:ea:e2
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzKKg9ZeAtfjecuv8eetDJ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTA0MjZmOWQyZTVmMzBhYjg3YTgyNzY3ZmQ4OTZlZWJhNGIxYzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHCqw39Z/nV3dDL+xghmjOGmrz5B
ncKtosNIoA834GKOpK21H883Q42MjUXo1PhbliHjNicSvFnAbnh+hCXJonki+1ZJ
2d6/Rh210qjhhQfP04asj94m8l70bs2Qz1GEGhnLATnnp1Gy/qf5/Mez3BO86ebL
qcuKklfOLwoV+GAmelSvwGAhe1bRjOVva2ZQgWR84mRkUE4Tx7TPa6qp9NSy21HU
5BXLOdfWmeH654X1QxLLseoFjVciN2GES6srrPQRN3Yl0iKOGv5Na8kcY7R2WvA4
JOlJ01gIbVKimQLcwnVgtGS1LSJzHdIixEKIKYY6btQmK0g4qnR1IslNVwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFM4EJvnS5fMKuHqCdn/Ylu66SxxXMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2UyLzM5NGRj
MC03NWFhLTQwYTgtODIyMi1lZTRhNDYxODUyNGMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvMzk0ZGMw
LTc1YWEtNDBhOC04MjIyLWVlNGE0NjE4NTI0Yy8xL3pnUW0tZExsOHdxNGVvSjJm
OWlXN3JwTEhGYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9UBMA0GCSqGSIb3DQEBCwUAA4IBAQCbe5lJ
z+U5Yr7VvL3J/F6N58z/qH6kGziRijrtoEAdmBCbd31HSIpunL3w70C+frbSF7mJ
ItDCmz2/jF9RP6rEgiKLeB8pNNBTOal8rgAsK7nmM+iamrfAIRhf8sIZqip3Gj4l
J1gv8CFtzTU1rfEjN390JeGlFBmlLw9DbceKqBfkBIZrobWlxBgCCYSLNk/vYoPN
Ws9mj/9Yo9kB3r0kdojAg5mso5xL1y6kXPXLUwXB2gar3GTnhCJjIxJ8t8/TmyAd
BdFTRNpc37yFQRGranVE706MELQwnldB+BoPZOBHCmrLUp5fX0erLcbT4b72DbkO
atASfDnHNXHCa+ri
-----END CERTIFICATE-----