Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/zkP-lNpK73rfscFih1rxysfLpLE.cer
File:                     zkP-lNpK73rfscFih1rxysfLpLE.cer (raw, json)
Hash identifier:          iRpmT0d70nDWh6GosfY0/BGV63rAmohVNlMpgePSdco=
Subject key identifier:   CE:43:FE:94:DA:4A:EF:7A:DF:B1:C1:62:87:5A:F1:CA:C7:CB:A4:B1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2B1E810BF662473EBF05DEC46C43FB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8f/f9d8d0-cc02-4abf-99bb-e018da53d129/1/zkP-lNpK73rfscFih1rxysfLpLE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8f/f9d8d0-cc02-4abf-99bb-e018da53d129/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:34:32 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.86.200.0/22
                          IP: 2a05:bb00::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:1e:81:0b:f6:62:47:3e:bf:05:de:c4:6c:43:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:34:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce43fe94da4aef7adfb1c162875af1cac7cba4b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:1b:9e:ba:bd:bb:34:c0:3f:11:57:a8:ac:00:
                    04:1b:0f:b0:b8:1e:00:67:b6:ce:33:8c:72:14:bc:
                    7f:ea:d7:d4:c1:a9:90:54:fd:5e:01:40:eb:bf:da:
                    c8:50:8d:97:e5:08:76:21:ae:e1:c1:f2:a0:b1:b2:
                    2c:3c:bd:f7:aa:ba:cf:ad:d8:53:66:f3:e8:46:94:
                    a8:9e:63:5f:69:ec:8f:f7:ac:0a:57:00:9c:04:5d:
                    cb:56:e8:87:1b:7e:6f:70:85:64:b4:a1:9a:d4:48:
                    a5:6a:0e:81:ba:a8:e5:d0:80:9c:8a:ee:e1:75:9c:
                    9e:c0:8e:e5:99:6d:d9:e1:da:94:67:07:b2:3b:e8:
                    54:72:92:84:d0:32:8e:e1:f1:4c:c6:93:5f:4f:86:
                    9a:e2:4d:f2:f9:54:be:b6:f7:30:b2:01:21:7c:fd:
                    8f:98:23:c8:c8:99:c2:2a:7a:9d:7b:05:1b:c7:a4:
                    2e:2f:7f:0c:42:07:d1:d0:4a:8d:9b:50:a4:9f:35:
                    91:2b:f6:e2:7d:18:58:db:84:83:0c:3d:66:a7:7d:
                    66:e8:c1:49:96:03:8d:b2:cf:c9:73:38:88:5c:01:
                    c8:f2:b2:7d:e0:3b:4a:ab:f1:13:66:c1:5e:81:fe:
                    a0:ca:a2:83:c1:50:ac:33:ab:3e:7e:27:86:0b:b9:
                    3d:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:43:FE:94:DA:4A:EF:7A:DF:B1:C1:62:87:5A:F1:CA:C7:CB:A4:B1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/f9d8d0-cc02-4abf-99bb-e018da53d129/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/f9d8d0-cc02-4abf-99bb-e018da53d129/1/zkP-lNpK73rfscFih1rxysfLpLE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.86.200.0/22
                IPv6:
                  2a05:bb00::/29

    Signature Algorithm: sha256WithRSAEncryption
         8e:e5:91:7f:25:ce:46:ab:4d:1c:12:76:ea:7f:1e:41:fe:cd:
         71:d7:14:7b:33:88:2a:91:51:ed:23:96:e9:5c:83:c5:8a:14:
         d2:69:dc:1d:7a:7d:77:b8:3b:dd:e9:f8:89:03:ba:af:16:46:
         87:7f:10:3b:4c:f2:9e:b3:0c:94:8f:2e:a2:c5:69:f3:39:e5:
         07:f2:03:fa:6f:32:b2:06:50:4f:70:da:fe:bb:9d:74:28:5e:
         4c:55:ce:1b:3d:6b:ab:15:cd:b8:dc:02:60:cf:0f:92:4e:c4:
         1f:94:be:e3:87:26:e5:1e:91:55:66:9e:2f:ea:a3:6f:ea:e0:
         ab:b0:cc:5f:de:8c:c7:08:14:f3:1a:e1:c3:a4:00:87:32:44:
         19:f3:bd:b6:cf:bb:88:d7:17:f1:56:8a:7a:6b:9b:5e:d8:a1:
         0e:60:fc:51:76:64:d0:b9:4a:a5:c9:c5:ea:b7:59:37:b6:fc:
         19:49:47:93:6f:96:a3:bf:ad:36:1f:ad:92:10:60:21:6e:37:
         74:b7:11:c9:e4:09:2d:8f:8f:dc:e6:35:db:60:ce:8c:a0:fa:
         5c:97:9f:f1:51:10:e0:18:39:88:85:1c:e2:9f:63:29:90:6b:
         24:e8:81:71:7c:3c:12:a8:c0:43:fc:df:ac:63:10:d9:75:fc:
         66:ac:83:2b
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzKKx6BC/ZiRz6/Bd7EbEP7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzNDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTQzZmU5NGRhNGFlZjdhZGZiMWMxNjI4NzVhZjFjYWM3Y2JhNGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxueur27NMA/EVeorAAEGw+wuB4A
Z7bOM4xyFLx/6tfUwamQVP1eAUDrv9rIUI2X5Qh2Ia7hwfKgsbIsPL33qrrPrdhT
ZvPoRpSonmNfaeyP96wKVwCcBF3LVuiHG35vcIVktKGa1Eilag6Buqjl0ICciu7h
dZyewI7lmW3Z4dqUZweyO+hUcpKE0DKO4fFMxpNfT4aa4k3y+VS+tvcwsgEhfP2P
mCPIyJnCKnqdewUbx6QuL38MQgfR0EqNm1CknzWRK/bifRhY24SDDD1mp31m6MFJ
lgONss/JcziIXAHI8rJ94DtKq/ETZsFegf6gyqKDwVCsM6s+fieGC7k93wIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFM5D/pTaSu9637HBYoda8crHy6SxMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhmL2Y5ZDhk
MC1jYzAyLTRhYmYtOTliYi1lMDE4ZGE1M2QxMjkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGYvZjlkOGQw
LWNjMDItNGFiZi05OWJiLWUwMThkYTUzZDEyOS8xL3prUC1sTnBLNzNyZnNjRmlo
MXJ4eXNmTHBMRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuVbIMA0EAgACMAcDBQMqBbsAMA0GCSqGSIb3
DQEBCwUAA4IBAQCO5ZF/Jc5Gq00cEnbqfx5B/s1x1xR7M4gqkVHtI5bpXIPFihTS
adwden13uDvd6fiJA7qvFkaHfxA7TPKeswyUjy6ixWnzOeUH8gP6bzKyBlBPcNr+
u510KF5MVc4bPWurFc243AJgzw+STsQflL7jhyblHpFVZp4v6qNv6uCrsMxf3ozH
CBTzGuHDpACHMkQZ8722z7uI1xfxVop6a5te2KEOYPxRdmTQuUqlycXqt1k3tvwZ
SUeTb5ajv602H62SEGAhbjd0txHJ5Aktj4/c5jXbYM6MoPpcl5/xURDgGDmIhRzi
n2MpkGsk6IFxfDwSqMBD/N+sYxDZdfxmrIMr
-----END CERTIFICATE-----