Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/zvOPSFaIM6X3FX7vWXh4M6AfU_U.cer
File:                     zvOPSFaIM6X3FX7vWXh4M6AfU_U.cer (raw, json)
Hash identifier:          JUAWgCzAqn/sKbX11xXXXIno1ewCaXQAxgPTGENqP+g=
Subject key identifier:   CE:F3:8F:48:56:88:33:A5:F7:15:7E:EF:59:78:78:33:A0:1F:53:F5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DB1A25E68F1A0FF6AB1F595890F9BC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/94/e10abe-4148-451b-94f5-f95c6097a50d/1/zvOPSFaIM6X3FX7vWXh4M6AfU_U.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/94/e10abe-4148-451b-94f5-f95c6097a50d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:48 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.92.60.0/22
                          IP: 2a05:ef40::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:1a:25:e6:8f:1a:0f:f6:ab:1f:59:58:90:f9:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cef38f48568833a5f7157eef59787833a01f53f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:39:a3:b3:f6:b7:bd:9e:ac:8e:7d:97:41:b2:
                    15:88:84:38:fa:34:f3:03:6b:c9:0d:5b:2a:9e:d4:
                    34:03:13:8e:48:ff:4f:fd:b5:10:f3:87:60:73:9c:
                    ff:10:7d:32:25:38:73:50:d1:4c:88:19:69:53:73:
                    e8:30:cd:fd:e2:dc:ff:35:9c:9d:6c:8f:b6:b8:c9:
                    a0:f5:1f:91:24:b9:d5:45:89:56:13:ed:8a:08:bd:
                    dc:b5:3f:39:c0:0c:38:24:84:19:95:9f:a8:e1:f8:
                    07:b1:c3:00:17:ca:2c:92:5d:40:c3:9a:b0:a9:d1:
                    92:71:72:00:ca:87:fa:88:fd:19:22:98:a1:ab:e2:
                    18:ae:a6:23:ad:42:dd:12:95:45:d3:71:cf:e3:94:
                    3a:54:ba:7d:e2:b7:36:7f:8a:36:70:f8:41:f1:5d:
                    df:c4:26:34:f6:75:0d:6b:1a:13:f8:91:56:3f:0f:
                    b8:01:07:9a:8f:29:52:9e:7d:9a:74:d0:32:41:36:
                    5f:af:e0:d0:67:20:64:50:83:99:12:a2:85:31:9a:
                    97:c6:c3:e1:39:f1:a2:59:25:27:4d:0c:71:cd:b0:
                    e8:ed:e3:2d:e6:86:bb:ac:af:b2:86:ef:33:c8:aa:
                    1f:3a:e3:57:31:85:e8:77:18:26:37:1d:c4:47:61:
                    85:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:F3:8F:48:56:88:33:A5:F7:15:7E:EF:59:78:78:33:A0:1F:53:F5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/e10abe-4148-451b-94f5-f95c6097a50d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/e10abe-4148-451b-94f5-f95c6097a50d/1/zvOPSFaIM6X3FX7vWXh4M6AfU_U.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.92.60.0/22
                IPv6:
                  2a05:ef40::/29

    Signature Algorithm: sha256WithRSAEncryption
         07:23:ba:27:9d:3d:c3:c4:e1:25:cb:56:2f:a0:bb:65:3b:21:
         8f:c4:1a:39:59:a8:26:b3:d9:9b:49:cf:97:5e:11:c5:e7:0c:
         5e:5a:da:52:47:fe:74:5a:d3:ab:e0:6f:8d:b7:45:35:bd:c1:
         7f:05:9c:c8:de:2e:1e:97:f7:ee:a3:fd:ec:ec:fc:2a:da:72:
         8f:7c:91:ab:fd:81:df:78:72:69:9b:a1:19:7f:9a:df:e1:b8:
         77:84:71:5b:dc:15:94:c4:8a:fb:28:95:bf:9a:68:23:70:84:
         ab:0e:ab:b5:46:08:37:ff:f1:33:55:9b:0e:20:f8:e0:05:cf:
         29:33:96:7c:87:2a:a5:f9:c9:b5:ab:8a:a0:87:05:e5:c4:48:
         cd:8c:eb:8a:60:c0:b6:a6:ec:5c:5a:2b:3c:f3:e3:41:04:be:
         33:14:4e:4a:40:3b:c9:a0:0e:71:95:9a:e6:4b:22:c1:3a:0e:
         72:d0:53:41:12:f7:0b:5d:eb:f7:e4:13:3e:54:10:ee:68:ea:
         44:1d:0c:31:2c:5d:d1:f6:7e:75:98:23:a8:14:83:28:4e:e9:
         0f:c0:46:24:9b:70:ee:a9:a0:a2:17:40:da:56:96:22:18:20:
         6d:16:28:e9:9e:b4:74:86:a5:ce:4a:90:2c:5e:78:b9:45:16:
         6d:9b:25:ef
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzC2xol5o8aD/arH1lYkPm8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWYzOGY0ODU2ODgzM2E1ZjcxNTdlZWY1OTc4NzgzM2EwMWY1M2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzmjs/a3vZ6sjn2XQbIViIQ4+jTz
A2vJDVsqntQ0AxOOSP9P/bUQ84dgc5z/EH0yJThzUNFMiBlpU3PoMM394tz/NZyd
bI+2uMmg9R+RJLnVRYlWE+2KCL3ctT85wAw4JIQZlZ+o4fgHscMAF8oskl1Aw5qw
qdGScXIAyof6iP0ZIpihq+IYrqYjrULdEpVF03HP45Q6VLp94rc2f4o2cPhB8V3f
xCY09nUNaxoT+JFWPw+4AQeajylSnn2adNAyQTZfr+DQZyBkUIOZEqKFMZqXxsPh
OfGiWSUnTQxxzbDo7eMt5oa7rK+yhu8zyKofOuNXMYXodxgmNx3ER2GFHwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFM7zj0hWiDOl9xV+71l4eDOgH1P1MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk0L2UxMGFi
ZS00MTQ4LTQ1MWItOTRmNS1mOTVjNjA5N2E1MGQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTQvZTEwYWJl
LTQxNDgtNDUxYi05NGY1LWY5NWM2MDk3YTUwZC8xL3p2T1BTRmFJTTZYM0ZYN3ZX
WGg0TTZBZlVfVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuVw8MA0EAgACMAcDBQMqBe9AMA0GCSqGSIb3
DQEBCwUAA4IBAQAHI7onnT3DxOEly1YvoLtlOyGPxBo5Wagms9mbSc+XXhHF5wxe
WtpSR/50WtOr4G+Nt0U1vcF/BZzI3i4el/fuo/3s7Pwq2nKPfJGr/YHfeHJpm6EZ
f5rf4bh3hHFb3BWUxIr7KJW/mmgjcISrDqu1Rgg3//EzVZsOIPjgBc8pM5Z8hyql
+cm1q4qghwXlxEjNjOuKYMC2puxcWis88+NBBL4zFE5KQDvJoA5xlZrmSyLBOg5y
0FNBEvcLXev35BM+VBDuaOpEHQwxLF3R9n51mCOoFIMoTukPwEYkm3DuqaCiF0Da
VpYiGCBtFijpnrR0hqXOSpAsXni5RRZtmyXv
-----END CERTIFICATE-----