Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/qk1y7NwVN4vnF7tMoJcQcNV2SaM.cer
File:                     qk1y7NwVN4vnF7tMoJcQcNV2SaM.cer (raw, json)
Hash identifier:          AV9R3WN8sLyPBXgx1m6cQZYocnJuvaD6whcnGih5LCU=
Subject key identifier:   AA:4D:72:EC:DC:15:37:8B:E7:17:BB:4C:A0:97:10:70:D5:76:49:A3
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018F2DEFBB13119F30628614B31A49FDB863
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/88/507a57-4a62-4b95-b1a3-b4057621bba6/1/qk1y7NwVN4vnF7tMoJcQcNV2SaM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/88/507a57-4a62-4b95-b1a3-b4057621bba6/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 30 Apr 2024 07:37:16 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 215662
                          IP: 45.85.152.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2d:ef:bb:13:11:9f:30:62:86:14:b3:1a:49:fd:b8:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr 30 07:37:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa4d72ecdc15378be717bb4ca0971070d57649a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:54:e2:10:87:c4:94:e2:41:8a:76:83:54:a5:
                    1e:48:30:d7:9c:04:be:01:be:f7:96:cd:2b:c6:26:
                    a8:8c:fa:66:9a:e7:86:7a:b9:c3:2f:bd:1f:f8:81:
                    a7:16:10:36:10:31:5b:bb:af:74:d3:f5:5c:a8:d7:
                    4c:bf:e2:e6:24:d8:ea:fc:08:16:95:ad:60:0f:49:
                    65:0c:34:0c:f7:85:7f:1e:43:50:73:24:55:1f:a7:
                    cd:58:82:3c:b6:4a:9e:aa:12:dc:56:db:1c:f3:a8:
                    dc:ac:c0:eb:ce:74:19:9e:27:ec:2c:14:79:0e:25:
                    5c:81:bb:be:40:e7:ee:d2:60:60:f7:8c:db:c7:7b:
                    3f:2b:a5:95:5e:d1:c7:f3:8a:db:69:cf:55:68:a2:
                    8f:8d:62:cf:1d:19:3d:43:32:be:d7:20:5a:e0:e3:
                    f5:77:30:ea:16:c7:9d:1d:28:da:14:eb:fd:cf:85:
                    81:b2:ee:09:52:73:ef:47:70:32:bd:ad:26:12:9e:
                    ec:d8:6d:b4:14:dd:0d:db:b7:9e:5f:b3:39:67:d0:
                    a7:c8:14:45:37:9a:94:cd:e2:1f:5c:a0:66:f3:64:
                    a3:c6:3a:57:f1:0d:04:c8:15:2c:a8:c5:37:f1:27:
                    f3:e1:51:d0:85:8e:1a:e5:37:23:4a:f9:90:39:ad:
                    8f:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:4D:72:EC:DC:15:37:8B:E7:17:BB:4C:A0:97:10:70:D5:76:49:A3
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/507a57-4a62-4b95-b1a3-b4057621bba6/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/507a57-4a62-4b95-b1a3-b4057621bba6/1/qk1y7NwVN4vnF7tMoJcQcNV2SaM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.152.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215662

    Signature Algorithm: sha256WithRSAEncryption
         6d:f8:1e:34:c5:d8:0b:0c:72:98:ba:9e:49:d3:3b:a0:18:e3:
         b8:b4:d2:87:b5:ee:d5:66:bd:b3:b2:69:fd:ab:ff:ce:dd:e2:
         ca:27:be:18:d6:37:74:f1:91:f7:07:7e:93:fe:6c:b0:e1:59:
         9a:e3:81:5c:92:92:71:2b:93:d2:00:7e:14:90:ca:37:b6:56:
         59:60:3b:d8:28:be:6d:f8:b8:0c:43:d2:80:fd:43:55:30:67:
         b2:76:f7:fb:0f:d8:b4:39:8a:ce:ac:c2:cb:72:7b:b4:1d:19:
         cc:79:67:f5:0f:56:93:25:0d:93:42:53:75:b2:ef:c1:6a:b8:
         27:0b:8f:6b:d4:b7:1b:b0:aa:82:36:1c:d4:cf:b4:46:7b:cd:
         98:05:1a:60:4f:04:76:d5:ce:85:86:9d:23:71:33:ea:66:82:
         22:3d:9e:60:8c:ce:13:0b:d7:2c:f4:a1:ec:3a:01:2f:3e:c3:
         31:fd:bc:87:f7:26:cd:90:0f:99:bd:3d:8a:2b:2f:13:70:7e:
         a4:54:2a:71:79:f3:70:93:be:18:85:0e:72:10:06:d1:9f:dd:
         11:ec:43:1d:a0:91:97:b7:1c:4e:10:52:14:b8:23:6c:f1:74:
         8a:01:3d:5c:65:e6:0a:84:ed:19:c9:0d:02:c7:3d:3c:d3:e4:
         70:84:5f:8b
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAY8t77sTEZ8wYoYUsxpJ/bhjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNDMwMDczNzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTRkNzJlY2RjMTUzNzhiZTcxN2JiNGNhMDk3MTA3MGQ1NzY0OWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFTiEIfElOJBinaDVKUeSDDXnAS+
Ab73ls0rxiaojPpmmueGernDL70f+IGnFhA2EDFbu6900/VcqNdMv+LmJNjq/AgW
la1gD0llDDQM94V/HkNQcyRVH6fNWII8tkqeqhLcVtsc86jcrMDrznQZnifsLBR5
DiVcgbu+QOfu0mBg94zbx3s/K6WVXtHH84rbac9VaKKPjWLPHRk9QzK+1yBa4OP1
dzDqFsedHSjaFOv9z4WBsu4JUnPvR3Ayva0mEp7s2G20FN0N27eeX7M5Z9CnyBRF
N5qUzeIfXKBm82SjxjpX8Q0EyBUsqMU38Sfz4VHQhY4a5TcjSvmQOa2P6wIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFKpNcuzcFTeL5xe7TKCXEHDVdkmjMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg4LzUwN2E1
Ny00YTYyLTRiOTUtYjFhMy1iNDA1NzYyMWJiYTYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODgvNTA3YTU3
LTRhNjItNGI5NS1iMWEzLWI0MDU3NjIxYmJhNi8xL3FrMXk3TndWTjR2bkY3dE1v
SmNRY05WMlNhTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCLVWYMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwNKbjANBgkqhkiG9w0BAQsFAAOCAQEAbfgeNMXYCwxymLqeSdM7oBjjuLTSh7Xu
1Wa9s7Jp/av/zt3iyie+GNY3dPGR9wd+k/5ssOFZmuOBXJKScSuT0gB+FJDKN7ZW
WWA72Ci+bfi4DEPSgP1DVTBnsnb3+w/YtDmKzqzCy3J7tB0ZzHln9Q9WkyUNk0JT
dbLvwWq4JwuPa9S3G7CqgjYc1M+0RnvNmAUaYE8EdtXOhYadI3Ez6maCIj2eYIzO
EwvXLPSh7DoBLz7DMf28h/cmzZAPmb09iisvE3B+pFQqcXnzcJO+GIUOchAG0Z/d
EexDHaCRl7ccThBSFLgjbPF0igE9XGXmCoTtGckNAsc9PNPkcIRfiw==
-----END CERTIFICATE-----