Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/zoqNQOQ3rfSs182zjgQCR3ouUaY.cer
File:                     zoqNQOQ3rfSs182zjgQCR3ouUaY.cer (raw, json)
Hash identifier:          p0xqYnLmzyFdP4g4gBUvOnOXNy2jERAS9G0XfiYhaf4=
Subject key identifier:   CE:8A:8D:40:E4:37:AD:F4:AC:D7:CD:B3:8E:04:02:47:7A:2E:51:A6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194228D80105E22613747D27767EEE5932F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fe/822b22-8ca3-469d-9083-345b2ab0db18/1/zoqNQOQ3rfSs182zjgQCR3ouUaY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fe/822b22-8ca3-469d-9083-345b2ab0db18/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 15:48:06 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 208396
                          IP: 194.26.118.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:80:10:5e:22:61:37:47:d2:77:67:ee:e5:93:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 15:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce8a8d40e437adf4acd7cdb38e0402477a2e51a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:38:a6:61:f6:f8:1a:d3:ee:12:e8:6f:1f:73:
                    64:f8:f7:d2:fa:86:85:82:be:6e:91:6d:4d:da:8e:
                    3d:ff:ff:4a:75:e5:06:74:4c:3c:a2:88:1b:b7:e6:
                    30:01:d2:bd:cb:ec:f5:d8:08:5f:35:32:8d:ec:f5:
                    19:e7:66:a3:27:69:c0:67:b4:dc:15:45:52:70:c4:
                    35:80:16:55:aa:62:04:4b:41:66:96:5f:98:98:09:
                    3b:39:59:39:48:39:9b:13:73:88:12:e7:54:cf:c9:
                    df:ba:a8:a8:b7:73:4e:f3:6f:fb:9b:26:c4:ac:24:
                    16:28:39:6c:b7:be:b8:c6:a9:13:bd:22:97:7e:5e:
                    ae:51:4e:7f:4c:5a:dd:59:15:3a:06:8b:70:b5:f2:
                    27:d6:c1:20:90:95:cd:20:c3:a5:3f:f6:90:22:a0:
                    b7:40:23:8a:18:25:61:05:38:4d:e6:d5:de:64:68:
                    b1:ec:53:bc:fa:c7:c2:e6:d2:da:eb:2e:72:d3:6e:
                    b6:bf:c2:ce:3b:76:7e:42:01:64:6d:c3:af:fe:1e:
                    f9:92:53:89:34:90:46:6c:36:f2:6d:62:80:59:8b:
                    34:00:ef:0c:f4:e2:ab:c3:65:3e:39:8c:1b:b0:e2:
                    4b:60:31:6e:dd:48:7a:0e:be:23:ef:af:9c:d3:9d:
                    4f:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:8A:8D:40:E4:37:AD:F4:AC:D7:CD:B3:8E:04:02:47:7A:2E:51:A6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/822b22-8ca3-469d-9083-345b2ab0db18/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/822b22-8ca3-469d-9083-345b2ab0db18/1/zoqNQOQ3rfSs182zjgQCR3ouUaY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.118.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  208396

    Signature Algorithm: sha256WithRSAEncryption
         00:f0:d6:4f:10:93:47:cb:91:3f:33:f2:75:3b:b0:fb:0d:f4:
         ec:1a:01:2c:3a:af:20:21:7e:18:5e:c8:91:ad:ae:84:1b:71:
         df:2e:94:70:94:a6:13:80:4e:58:93:51:43:b8:8d:87:ae:05:
         ec:fe:ac:fb:a4:2f:18:8c:26:17:60:0a:72:75:5f:bc:20:87:
         9f:1f:8f:bd:22:b9:9c:ed:11:c9:ff:e8:bd:8c:f7:09:34:e8:
         4a:af:90:a1:79:fd:6d:17:13:c1:be:35:87:d9:59:78:34:03:
         a0:8b:31:79:44:7e:cf:d9:50:a9:a6:35:2c:8c:eb:82:f0:b0:
         b2:36:ec:42:0e:fa:4b:de:46:5c:05:b1:a7:a6:18:fd:51:79:
         12:c6:a5:0e:91:4b:0e:4a:bd:c6:10:50:99:73:aa:8f:56:6c:
         eb:f3:4f:2c:a7:99:b9:ad:fa:1a:a1:52:8d:37:d7:ef:47:0c:
         5c:12:a2:83:ea:65:35:a6:d5:16:13:b0:a4:e3:9f:02:bf:80:
         a3:97:37:da:e0:e0:e3:85:10:ad:e4:4c:53:50:8d:1f:b4:09:
         b1:0b:36:8e:1d:64:db:f5:84:15:30:53:7f:10:53:97:72:38:
         a0:16:ad:9a:22:e9:8e:b9:a0:d1:cf:b5:e0:0b:4a:22:7a:47:
         18:79:4a:32
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQijYAQXiJhN0fSd2fu5ZMvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTU0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZThhOGQ0MGU0MzdhZGY0YWNkN2NkYjM4ZTA0MDI0NzdhMmU1MWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkDimYfb4GtPuEuhvH3Nk+PfS+oaF
gr5ukW1N2o49//9KdeUGdEw8oogbt+YwAdK9y+z12AhfNTKN7PUZ52ajJ2nAZ7Tc
FUVScMQ1gBZVqmIES0Fmll+YmAk7OVk5SDmbE3OIEudUz8nfuqiot3NO82/7mybE
rCQWKDlst764xqkTvSKXfl6uUU5/TFrdWRU6BotwtfIn1sEgkJXNIMOlP/aQIqC3
QCOKGCVhBThN5tXeZGix7FO8+sfC5tLa6y5y0262v8LOO3Z+QgFkbcOv/h75klOJ
NJBGbDbybWKAWYs0AO8M9OKrw2U+OYwbsOJLYDFu3Uh6Dr4j76+c051P9QIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFM6KjUDkN630rNfNs44EAkd6LlGmMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZlLzgyMmIy
Mi04Y2EzLTQ2OWQtOTA4My0zNDViMmFiMGRiMTgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmUvODIyYjIy
LThjYTMtNDY5ZC05MDgzLTM0NWIyYWIwZGIxOC8xL3pvcU5RT1EzcmZTczE4Mnpq
Z1FDUjNvdVVhWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwhp2MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMuDDANBgkqhkiG9w0BAQsFAAOCAQEAAPDWTxCTR8uRPzPydTuw+w307BoBLDqv
ICF+GF7Ika2uhBtx3y6UcJSmE4BOWJNRQ7iNh64F7P6s+6QvGIwmF2AKcnVfvCCH
nx+PvSK5nO0Ryf/ovYz3CTToSq+QoXn9bRcTwb41h9lZeDQDoIsxeUR+z9lQqaY1
LIzrgvCwsjbsQg76S95GXAWxp6YY/VF5EsalDpFLDkq9xhBQmXOqj1Zs6/NPLKeZ
ua36GqFSjTfX70cMXBKig+plNabVFhOwpOOfAr+Ao5c32uDg44UQreRMU1CNH7QJ
sQs2jh1k2/WEFTBTfxBTl3I4oBatmiLpjrmg0c+14AtKInpHGHlKMg==
-----END CERTIFICATE-----