Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4rlm8cGLjveLDDvbxN1H9nQLCh4.cer
File:                     4rlm8cGLjveLDDvbxN1H9nQLCh4.cer (raw, json)
Hash identifier:          HmSl9YzBe+hy/5MFYnS0pPHpIs7l2Dt0ZB3YH+nm3w8=
Subject key identifier:   E2:B9:66:F1:C1:8B:8E:F7:8B:0C:3B:DB:C4:DD:47:F6:74:0B:0A:1E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3491350BC1DE9B9A9352282F2238F44
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/bb/f3476e-9f86-4d2c-9c75-d68898b9a129/1/4rlm8cGLjveLDDvbxN1H9nQLCh4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/bb/f3476e-9f86-4d2c-9c75-d68898b9a129/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:29:55 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 212315
                          IP: 185.198.15.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Apr 2024 17:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:13:50:bc:1d:e9:b9:a9:35:22:82:f2:23:8f:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2b966f1c18b8ef78b0c3bdbc4dd47f6740b0a1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:5f:30:e7:8a:c4:ec:53:54:e5:08:2f:d5:d7:
                    d7:66:c2:9e:2e:68:f9:00:8b:11:49:a1:7a:a4:db:
                    ed:47:f3:1b:3c:d1:8f:4d:7d:09:2c:7f:05:6b:fb:
                    4c:47:7b:07:8f:3e:fa:fa:5d:17:62:7a:2a:8f:2d:
                    a3:5b:64:7a:f0:28:0c:56:37:46:26:96:f9:c7:33:
                    bb:80:02:37:5f:42:7c:d4:70:c6:3d:91:90:37:c5:
                    96:47:1c:e8:53:6d:59:29:bb:b2:bb:ab:fb:69:65:
                    f0:0b:f2:e3:81:3c:fe:74:2e:8e:2d:a4:3f:bb:cd:
                    f1:a6:95:e3:d0:b8:e1:99:3c:63:67:d6:5c:e1:d4:
                    77:fd:48:f8:0d:06:52:6b:35:c8:80:d1:ac:00:be:
                    dc:ea:e7:87:f8:89:d7:06:66:80:0f:58:7e:a5:7e:
                    57:20:59:bb:85:25:9c:c6:23:17:9b:cb:77:ce:c6:
                    1d:14:db:81:62:ee:17:96:eb:3d:88:01:1a:44:e2:
                    10:95:a9:e2:c3:c1:7f:6a:4f:45:67:99:e8:e7:1c:
                    20:1e:ac:81:d0:2d:2d:13:4d:95:10:91:4e:3d:98:
                    e8:16:c3:82:a5:0e:b3:37:84:bd:bc:62:d4:28:ad:
                    86:ea:cf:ab:47:ff:bd:e8:18:2c:1f:bc:ef:f6:7d:
                    f3:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:B9:66:F1:C1:8B:8E:F7:8B:0C:3B:DB:C4:DD:47:F6:74:0B:0A:1E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f3476e-9f86-4d2c-9c75-d68898b9a129/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f3476e-9f86-4d2c-9c75-d68898b9a129/1/4rlm8cGLjveLDDvbxN1H9nQLCh4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.198.15.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  212315

    Signature Algorithm: sha256WithRSAEncryption
         78:b6:68:86:e5:0d:6c:3b:b5:ca:58:65:e9:a6:f2:af:47:72:
         d8:12:29:d8:fc:1d:32:a0:ce:c1:55:28:dc:bb:d2:a6:69:cc:
         d0:b2:de:99:53:c8:55:83:3c:03:21:5d:68:69:bf:43:7f:83:
         09:35:5a:ee:e6:26:9c:42:aa:c7:fe:ee:d0:de:db:50:d9:b9:
         64:51:c2:ce:71:cf:c1:83:f7:9f:87:fb:e4:fd:02:67:5c:cb:
         16:2f:67:3a:3b:84:f4:04:d4:87:1c:74:43:8c:55:95:20:d1:
         de:43:fc:b8:6d:e1:e0:f1:9e:14:40:30:e3:ac:de:44:6b:45:
         96:cc:77:0c:98:c2:53:a0:83:04:37:2e:7e:c1:ae:c8:7a:9c:
         99:66:87:38:27:2b:13:75:7d:bd:8b:24:ca:28:72:51:44:06:
         db:26:83:77:0a:83:78:19:34:53:fa:28:ba:63:d7:c8:b0:e7:
         52:74:93:f5:13:36:b2:63:ec:63:1c:05:0f:ee:60:5c:5b:a2:
         65:b9:d0:be:a3:86:28:39:f2:12:b1:0d:60:0f:19:f2:68:26:
         62:66:23:5a:4b:2b:7c:26:0d:0a:16:12:fa:cb:0e:d6:ae:bd:
         bf:76:a4:ea:8f:05:8e:34:5e:85:8f:e2:b2:fa:c9:01:a5:9e:
         f1:b8:b7:bb
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzDSRNQvB3puak1IoLyI49EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmI5NjZmMWMxOGI4ZWY3OGIwYzNiZGJjNGRkNDdmNjc0MGIwYTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3V8w54rE7FNU5Qgv1dfXZsKeLmj5
AIsRSaF6pNvtR/MbPNGPTX0JLH8Fa/tMR3sHjz76+l0XYnoqjy2jW2R68CgMVjdG
Jpb5xzO7gAI3X0J81HDGPZGQN8WWRxzoU21ZKbuyu6v7aWXwC/LjgTz+dC6OLaQ/
u83xppXj0LjhmTxjZ9Zc4dR3/Uj4DQZSazXIgNGsAL7c6ueH+InXBmaAD1h+pX5X
IFm7hSWcxiMXm8t3zsYdFNuBYu4Xlus9iAEaROIQlaniw8F/ak9FZ5no5xwgHqyB
0C0tE02VEJFOPZjoFsOCpQ6zN4S9vGLUKK2G6s+rR/+96BgsH7zv9n3z+wIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFOK5ZvHBi473iww728TdR/Z0CwoeMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JiL2YzNDc2
ZS05Zjg2LTRkMmMtOWM3NS1kNjg4OThiOWExMjkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmIvZjM0NzZl
LTlmODYtNGQyYy05Yzc1LWQ2ODg5OGI5YTEyOS8xLzRybG04Y0dManZlTEREdmJ4
TjFIOW5RTENoNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAucYPMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwM9WzANBgkqhkiG9w0BAQsFAAOCAQEAeLZohuUNbDu1ylhl6abyr0dy2BIp2Pwd
MqDOwVUo3LvSpmnM0LLemVPIVYM8AyFdaGm/Q3+DCTVa7uYmnEKqx/7u0N7bUNm5
ZFHCznHPwYP3n4f75P0CZ1zLFi9nOjuE9ATUhxx0Q4xVlSDR3kP8uG3h4PGeFEAw
46zeRGtFlsx3DJjCU6CDBDcufsGuyHqcmWaHOCcrE3V9vYskyihyUUQG2yaDdwqD
eBk0U/ooumPXyLDnUnST9RM2smPsYxwFD+5gXFuiZbnQvqOGKDnyErENYA8Z8mgm
YmYjWksrfCYNChYS+ssO1q69v3ak6o8FjjRehY/isvrJAaWe8bi3uw==
-----END CERTIFICATE-----