Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7LLMRABmS6sLCRvDmYwN4f73FZs.cer
File:                     7LLMRABmS6sLCRvDmYwN4f73FZs.cer (raw, json)
Hash identifier:          IqLyzfJfEqqQ45ZsmFGigDeTjPqrDRK+60dJKmHcSfY=
Subject key identifier:   EC:B2:CC:44:00:66:4B:AB:0B:09:1B:C3:99:8C:0D:E1:FE:F7:15:9B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC80174CB15A21DC4157DEC895314E164
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f8/ccc385-20e1-4c68-9ba1-89846ddd941c/1/7LLMRABmS6sLCRvDmYwN4f73FZs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f8/ccc385-20e1-4c68-9ba1-89846ddd941c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:29:47 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 210886
                          IP: 194.187.119.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:74:cb:15:a2:1d:c4:15:7d:ec:89:53:14:e1:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ecb2cc4400664bab0b091bc3998c0de1fef7159b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:21:41:ea:9d:0c:5b:d8:1e:ae:a8:0d:00:f0:
                    c4:64:0d:42:6e:32:0f:e0:9e:34:08:4f:6d:a9:6a:
                    7f:57:15:5b:26:67:06:75:7c:2d:3f:a4:7d:b7:d6:
                    71:c3:c8:86:72:64:9f:be:58:19:60:5f:39:be:59:
                    9b:6f:4d:9d:e1:60:07:61:f1:4c:08:a2:99:09:6b:
                    14:fe:a1:0f:6c:1c:66:8d:86:c2:d1:1e:59:53:fe:
                    9e:f4:7c:1f:d6:79:d5:4b:26:d0:1b:9d:65:e9:3d:
                    70:f0:a2:59:cd:0f:06:19:c8:b3:6b:fc:10:90:60:
                    05:0c:ec:24:11:61:17:14:f7:d9:84:6d:26:fc:75:
                    c7:9b:ba:19:bc:a7:99:87:5f:01:53:94:21:40:09:
                    16:9d:b7:6c:4f:58:85:c1:3b:b9:f6:f9:6d:f6:88:
                    62:a7:9d:03:3d:31:eb:98:15:bf:bd:0f:29:9e:80:
                    e0:ba:68:75:f9:67:6c:0b:c5:47:cf:75:be:0a:6e:
                    52:60:92:36:71:57:42:65:eb:de:77:42:95:fd:58:
                    9e:33:7b:9d:46:bc:6f:b1:19:cc:ce:3b:d9:c6:c6:
                    3a:82:89:d1:1e:4b:4e:d8:88:b8:3f:a2:99:09:5a:
                    0d:45:02:57:f4:60:f5:21:37:3a:6b:0a:70:42:a9:
                    97:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:B2:CC:44:00:66:4B:AB:0B:09:1B:C3:99:8C:0D:E1:FE:F7:15:9B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/ccc385-20e1-4c68-9ba1-89846ddd941c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/ccc385-20e1-4c68-9ba1-89846ddd941c/1/7LLMRABmS6sLCRvDmYwN4f73FZs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.187.119.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210886

    Signature Algorithm: sha256WithRSAEncryption
         54:d6:6d:ed:ca:68:ac:1f:77:62:cb:ca:86:a0:e4:99:74:0e:
         1b:77:0e:c4:15:f6:f9:17:fa:1f:6b:79:14:1d:bb:31:a9:38:
         d1:85:92:9b:dd:cc:19:a8:f9:16:e6:0a:07:f6:04:a8:b6:b2:
         d7:58:f3:02:fa:75:ee:39:b9:ec:b4:45:5b:5e:40:4c:03:1b:
         87:97:73:aa:7e:e8:50:13:f9:a5:44:48:4c:b0:79:2b:20:3b:
         5d:b3:8b:81:41:dc:f5:0b:52:a5:91:68:2a:04:86:bf:38:16:
         fa:89:20:88:f0:f3:38:6b:5c:6c:b4:11:ab:4d:a6:89:6f:27:
         02:fa:6e:a8:20:28:42:bd:56:6a:fd:40:23:18:9f:5d:14:42:
         4c:f9:2c:33:a1:47:25:47:77:74:02:24:a4:c8:88:40:82:57:
         6a:3f:c2:a1:ab:99:09:a3:ac:73:b4:fe:a0:64:cf:37:1a:8c:
         49:d7:f8:20:f0:d2:2f:7e:82:29:2f:c9:3b:bb:db:da:12:68:
         51:0d:9d:d4:00:bb:31:7f:4b:94:3d:12:8d:73:69:c0:8f:8a:
         89:27:e1:04:53:29:0f:77:30:b1:e2:ef:58:eb:b8:d7:a4:d6:
         13:c5:72:52:f0:da:ca:ed:86:62:74:17:47:a1:ae:0c:26:d2:
         b3:9d:32:32
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzIAXTLFaIdxBV97IlTFOFkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2IyY2M0NDAwNjY0YmFiMGIwOTFiYzM5OThjMGRlMWZlZjcxNTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCFB6p0MW9gerqgNAPDEZA1CbjIP
4J40CE9tqWp/VxVbJmcGdXwtP6R9t9Zxw8iGcmSfvlgZYF85vlmbb02d4WAHYfFM
CKKZCWsU/qEPbBxmjYbC0R5ZU/6e9Hwf1nnVSybQG51l6T1w8KJZzQ8GGciza/wQ
kGAFDOwkEWEXFPfZhG0m/HXHm7oZvKeZh18BU5QhQAkWnbdsT1iFwTu59vlt9ohi
p50DPTHrmBW/vQ8pnoDgumh1+WdsC8VHz3W+Cm5SYJI2cVdCZeved0KV/VieM3ud
RrxvsRnMzjvZxsY6gonRHktO2Ii4P6KZCVoNRQJX9GD1ITc6awpwQqmXjwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFOyyzEQAZkurCwkbw5mMDeH+9xWbMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y4L2NjYzM4
NS0yMGUxLTRjNjgtOWJhMS04OTg0NmRkZDk0MWMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjgvY2NjMzg1
LTIwZTEtNGM2OC05YmExLTg5ODQ2ZGRkOTQxYy8xLzdMTE1SQUJtUzZzTENSdkRt
WXdONGY3M0Zacy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwrt3MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwM3xjANBgkqhkiG9w0BAQsFAAOCAQEAVNZt7cporB93YsvKhqDkmXQOG3cOxBX2
+Rf6H2t5FB27Mak40YWSm93MGaj5FuYKB/YEqLay11jzAvp17jm57LRFW15ATAMb
h5dzqn7oUBP5pURITLB5KyA7XbOLgUHc9QtSpZFoKgSGvzgW+okgiPDzOGtcbLQR
q02miW8nAvpuqCAoQr1Wav1AIxifXRRCTPksM6FHJUd3dAIkpMiIQIJXaj/CoauZ
CaOsc7T+oGTPNxqMSdf4IPDSL36CKS/JO7vb2hJoUQ2d1AC7MX9LlD0SjXNpwI+K
iSfhBFMpD3cwseLvWOu416TWE8VyUvDayu2GYnQXR6GuDCbSs50yMg==
-----END CERTIFICATE-----