Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7_yKbzxEuO3Rd_5RpZmRWLjc-Bk.cer
File:                     7_yKbzxEuO3Rd_5RpZmRWLjc-Bk.cer (raw, json)
Hash identifier:          zo54Qnaszg5Raok9/1VQ7yRU7uGkFn3KaWt8aqWYRgY=
Subject key identifier:   EF:FC:8A:6F:3C:44:B8:ED:D1:77:FE:51:A5:99:91:58:B8:DC:F8:19
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8010E5067868A693FA98C4A6BF07839
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/26/ad26ba-0314-4ff9-a39d-6dd9387141a8/1/7_yKbzxEuO3Rd_5RpZmRWLjc-Bk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/26/ad26ba-0314-4ff9-a39d-6dd9387141a8/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:29:21 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 43864
                          IP: 91.200.112.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:0e:50:67:86:8a:69:3f:a9:8c:4a:6b:f0:78:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=effc8a6f3c44b8edd177fe51a5999158b8dcf819
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:22:ff:62:4d:85:bc:4a:32:d2:03:c7:77:51:
                    92:be:f1:a3:40:a9:e7:38:6f:b9:8b:8a:7e:ec:b3:
                    5b:10:6e:a7:db:26:82:8c:73:43:e3:ea:0e:ca:a0:
                    5e:52:0b:a2:f5:e3:65:14:cc:3f:cf:80:83:40:7d:
                    58:0d:43:d5:d6:c3:da:53:c2:d8:f7:b8:cf:4b:83:
                    67:5f:c9:bb:bb:9f:ce:ef:8f:3b:54:d3:3b:0a:30:
                    b7:c0:0a:aa:a9:97:c2:d9:74:47:fe:23:18:d1:d2:
                    52:c4:9d:bd:2d:a9:d5:39:dc:8b:be:49:81:d3:6a:
                    3d:0e:ba:c0:fc:54:ac:45:81:e5:88:80:6d:c9:58:
                    70:d3:10:1e:de:97:21:6a:25:3b:14:29:66:f3:85:
                    d5:66:a9:36:e3:63:49:23:35:ae:cb:26:65:55:12:
                    22:c0:9e:f9:d9:c5:68:5a:ef:86:0c:ac:34:f7:5f:
                    fe:dd:9b:fd:7c:1c:17:dd:e5:d3:4c:b6:d6:e6:aa:
                    9e:32:2d:b3:ba:13:a4:d3:79:aa:50:37:49:77:b2:
                    e5:21:45:6e:a6:8c:d6:98:fa:e8:57:d8:27:22:9d:
                    9c:5b:cd:8d:21:d3:66:50:cf:df:79:fe:97:a9:13:
                    11:3f:47:dc:0f:33:51:20:06:bb:ad:4b:da:c2:d4:
                    b3:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:FC:8A:6F:3C:44:B8:ED:D1:77:FE:51:A5:99:91:58:B8:DC:F8:19
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/ad26ba-0314-4ff9-a39d-6dd9387141a8/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/ad26ba-0314-4ff9-a39d-6dd9387141a8/1/7_yKbzxEuO3Rd_5RpZmRWLjc-Bk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.112.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  43864

    Signature Algorithm: sha256WithRSAEncryption
         2d:f4:8f:04:2c:cb:9f:8f:64:e8:89:71:19:fd:9c:a2:21:e1:
         50:c4:cd:f7:29:e2:bf:b9:da:c4:c4:e7:b4:71:6c:8c:e1:0d:
         70:40:e1:fc:9c:a5:4e:7a:45:b4:3c:30:e3:b2:3b:a8:28:58:
         4c:a4:0f:90:35:10:4c:29:ff:a5:ef:0f:cc:f9:6e:72:da:e3:
         c0:4b:b2:89:53:2d:ce:64:ec:ba:6f:b5:9d:d0:a9:c7:66:ea:
         e1:5e:d3:28:b5:6f:c1:ea:f9:1d:47:28:17:12:9b:60:4f:2d:
         c7:af:e9:b1:c0:99:14:6b:14:fd:bc:6b:d5:85:33:71:cd:8d:
         eb:1e:8c:05:0c:89:41:fe:5d:b4:8a:30:29:e3:a7:be:18:8e:
         4d:4a:92:5f:1b:3e:dd:76:24:9a:75:a8:45:fe:76:0d:ab:2e:
         38:c6:7d:65:f0:6e:d0:f2:34:99:cd:fd:d8:f6:57:b9:bc:24:
         3f:de:94:74:ab:f9:b7:16:3c:57:18:26:60:9b:b7:15:91:8f:
         29:44:f2:d4:2f:07:17:ac:73:ae:b5:e6:5b:03:eb:35:d1:20:
         1b:65:22:06:43:c8:0e:d4:bb:cd:20:af:9e:b0:2d:bf:2a:5a:
         8f:a0:4c:cc:b0:c7:ca:a2:ae:f0:02:0f:8f:e2:94:6f:e9:5f:
         d0:85:04:0e
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzIAQ5QZ4aKaT+pjEpr8Hg5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmZjOGE2ZjNjNDRiOGVkZDE3N2ZlNTFhNTk5OTE1OGI4ZGNmODE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSL/Yk2FvEoy0gPHd1GSvvGjQKnn
OG+5i4p+7LNbEG6n2yaCjHND4+oOyqBeUgui9eNlFMw/z4CDQH1YDUPV1sPaU8LY
97jPS4NnX8m7u5/O7487VNM7CjC3wAqqqZfC2XRH/iMY0dJSxJ29LanVOdyLvkmB
02o9DrrA/FSsRYHliIBtyVhw0xAe3pchaiU7FClm84XVZqk242NJIzWuyyZlVRIi
wJ752cVoWu+GDKw091/+3Zv9fBwX3eXTTLbW5qqeMi2zuhOk03mqUDdJd7LlIUVu
pozWmProV9gnIp2cW82NIdNmUM/fef6XqRMRP0fcDzNRIAa7rUvawtSzTwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFO/8im88RLjt0Xf+UaWZkVi43PgZMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzI2L2FkMjZi
YS0wMzE0LTRmZjktYTM5ZC02ZGQ5Mzg3MTQxYTgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjYvYWQyNmJh
LTAzMTQtNGZmOS1hMzlkLTZkZDkzODcxNDFhOC8xLzdfeUtienhFdU8zUmRfNVJw
Wm1SV0xqYy1Cay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCW8hwMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCrWDANBgkqhkiG9w0BAQsFAAOCAQEALfSPBCzLn49k6IlxGf2coiHhUMTN9yni
v7naxMTntHFsjOENcEDh/JylTnpFtDww47I7qChYTKQPkDUQTCn/pe8PzPluctrj
wEuyiVMtzmTsum+1ndCpx2bq4V7TKLVvwer5HUcoFxKbYE8tx6/pscCZFGsU/bxr
1YUzcc2N6x6MBQyJQf5dtIowKeOnvhiOTUqSXxs+3XYkmnWoRf52DasuOMZ9ZfBu
0PI0mc392PZXubwkP96UdKv5txY8VxgmYJu3FZGPKUTy1C8HF6xzrrXmWwPrNdEg
G2UiBkPIDtS7zSCvnrAtvypaj6BMzLDHyqKu8AIPj+KUb+lf0IUEDg==
-----END CERTIFICATE-----