Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87fdVNqwL-jN6KheVp-CcIiXlBk.cer
File:                     87fdVNqwL-jN6KheVp-CcIiXlBk.cer (raw, json)
Hash identifier:          0LwXwn5CCfSHN746CBOAEaZTUYcBSxJKaNR6y60toe4=
Subject key identifier:   F3:B7:DD:54:DA:B0:2F:E8:CD:E8:A8:5E:56:9F:82:70:88:97:94:19
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC94BDFA4DAD9024A949C45BAB42D0663
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7e/840dc1-83fc-4f9d-be5e-1939883bb1f8/1/87fdVNqwL-jN6KheVp-CcIiXlBk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7e/840dc1-83fc-4f9d-be5e-1939883bb1f8/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 08:30:42 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 42791
                          IP: 91.213.131.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 00:45:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:df:a4:da:d9:02:4a:94:9c:45:ba:b4:2d:06:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3b7dd54dab02fe8cde8a85e569f827088979419
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:13:17:95:80:08:c9:01:32:24:db:17:1a:30:
                    c3:5f:4a:94:5d:2e:97:1a:c5:f0:43:c9:29:d7:21:
                    70:58:67:d7:ba:04:45:7c:0e:f6:c3:dc:83:46:0e:
                    20:8e:46:55:40:80:17:c9:35:e7:0e:fa:91:53:a5:
                    49:7e:05:c5:ad:15:61:a3:67:f4:60:cb:14:01:8e:
                    70:57:b9:c2:89:ec:b7:db:2d:0d:49:ab:4f:fd:55:
                    38:50:bc:18:84:59:e2:9f:bb:69:b3:4d:64:85:c2:
                    71:7a:da:d4:23:84:c9:e3:6c:cd:79:c3:60:a6:4a:
                    52:1a:90:31:93:60:39:be:0d:6b:31:79:cf:62:93:
                    80:45:b7:47:f0:47:77:1c:d7:ce:e8:f6:03:42:0b:
                    6d:c1:a4:2a:39:f7:16:9c:e7:04:76:24:0d:d1:bf:
                    b0:19:95:31:60:de:07:66:78:5b:6a:4b:96:52:41:
                    ee:d1:de:6c:bb:af:ed:a3:9f:5f:4f:98:2d:f3:2a:
                    af:2e:82:c4:e6:2b:c6:f9:5f:1d:d9:d9:f9:29:e0:
                    21:e9:e5:ef:0e:45:09:7c:4b:c8:f0:36:21:83:b2:
                    50:24:65:11:26:03:74:2d:f4:a0:80:20:35:4d:98:
                    c3:1d:32:62:87:18:73:2d:ce:1d:3b:9c:55:e9:17:
                    af:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:B7:DD:54:DA:B0:2F:E8:CD:E8:A8:5E:56:9F:82:70:88:97:94:19
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/840dc1-83fc-4f9d-be5e-1939883bb1f8/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/840dc1-83fc-4f9d-be5e-1939883bb1f8/1/87fdVNqwL-jN6KheVp-CcIiXlBk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.131.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  42791

    Signature Algorithm: sha256WithRSAEncryption
         00:04:ec:02:0d:dd:40:b7:a8:4d:b1:b0:ca:4b:f7:6f:a0:7d:
         95:f7:78:55:79:6b:2d:b0:a0:d8:3f:d9:16:75:24:45:30:a8:
         2b:96:3a:76:31:22:61:24:11:11:f3:19:5e:44:53:bd:c9:53:
         97:55:b6:30:50:f4:48:be:2d:fb:72:dc:58:5f:09:bc:4b:da:
         cc:fb:ce:d8:9c:22:24:fa:ee:fc:77:cb:64:24:70:b1:49:c0:
         e7:1c:eb:b1:4c:e5:d8:f1:75:45:0e:eb:38:3e:ab:2b:2a:f2:
         d2:7e:62:64:1e:fa:e8:ab:f4:6c:9c:95:d9:05:ef:bb:fc:05:
         83:f0:0b:6d:2a:24:be:6a:d7:97:f9:a4:24:0c:81:b6:57:04:
         02:34:96:83:6b:3f:e4:5d:5e:95:3e:0e:a5:86:ec:86:d9:25:
         9d:77:ef:de:36:1e:0b:9e:32:32:9e:ee:3c:1e:d6:44:1b:07:
         76:af:b3:6c:54:1f:89:44:5b:cf:38:a6:ae:5b:34:3d:13:cc:
         88:2e:40:ed:da:cd:b8:1c:63:7f:6a:81:6d:a2:88:99:d5:25:
         80:e2:03:72:9b:92:ca:6a:19:95:a7:c0:45:af:80:9c:63:20:
         ae:f7:70:31:8c:83:9a:2a:e8:1c:c9:3f:07:ea:fc:cd:41:4d:
         71:fd:6c:64
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzJS9+k2tkCSpScRbq0LQZjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDgzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2I3ZGQ1NGRhYjAyZmU4Y2RlOGE4NWU1NjlmODI3MDg4OTc5NDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5RMXlYAIyQEyJNsXGjDDX0qUXS6X
GsXwQ8kp1yFwWGfXugRFfA72w9yDRg4gjkZVQIAXyTXnDvqRU6VJfgXFrRVho2f0
YMsUAY5wV7nCiey32y0NSatP/VU4ULwYhFnin7tps01khcJxetrUI4TJ42zNecNg
pkpSGpAxk2A5vg1rMXnPYpOARbdH8Ed3HNfO6PYDQgttwaQqOfcWnOcEdiQN0b+w
GZUxYN4HZnhbakuWUkHu0d5su6/to59fT5gt8yqvLoLE5ivG+V8d2dn5KeAh6eXv
DkUJfEvI8DYhg7JQJGURJgN0LfSggCA1TZjDHTJihxhzLc4dO5xV6RevoQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFPO33VTasC/ozeioXlafgnCIl5QZMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdlLzg0MGRj
MS04M2ZjLTRmOWQtYmU1ZS0xOTM5ODgzYmIxZjgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2UvODQwZGMx
LTgzZmMtNGY5ZC1iZTVlLTE5Mzk4ODNiYjFmOC8xLzg3ZmRWTnF3TC1qTjZLaGVW
cC1DY0lpWGxCay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9WDMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCnJzANBgkqhkiG9w0BAQsFAAOCAQEAAATsAg3dQLeoTbGwykv3b6B9lfd4VXlr
LbCg2D/ZFnUkRTCoK5Y6djEiYSQREfMZXkRTvclTl1W2MFD0SL4t+3LcWF8JvEva
zPvO2JwiJPru/HfLZCRwsUnA5xzrsUzl2PF1RQ7rOD6rKyry0n5iZB766Kv0bJyV
2QXvu/wFg/ALbSokvmrXl/mkJAyBtlcEAjSWg2s/5F1elT4OpYbshtklnXfv3jYe
C54yMp7uPB7WRBsHdq+zbFQfiURbzzimrls0PRPMiC5A7drNuBxjf2qBbaKImdUl
gOIDcpuSymoZlafARa+AnGMgrvdwMYyDmiroHMk/B+r8zUFNcf1sZA==
-----END CERTIFICATE-----