Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8KEScQQ06Frl_m-_Qedr3fk4GM8.cer
File:                     8KEScQQ06Frl_m-_Qedr3fk4GM8.cer (raw, json)
Hash identifier:          L83OIwzLxHdFJWTnX/+UEtipLZlS+6N0QFhjMUO5/q0=
Subject key identifier:   F0:A1:12:71:04:34:E8:5A:E5:FE:6F:BF:41:E7:6B:DD:F9:38:18:CF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018FA99DF7F70CBAF66D315F54889582FB48
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9a/294a81-5237-4bf3-a05b-a88a4d094af0/1/8KEScQQ06Frl_m-_Qedr3fk4GM8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9a/294a81-5237-4bf3-a05b-a88a4d094af0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 24 May 2024 08:00:53 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 209120
                          IP: 91.213.247.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a9:9d:f7:f7:0c:ba:f6:6d:31:5f:54:88:95:82:fb:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: May 24 08:00:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0a112710434e85ae5fe6fbf41e76bddf93818cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:98:52:fc:4b:31:b2:4b:80:8f:a9:ba:f4:c6:
                    fa:af:f1:fb:90:b5:d7:1a:80:ad:c8:57:74:4f:76:
                    3a:6b:ba:6b:09:1b:e4:e7:05:4e:c6:54:cd:11:29:
                    0e:bc:9f:be:b8:b4:cb:6e:3e:45:f9:e1:98:99:d9:
                    34:6a:cd:97:34:e8:c1:2e:7b:30:a2:a8:23:b0:30:
                    e5:1c:20:c8:ca:f7:57:6a:e1:5f:9c:f8:e0:5e:1c:
                    2d:d3:ca:f4:24:b4:1e:68:7c:1b:81:c9:3d:9d:a9:
                    b0:70:6a:14:53:1d:fc:2a:01:fc:bf:e0:93:4c:bf:
                    22:fd:e0:97:42:f4:d4:99:3d:ea:50:63:24:7f:eb:
                    f2:5e:25:13:3f:43:eb:32:00:82:1b:a5:5e:c9:f8:
                    6a:18:f4:a0:58:81:4b:cf:2b:26:a4:f5:39:44:8b:
                    73:be:fc:29:da:9d:e1:a4:3f:e2:2d:fb:96:3a:bc:
                    17:21:f1:88:3a:50:68:75:46:69:e0:96:f9:99:dc:
                    d9:94:98:b3:2f:c3:34:f0:60:57:14:3e:77:22:06:
                    34:9c:f4:2e:80:cb:c6:4d:8e:51:0d:07:d4:99:a8:
                    95:49:57:28:4a:52:a3:d2:85:b2:66:f8:1a:b0:a4:
                    66:7d:6b:7d:12:a5:c7:1f:1a:4c:50:df:fa:7b:b2:
                    34:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:A1:12:71:04:34:E8:5A:E5:FE:6F:BF:41:E7:6B:DD:F9:38:18:CF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/294a81-5237-4bf3-a05b-a88a4d094af0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/294a81-5237-4bf3-a05b-a88a4d094af0/1/8KEScQQ06Frl_m-_Qedr3fk4GM8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.247.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  209120

    Signature Algorithm: sha256WithRSAEncryption
         35:c6:46:44:d3:38:e6:82:33:35:c7:6c:81:62:2a:29:cd:cb:
         3f:eb:5d:df:9c:30:d3:f6:de:8b:c0:05:8b:0a:12:6c:b2:c4:
         06:cb:ff:37:11:b1:af:7e:38:d3:63:c6:1b:f3:c7:dc:03:b2:
         ae:86:82:4c:43:9f:40:10:9e:19:6e:d8:71:48:9b:61:3a:d2:
         bc:40:5f:fc:bb:82:da:be:aa:70:82:63:ff:cf:ec:24:63:e6:
         eb:60:ba:6a:89:9e:bc:c6:70:31:fc:ff:3b:1a:89:a3:22:7b:
         8a:c9:89:1c:0e:56:9d:4c:f7:3b:12:64:21:61:71:57:bf:66:
         de:5c:da:6d:3c:c9:e4:66:d3:24:14:a8:38:d1:f6:05:7f:e7:
         1c:62:92:4e:e1:26:ec:df:ba:dc:45:a7:a8:eb:be:ad:9f:07:
         01:0b:e7:ff:34:a3:a5:4b:cc:d5:b3:af:2b:0e:17:03:56:12:
         97:20:bf:b0:dd:3f:56:32:29:c8:ec:45:79:d3:9b:5b:a9:fc:
         b0:86:12:7b:41:0f:2e:40:f5:0c:59:2d:06:30:da:53:c0:2f:
         0d:ee:18:4e:91:1a:34:f2:38:4c:5f:c4:70:11:08:9d:9f:e2:
         14:f8:c9:31:a8:c5:2c:15:f8:2c:41:45:f3:61:17:11:ab:6b:
         0d:6d:33:68
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAY+pnff3DLr2bTFfVIiVgvtIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNTI0MDgwMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGExMTI3MTA0MzRlODVhZTVmZTZmYmY0MWU3NmJkZGY5MzgxOGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA25hS/EsxskuAj6m69Mb6r/H7kLXX
GoCtyFd0T3Y6a7prCRvk5wVOxlTNESkOvJ++uLTLbj5F+eGYmdk0as2XNOjBLnsw
oqgjsDDlHCDIyvdXauFfnPjgXhwt08r0JLQeaHwbgck9namwcGoUUx38KgH8v+CT
TL8i/eCXQvTUmT3qUGMkf+vyXiUTP0PrMgCCG6VeyfhqGPSgWIFLzysmpPU5RItz
vvwp2p3hpD/iLfuWOrwXIfGIOlBodUZp4Jb5mdzZlJizL8M08GBXFD53IgY0nPQu
gMvGTY5RDQfUmaiVSVcoSlKj0oWyZvgasKRmfWt9EqXHHxpMUN/6e7I03wIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFPChEnEENOha5f5vv0Hna935OBjPMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzlhLzI5NGE4
MS01MjM3LTRiZjMtYTA1Yi1hODhhNGQwOTRhZjAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWEvMjk0YTgx
LTUyMzctNGJmMy1hMDViLWE4OGE0ZDA5NGFmMC8xLzhLRVNjUVEwNkZybF9tLV9R
ZWRyM2ZrNEdNOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9X3MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMw4DANBgkqhkiG9w0BAQsFAAOCAQEANcZGRNM45oIzNcdsgWIqKc3LP+td35ww
0/bei8AFiwoSbLLEBsv/NxGxr34402PGG/PH3AOyroaCTEOfQBCeGW7YcUibYTrS
vEBf/LuC2r6qcIJj/8/sJGPm62C6aomevMZwMfz/OxqJoyJ7ismJHA5WnUz3OxJk
IWFxV79m3lzabTzJ5GbTJBSoONH2BX/nHGKSTuEm7N+63EWnqOu+rZ8HAQvn/zSj
pUvM1bOvKw4XA1YSlyC/sN0/VjIpyOxFedObW6n8sIYSe0EPLkD1DFktBjDaU8Av
De4YTpEaNPI4TF/EcBEInZ/iFPjJMajFLBX4LEFF82EXEatrDW0zaA==
-----END CERTIFICATE-----