Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9NwmxibFHF3vbyRm849VslApZC8.cer
File:                     9NwmxibFHF3vbyRm849VslApZC8.cer (raw, json)
Hash identifier:          wqZhLGJbcu4FJj/xnud5G5kA3vWd17Imkn0ke3XNWCo=
Subject key identifier:   F4:DC:26:C6:26:C5:1C:5D:EF:6F:24:66:F3:8F:55:B2:50:29:64:2F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA99D7849C97CD8616366C5BDE4EEC33
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/90/0879d8-f216-45ab-bf87-23e1dadf106c/1/9NwmxibFHF3vbyRm849VslApZC8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/90/0879d8-f216-45ab-bf87-23e1dadf106c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 14:35:29 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 210364
                          IP: 193.200.33.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 25 Apr 2024 14:05:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:d7:84:9c:97:cd:86:16:36:6c:5b:de:4e:ec:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 14:35:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4dc26c626c51c5def6f2466f38f55b25029642f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:12:51:0f:dd:d0:4f:04:63:19:e4:42:b3:a5:
                    f3:19:c5:61:f0:b1:16:4c:a9:83:30:0c:b5:b4:bd:
                    fc:12:e8:d5:6e:d9:8f:03:8d:17:ef:cc:49:22:d6:
                    c6:9a:17:59:df:39:71:49:4e:ea:73:c6:27:c3:36:
                    58:24:d6:9b:ec:b3:23:24:eb:80:e3:56:12:46:31:
                    52:62:d3:ed:73:af:1f:d7:c9:cc:5e:39:7a:a6:9c:
                    4c:7b:c3:fc:66:0e:45:17:ed:ec:7d:05:f8:01:7d:
                    c9:b1:2d:cf:58:12:fc:4b:2b:ae:c0:41:93:9d:f8:
                    54:0a:d3:ff:c8:3f:b3:bf:e0:49:34:1d:2a:98:01:
                    91:77:68:fb:bb:a5:e6:c5:21:41:78:49:f7:7e:49:
                    4d:0d:cd:c1:cb:0a:1f:0a:f9:9f:21:1a:fa:81:46:
                    77:d1:25:58:76:54:db:0e:38:ea:90:7b:5e:63:46:
                    63:e7:fc:3e:28:9b:2c:e1:c9:ce:06:51:52:3c:b5:
                    f5:55:20:8e:86:84:7f:3b:be:dc:3c:8f:f2:5c:59:
                    70:6b:dd:88:d4:01:72:d2:b5:26:67:70:d0:d9:1a:
                    47:57:e0:74:15:eb:fe:49:58:95:42:9d:de:48:e2:
                    55:1e:07:99:b2:48:95:84:57:a4:e9:db:d2:8f:37:
                    7c:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:DC:26:C6:26:C5:1C:5D:EF:6F:24:66:F3:8F:55:B2:50:29:64:2F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/0879d8-f216-45ab-bf87-23e1dadf106c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/0879d8-f216-45ab-bf87-23e1dadf106c/1/9NwmxibFHF3vbyRm849VslApZC8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.33.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210364

    Signature Algorithm: sha256WithRSAEncryption
         9b:27:63:2e:01:54:e4:2d:0e:93:0f:53:71:de:28:26:d2:28:
         d4:51:44:98:2a:73:9c:2c:72:11:9c:f3:b7:8a:76:ff:5b:54:
         25:49:97:4b:03:4b:40:69:56:bc:8e:9b:41:0f:d8:6a:ac:3b:
         3b:73:20:b8:1c:bb:15:4d:06:14:6a:f6:2a:70:f2:09:54:34:
         46:85:e1:14:3a:1f:78:48:f2:e2:46:58:69:5a:0e:a5:7c:27:
         b2:e8:a3:9b:12:ad:87:6b:41:e4:f4:68:7d:d1:75:e6:03:76:
         8b:98:4b:2a:b2:5b:65:c6:5a:ae:33:8b:7b:ea:fc:4e:14:f6:
         46:ee:83:e9:ce:86:4b:85:66:f1:75:e3:ad:89:47:06:97:f0:
         34:f7:e4:3f:18:26:4e:3b:00:ef:88:72:5d:f2:f7:dc:89:70:
         5a:e3:c2:3e:1d:ff:65:03:ae:17:0d:41:4f:bf:ec:b4:52:4c:
         73:a3:95:8b:54:3f:16:bb:68:5e:b7:86:83:a3:f4:39:9c:97:
         c0:60:a4:aa:ec:7d:38:ac:b6:74:aa:07:d7:98:24:c0:ff:aa:
         5b:9c:db:16:f5:9e:56:1a:17:7d:40:e5:fe:83:06:81:b3:44:
         f9:54:7c:3d:58:12:71:1e:bf:8a:5c:8e:05:36:1c:3b:a1:57:
         b2:bd:f9:15
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzKmdeEnJfNhhY2bFveTuwzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTQzNTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGRjMjZjNjI2YzUxYzVkZWY2ZjI0NjZmMzhmNTViMjUwMjk2NDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhJRD93QTwRjGeRCs6XzGcVh8LEW
TKmDMAy1tL38EujVbtmPA40X78xJItbGmhdZ3zlxSU7qc8YnwzZYJNab7LMjJOuA
41YSRjFSYtPtc68f18nMXjl6ppxMe8P8Zg5FF+3sfQX4AX3JsS3PWBL8SyuuwEGT
nfhUCtP/yD+zv+BJNB0qmAGRd2j7u6XmxSFBeEn3fklNDc3BywofCvmfIRr6gUZ3
0SVYdlTbDjjqkHteY0Zj5/w+KJss4cnOBlFSPLX1VSCOhoR/O77cPI/yXFlwa92I
1AFy0rUmZ3DQ2RpHV+B0Fev+SViVQp3eSOJVHgeZskiVhFek6dvSjzd8RwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFPTcJsYmxRxd728kZvOPVbJQKWQvMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkwLzA4Nzlk
OC1mMjE2LTQ1YWItYmY4Ny0yM2UxZGFkZjEwNmMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTAvMDg3OWQ4
LWYyMTYtNDVhYi1iZjg3LTIzZTFkYWRmMTA2Yy8xLzlOd214aWJGSEYzdmJ5Um04
NDlWc2xBcFpDOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwcghMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwM1vDANBgkqhkiG9w0BAQsFAAOCAQEAmydjLgFU5C0Okw9Tcd4oJtIo1FFEmCpz
nCxyEZzzt4p2/1tUJUmXSwNLQGlWvI6bQQ/Yaqw7O3MguBy7FU0GFGr2KnDyCVQ0
RoXhFDofeEjy4kZYaVoOpXwnsuijmxKth2tB5PRofdF15gN2i5hLKrJbZcZarjOL
e+r8ThT2Ru6D6c6GS4Vm8XXjrYlHBpfwNPfkPxgmTjsA74hyXfL33IlwWuPCPh3/
ZQOuFw1BT7/stFJMc6OVi1Q/FrtoXreGg6P0OZyXwGCkqux9OKy2dKoH15gkwP+q
W5zbFvWeVhoXfUDl/oMGgbNE+VR8PVgScR6/ilyOBTYcO6FXsr35FQ==
-----END CERTIFICATE-----