Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/E9gEKigBXSfzWx8atzYR6FEbaSM.cer
File:                     E9gEKigBXSfzWx8atzYR6FEbaSM.cer (raw, json)
Hash identifier:          DCi/O9IqdniZ6EucHcfhyuVYaX3WnDNqru4b/prNSFU=
Subject key identifier:   13:D8:04:2A:28:01:5D:27:F3:5B:1F:1A:B7:36:11:E8:51:1B:69:23
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DADCC53A82CA79260431868013738E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e8/d7f2d8-46cd-41fd-8008-a4296ad98635/1/E9gEKigBXSfzWx8atzYR6FEbaSM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e8/d7f2d8-46cd-41fd-8008-a4296ad98635/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:32 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 52074
                          IP: 91.221.218.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 08:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:dc:c5:3a:82:ca:79:26:04:31:86:80:13:73:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13d8042a28015d27f35b1f1ab73611e8511b6923
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:9b:1f:f6:86:74:34:e4:37:c2:89:f9:57:1f:
                    d7:f7:ba:a0:39:fd:da:91:c2:8c:6b:21:bb:1b:bf:
                    17:97:a0:16:12:6d:03:8e:40:c7:00:d3:25:8d:fb:
                    a5:83:20:55:73:9f:85:62:c1:2b:a8:00:08:f8:5c:
                    09:79:1c:8c:53:b9:54:8b:51:51:b8:35:8f:0b:f3:
                    1c:cd:c3:3f:96:d3:61:29:d9:c5:49:a8:35:3d:96:
                    2d:08:8c:55:61:d2:aa:c6:93:9d:99:0d:a2:71:1e:
                    cc:d6:e1:95:e3:13:cf:77:c9:58:ff:1f:97:0c:76:
                    ed:19:bd:b4:a0:9d:dd:a0:18:3c:be:68:1c:f7:96:
                    8d:7c:28:a7:5e:a8:27:7e:a0:a7:0b:24:17:4a:74:
                    3e:b3:6d:c3:16:0b:cb:ab:1f:a6:3c:78:ad:6a:b2:
                    2c:8a:88:37:ed:d7:59:33:97:51:96:38:19:a8:23:
                    7d:4f:f2:82:c3:c6:96:48:6a:18:b9:09:74:6e:3e:
                    a9:cf:38:ff:98:bb:d0:c6:30:a3:24:c3:3c:5b:1c:
                    a1:af:4e:43:f5:ea:cc:9f:58:59:95:d6:30:8d:89:
                    49:2a:53:01:7e:c8:1c:f6:2e:53:de:7b:70:7a:1a:
                    57:58:f7:68:c8:ba:0a:ed:f3:56:c8:91:4b:30:61:
                    8c:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:D8:04:2A:28:01:5D:27:F3:5B:1F:1A:B7:36:11:E8:51:1B:69:23
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/d7f2d8-46cd-41fd-8008-a4296ad98635/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/d7f2d8-46cd-41fd-8008-a4296ad98635/1/E9gEKigBXSfzWx8atzYR6FEbaSM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.218.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  52074

    Signature Algorithm: sha256WithRSAEncryption
         34:ec:d8:88:06:ef:c9:de:da:8e:24:53:fc:7b:bc:85:76:24:
         c6:86:8c:d2:a0:1f:e2:4e:26:6f:da:fe:fb:5a:13:40:ce:51:
         32:1d:ee:ff:a6:da:12:0f:96:fb:1d:bd:e9:40:f9:12:0d:e1:
         e6:3f:7a:68:0d:4e:c7:3e:9b:a7:29:f4:ee:10:06:06:f5:d3:
         fe:1e:b1:15:03:ef:32:27:c7:1a:d2:20:7a:12:35:4b:22:1e:
         5b:90:95:05:66:b1:9e:2f:b6:20:66:63:a1:d0:96:f0:c3:f3:
         a4:7c:31:1e:c7:5c:9a:96:22:98:fa:8e:8e:3a:ab:a7:dc:c9:
         2b:a3:3e:1f:9f:3c:00:35:33:63:2d:ea:9b:80:e0:92:c0:43:
         b2:df:b8:c5:8a:b4:7e:ea:88:a1:7b:27:7e:7d:a5:01:63:48:
         ef:24:cb:9b:80:0f:fd:00:56:d3:ce:a4:f0:02:73:a8:a3:b9:
         e2:ea:a6:77:05:dd:bc:41:9e:ad:e4:fb:50:45:b6:9b:bd:d9:
         b9:b8:0a:9c:dc:d2:61:24:b9:5d:9b:00:75:72:4c:9e:14:0f:
         9c:e9:de:c1:7d:bd:75:8a:80:02:af:1a:c5:49:f5:54:be:f2:
         3d:dc:ff:e8:cd:0b:d0:95:d6:71:f4:5f:ab:0c:b2:dd:64:5e:
         b0:65:65:0a
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzC2tzFOoLKeSYEMYaAE3OOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2Q4MDQyYTI4MDE1ZDI3ZjM1YjFmMWFiNzM2MTFlODUxMWI2OTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspsf9oZ0NOQ3won5Vx/X97qgOf3a
kcKMayG7G78Xl6AWEm0DjkDHANMljfulgyBVc5+FYsErqAAI+FwJeRyMU7lUi1FR
uDWPC/MczcM/ltNhKdnFSag1PZYtCIxVYdKqxpOdmQ2icR7M1uGV4xPPd8lY/x+X
DHbtGb20oJ3doBg8vmgc95aNfCinXqgnfqCnCyQXSnQ+s23DFgvLqx+mPHitarIs
iog37ddZM5dRljgZqCN9T/KCw8aWSGoYuQl0bj6pzzj/mLvQxjCjJMM8Wxyhr05D
9erMn1hZldYwjYlJKlMBfsgc9i5T3ntwehpXWPdoyLoK7fNWyJFLMGGMfwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFBPYBCooAV0n81sfGrc2EehRG2kjMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U4L2Q3ZjJk
OC00NmNkLTQxZmQtODAwOC1hNDI5NmFkOTg2MzUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTgvZDdmMmQ4
LTQ2Y2QtNDFmZC04MDA4LWE0Mjk2YWQ5ODYzNS8xL0U5Z0VLaWdCWFNmeld4OGF0
ellSNkZFYmFTTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBW93aMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDLajANBgkqhkiG9w0BAQsFAAOCAQEANOzYiAbvyd7ajiRT/Hu8hXYkxoaM0qAf
4k4mb9r++1oTQM5RMh3u/6baEg+W+x296UD5Eg3h5j96aA1Oxz6bpyn07hAGBvXT
/h6xFQPvMifHGtIgehI1SyIeW5CVBWaxni+2IGZjodCW8MPzpHwxHsdcmpYimPqO
jjqrp9zJK6M+H588ADUzYy3qm4DgksBDst+4xYq0fuqIoXsnfn2lAWNI7yTLm4AP
/QBW086k8AJzqKO54uqmdwXdvEGereT7UEW2m73ZubgKnNzSYSS5XZsAdXJMnhQP
nOnewX29dYqAAq8axUn1VL7yPdz/6M0L0JXWcfRfqwyy3WResGVlCg==
-----END CERTIFICATE-----