Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ELQ2E1Nf-qc9msxQPHGij6F7ODk.cer
File:                     ELQ2E1Nf-qc9msxQPHGij6F7ODk.cer (raw, json)
Hash identifier:          ra2g3siMgiobdly8aafuW9bTEGVLN1FafpJ8b1Aq+t4=
Subject key identifier:   10:B4:36:13:53:5F:FA:A7:3D:9A:CC:50:3C:71:A2:8F:A1:7B:38:39
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC6B797BE142A32E12DA8CDED10B71C65
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/88/2ee71b-8ffe-4eb6-9434-cf3c1a79e634/1/ELQ2E1Nf-qc9msxQPHGij6F7ODk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/88/2ee71b-8ffe-4eb6-9434-cf3c1a79e634/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 20:29:29 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 49772
                          IP: 91.213.210.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 02:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:97:be:14:2a:32:e1:2d:a8:cd:ed:10:b7:1c:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10b43613535ffaa73d9acc503c71a28fa17b3839
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:35:47:b1:36:26:0f:11:fa:e9:5b:cd:9a:53:
                    c3:12:18:1a:fa:85:53:da:a9:8a:de:cb:e5:ee:43:
                    77:1a:5d:70:db:5d:ce:99:34:d5:cc:26:a9:29:1e:
                    81:95:b0:c6:d3:83:13:a8:ed:4a:ee:1b:3d:78:c7:
                    af:ae:9d:e6:2a:1a:c9:d3:43:e7:86:5a:04:88:a3:
                    59:aa:72:57:c4:33:e1:60:6d:f4:6b:89:73:f7:a3:
                    73:5f:68:2f:91:d4:5e:72:6a:e4:fc:61:98:d3:aa:
                    d8:e3:a9:37:0d:35:ac:ee:46:05:fe:8f:30:de:36:
                    fb:3a:8a:fe:a7:4b:1f:0a:40:12:c3:38:99:f2:fe:
                    3e:37:c9:8f:d9:d1:92:8b:53:1e:19:24:f3:dc:04:
                    56:b8:39:5a:fe:11:8a:5b:de:cb:7e:37:51:00:09:
                    84:25:fb:16:71:a0:1a:ad:dc:ae:86:b5:9a:a4:7a:
                    2f:96:8e:b3:ff:d3:83:35:02:5c:d3:f2:29:63:f7:
                    af:be:88:25:96:b0:78:b4:d4:94:46:81:d3:61:cd:
                    7f:e9:6f:96:2e:19:c1:80:6e:8f:b9:50:a7:38:6d:
                    71:54:16:0e:59:71:38:32:52:0f:2e:37:1a:73:74:
                    18:e1:9b:9c:ce:73:75:ff:97:b1:33:f6:9f:9e:8b:
                    f5:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:B4:36:13:53:5F:FA:A7:3D:9A:CC:50:3C:71:A2:8F:A1:7B:38:39
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2ee71b-8ffe-4eb6-9434-cf3c1a79e634/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2ee71b-8ffe-4eb6-9434-cf3c1a79e634/1/ELQ2E1Nf-qc9msxQPHGij6F7ODk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.210.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  49772

    Signature Algorithm: sha256WithRSAEncryption
         25:df:21:7f:ff:12:81:c6:f2:1a:21:96:f9:c7:32:b6:c8:32:
         59:63:e6:54:9c:97:b2:b4:c5:ca:ee:8e:89:ce:1b:16:31:5b:
         23:0d:43:96:7c:59:86:4e:bc:4c:ff:83:aa:6b:9a:13:d2:03:
         01:31:c5:4c:6c:70:18:37:1b:1c:fb:3b:56:0d:ca:5b:27:fd:
         8d:d6:11:68:a7:88:b7:88:98:2b:b7:b1:4f:03:b0:8a:ef:84:
         1f:77:ce:29:0a:0e:8f:4d:f4:e3:16:5c:1b:a0:2e:75:9f:89:
         5a:eb:42:5a:44:d9:00:6d:98:3d:a4:d4:2e:f2:e6:49:cc:5d:
         25:91:d2:2f:dc:1e:40:c5:a9:bf:16:92:e0:eb:81:25:46:78:
         7e:21:e1:ac:a6:96:be:04:a1:b0:fa:23:61:3c:44:7d:55:a9:
         ef:53:a3:a0:6c:0a:9b:d0:17:0d:23:1c:d7:bd:23:11:ec:57:
         14:1c:06:ea:c1:56:f6:c1:a0:ba:21:41:a2:47:9e:ec:65:e3:
         c9:82:a7:0f:10:6e:75:d0:d0:61:78:8c:be:59:67:b3:06:bc:
         8d:f0:2c:e2:d3:f5:58:e2:97:21:1d:bf:76:c0:bd:3e:5c:6d:
         60:cf:de:1b:0e:1f:75:b6:2d:00:9e:a5:f7:cc:bd:06:e1:06:
         d6:44:f2:8a
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzGt5e+FCoy4S2oze0QtxxlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGI0MzYxMzUzNWZmYWE3M2Q5YWNjNTAzYzcxYTI4ZmExN2IzODM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzVHsTYmDxH66VvNmlPDEhga+oVT
2qmK3svl7kN3Gl1w213OmTTVzCapKR6BlbDG04MTqO1K7hs9eMevrp3mKhrJ00Pn
hloEiKNZqnJXxDPhYG30a4lz96NzX2gvkdRecmrk/GGY06rY46k3DTWs7kYF/o8w
3jb7Oor+p0sfCkASwziZ8v4+N8mP2dGSi1MeGSTz3ARWuDla/hGKW97LfjdRAAmE
JfsWcaAardyuhrWapHovlo6z/9ODNQJc0/IpY/evvogllrB4tNSURoHTYc1/6W+W
LhnBgG6PuVCnOG1xVBYOWXE4MlIPLjcac3QY4ZucznN1/5exM/afnov1ZQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFBC0NhNTX/qnPZrMUDxxoo+hezg5MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg4LzJlZTcx
Yi04ZmZlLTRlYjYtOTQzNC1jZjNjMWE3OWU2MzQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODgvMmVlNzFi
LThmZmUtNGViNi05NDM0LWNmM2MxYTc5ZTYzNC8xL0VMUTJFMU5mLXFjOW1zeFFQ
SEdpajZGN09Eay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9XSMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDCbDANBgkqhkiG9w0BAQsFAAOCAQEAJd8hf/8SgcbyGiGW+ccytsgyWWPmVJyX
srTFyu6Oic4bFjFbIw1DlnxZhk68TP+DqmuaE9IDATHFTGxwGDcbHPs7Vg3KWyf9
jdYRaKeIt4iYK7exTwOwiu+EH3fOKQoOj0304xZcG6AudZ+JWutCWkTZAG2YPaTU
LvLmScxdJZHSL9weQMWpvxaS4OuBJUZ4fiHhrKaWvgShsPojYTxEfVWp71OjoGwK
m9AXDSMc170jEexXFBwG6sFW9sGguiFBokee7GXjyYKnDxBuddDQYXiMvllnswa8
jfAs4tP1WOKXIR2/dsC9PlxtYM/eGw4fdbYtAJ6l98y9BuEG1kTyig==
-----END CERTIFICATE-----