Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Fj0lchgPS3hPtPKl7VDp_l5r5qc.cer
File:                     Fj0lchgPS3hPtPKl7VDp_l5r5qc.cer (raw, json)
Hash identifier:          E6mSXaEvAyJsxyfvfP65YuDNNu6HG57XL6Nou/bAIZM=
Subject key identifier:   16:3D:25:72:18:0F:4B:78:4F:B4:F2:A5:ED:50:E9:FE:5E:6B:E6:A7
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DB57D6CE2330F1C030119D85379F69
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ce/e9a0a1-1135-495c-869a-70bbc7c0a9a5/1/Fj0lchgPS3hPtPKl7VDp_l5r5qc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ce/e9a0a1-1135-495c-869a-70bbc7c0a9a5/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:30:03 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 48637
                          IP: 91.209.214.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 08:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:57:d6:ce:23:30:f1:c0:30:11:9d:85:37:9f:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=163d2572180f4b784fb4f2a5ed50e9fe5e6be6a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:dd:83:bb:ae:bb:07:08:7b:8c:f9:d2:70:41:
                    fa:44:ec:ab:ef:9c:55:28:34:4a:af:a4:e5:43:a4:
                    f7:71:0c:d2:22:dc:c2:16:fe:02:f8:d1:83:79:dd:
                    9b:30:b1:c8:17:2b:df:f9:ff:29:b1:98:37:f3:38:
                    16:69:4f:2c:63:e0:9b:b6:57:91:52:d8:d4:ab:77:
                    ac:35:01:3d:bc:1b:12:22:c7:a0:62:01:6a:a6:4f:
                    0e:b8:30:fb:d2:b2:56:9e:74:ea:29:45:72:f0:40:
                    12:9f:e2:49:7b:e1:b3:0a:da:23:f6:e2:b6:58:ae:
                    2a:b3:5b:7e:30:32:63:c1:7f:a4:50:2f:8b:47:66:
                    0e:1e:77:c2:08:67:23:41:fe:5a:e8:f5:76:ca:31:
                    cf:d7:69:db:77:54:15:43:c9:0b:dd:6c:37:05:81:
                    72:b3:8f:0f:4e:01:e5:c2:cb:a4:f4:a7:c7:3d:ac:
                    92:57:85:c4:60:5e:71:ab:d2:7d:92:d2:c7:6b:04:
                    6d:9a:dd:e2:4c:b5:97:fd:0a:44:dd:cc:91:e3:6f:
                    e3:14:6b:41:b5:29:f8:a0:3f:7c:ce:2f:13:1a:32:
                    bc:b1:79:63:51:e4:d4:93:72:e9:3c:07:9e:15:3f:
                    64:aa:22:43:de:e7:d3:4e:80:0c:71:54:01:2d:c4:
                    2a:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:3D:25:72:18:0F:4B:78:4F:B4:F2:A5:ED:50:E9:FE:5E:6B:E6:A7
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/e9a0a1-1135-495c-869a-70bbc7c0a9a5/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/e9a0a1-1135-495c-869a-70bbc7c0a9a5/1/Fj0lchgPS3hPtPKl7VDp_l5r5qc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.214.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  48637

    Signature Algorithm: sha256WithRSAEncryption
         5e:1b:ab:be:10:39:9b:c4:59:6f:1a:45:33:bd:e9:1d:99:7f:
         09:aa:df:16:15:9d:2a:2a:ff:c4:ff:15:55:75:71:54:7f:17:
         86:74:b9:9a:8a:03:6d:c1:22:d9:dc:92:4e:07:d5:e3:de:69:
         9d:7e:b4:38:4a:35:60:0d:ac:48:bc:30:d9:af:fd:f3:11:17:
         77:c2:f8:8c:07:32:9b:67:19:87:99:3b:02:de:07:8b:da:97:
         1f:ca:8a:dc:e9:ad:cb:89:20:76:6b:7b:be:ed:8d:cb:f5:1b:
         14:23:4e:d6:0b:9b:b1:e3:a2:3f:c5:9e:96:e3:ad:66:0b:e3:
         21:8a:0b:a3:9e:cc:6e:9a:ee:67:33:bf:ef:34:93:18:d3:fc:
         c8:56:fe:fd:c2:66:4d:7f:66:5b:a5:91:66:e2:15:82:67:33:
         3b:86:27:cd:74:0c:f0:5d:c8:39:28:81:96:3e:5d:fc:cc:0d:
         a2:b0:59:c1:e1:74:85:1f:42:a0:64:da:16:44:d3:76:e4:79:
         73:a8:9f:d0:da:17:3d:81:29:97:8d:45:45:be:99:a2:24:4e:
         f5:23:de:b9:b9:56:23:6d:df:ef:f9:e8:6e:24:c4:a9:b2:76:
         b7:06:cc:c4:28:a6:3d:2c:26:a1:8b:4c:a0:be:45:46:23:7f:
         1e:40:bb:b3
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzC21fWziMw8cAwEZ2FN59pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjNkMjU3MjE4MGY0Yjc4NGZiNGYyYTVlZDUwZTlmZTVlNmJlNmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqN2Du667Bwh7jPnScEH6ROyr75xV
KDRKr6TlQ6T3cQzSItzCFv4C+NGDed2bMLHIFyvf+f8psZg38zgWaU8sY+CbtleR
UtjUq3esNQE9vBsSIsegYgFqpk8OuDD70rJWnnTqKUVy8EASn+JJe+GzCtoj9uK2
WK4qs1t+MDJjwX+kUC+LR2YOHnfCCGcjQf5a6PV2yjHP12nbd1QVQ8kL3Ww3BYFy
s48PTgHlwsuk9KfHPaySV4XEYF5xq9J9ktLHawRtmt3iTLWX/QpE3cyR42/jFGtB
tSn4oD98zi8TGjK8sXljUeTUk3LpPAeeFT9kqiJD3ufTToAMcVQBLcQq/wIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFBY9JXIYD0t4T7Type1Q6f5ea+anMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NlL2U5YTBh
MS0xMTM1LTQ5NWMtODY5YS03MGJiYzdjMGE5YTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2UvZTlhMGEx
LTExMzUtNDk1Yy04NjlhLTcwYmJjN2MwYTlhNS8xL0ZqMGxjaGdQUzNoUHRQS2w3
VkRwX2w1cjVxYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9HWMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwC9/TANBgkqhkiG9w0BAQsFAAOCAQEAXhurvhA5m8RZbxpFM73pHZl/CarfFhWd
Kir/xP8VVXVxVH8XhnS5mooDbcEi2dySTgfV495pnX60OEo1YA2sSLww2a/98xEX
d8L4jAcym2cZh5k7At4Hi9qXH8qK3Omty4kgdmt7vu2Ny/UbFCNO1gubseOiP8We
luOtZgvjIYoLo57MbpruZzO/7zSTGNP8yFb+/cJmTX9mW6WRZuIVgmczO4YnzXQM
8F3IOSiBlj5d/MwNorBZweF0hR9CoGTaFkTTduR5c6if0NoXPYEpl41FRb6ZoiRO
9SPeublWI23f7/nobiTEqbJ2twbMxCimPSwmoYtMoL5FRiN/HkC7sw==
-----END CERTIFICATE-----