Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/IsXMfDZMkOr6uml-C_WfBVaalpU.cer
File:                     IsXMfDZMkOr6uml-C_WfBVaalpU.cer (raw, json)
Hash identifier:          BUN7ptMgTnYWA7yTz6cUfpIs3m5O+kY/C3g22ZIKiyU=
Subject key identifier:   22:C5:CC:7C:36:4C:90:EA:FA:BA:69:7E:0B:F5:9F:05:56:9A:96:95
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC80148969861E22225D1C6049768A65B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/01/569442-4e6d-4ebe-9bb2-3fdb753a8619/1/IsXMfDZMkOr6uml-C_WfBVaalpU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/01/569442-4e6d-4ebe-9bb2-3fdb753a8619/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:29:36 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 41971
                          IP: 194.60.82.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 00:45:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:48:96:98:61:e2:22:25:d1:c6:04:97:68:a6:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22c5cc7c364c90eafaba697e0bf59f05569a9695
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:7c:aa:0a:ed:4a:21:f2:40:57:1b:0a:93:f5:
                    88:e1:6f:1a:6f:28:1c:fa:a6:2d:e9:82:9c:77:ee:
                    61:c3:21:61:44:35:45:a5:fa:43:a2:cf:de:4c:dc:
                    d3:0d:18:85:f8:20:97:5e:b5:a0:69:44:7b:a8:0d:
                    1e:a3:98:6e:0f:e4:5c:22:f7:72:5f:cb:2a:32:6e:
                    f4:e0:4b:e6:3c:0a:73:66:3b:56:21:01:2d:5a:2e:
                    bb:4b:21:b9:c0:c8:66:a8:10:a5:ff:4a:38:b5:02:
                    e7:f5:4e:32:21:e9:b7:22:f5:99:35:66:55:f9:61:
                    7f:6d:d9:e7:dd:07:a0:f6:ef:da:71:12:8c:04:67:
                    db:bb:de:a7:30:9a:65:2d:6b:ee:ee:0e:76:9c:95:
                    4a:94:ff:90:ef:06:f3:57:51:49:d0:44:14:05:eb:
                    2b:ab:e0:66:1b:0c:71:b6:92:32:00:23:1c:eb:fc:
                    16:95:85:ac:cc:bf:cf:6c:3e:c5:0e:c6:f4:bf:f2:
                    dd:82:d3:a8:d9:87:21:fd:08:f2:21:7a:37:49:96:
                    43:5d:d6:39:84:a8:52:db:63:d3:5d:00:28:6d:67:
                    00:75:01:45:26:75:4d:bc:fd:c8:7f:c1:26:65:23:
                    a4:eb:64:7f:e0:6a:c8:91:61:67:91:10:e3:ce:6d:
                    47:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:C5:CC:7C:36:4C:90:EA:FA:BA:69:7E:0B:F5:9F:05:56:9A:96:95
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/569442-4e6d-4ebe-9bb2-3fdb753a8619/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/569442-4e6d-4ebe-9bb2-3fdb753a8619/1/IsXMfDZMkOr6uml-C_WfBVaalpU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.60.82.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  41971

    Signature Algorithm: sha256WithRSAEncryption
         96:61:74:6b:1a:5a:59:9c:65:92:e2:4c:82:fc:fb:21:bd:b1:
         a5:86:f9:07:c6:b2:f1:e8:3d:d3:cc:c7:b3:79:b8:b8:f8:35:
         65:ed:bb:0d:4d:64:d8:9b:c5:13:14:ed:35:c8:0c:03:88:a8:
         04:5f:54:ac:cd:ea:f0:5f:58:1c:2e:ea:9b:a0:b4:1f:b0:da:
         0b:af:90:51:cc:97:90:b0:a5:3a:76:c8:b5:39:42:95:5d:fe:
         39:f2:d0:25:0f:39:ed:b7:f5:12:e2:61:48:97:9c:70:29:54:
         24:17:8d:09:26:6c:16:6e:23:d6:4b:a4:4b:60:62:a2:7b:2c:
         28:13:8d:86:63:3e:52:f5:94:0f:c1:e6:33:a7:54:4f:66:ff:
         2c:f7:fd:50:d3:d4:17:6e:8b:b9:86:58:74:53:bf:fb:93:e2:
         b4:c7:c6:49:4e:a6:37:2f:c2:b2:ea:d5:55:58:7c:d2:dd:7a:
         74:5d:dd:3b:f9:0c:c5:56:26:a6:f9:a6:ad:25:78:f7:d3:2b:
         51:25:74:1e:b0:c4:88:a7:32:c1:d7:eb:2f:3a:0b:55:92:12:
         df:16:0b:b9:c7:94:6c:b3:8b:a0:00:cc:85:f9:e6:f1:dc:b3:
         6b:e3:37:12:18:ed:92:ef:46:2a:63:1c:e0:6e:b8:03:cd:70:
         42:fa:c8:ed
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzIAUiWmGHiIiXRxgSXaKZbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmM1Y2M3YzM2NGM5MGVhZmFiYTY5N2UwYmY1OWYwNTU2OWE5Njk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXyqCu1KIfJAVxsKk/WI4W8abygc
+qYt6YKcd+5hwyFhRDVFpfpDos/eTNzTDRiF+CCXXrWgaUR7qA0eo5huD+RcIvdy
X8sqMm704EvmPApzZjtWIQEtWi67SyG5wMhmqBCl/0o4tQLn9U4yIem3IvWZNWZV
+WF/bdnn3Qeg9u/acRKMBGfbu96nMJplLWvu7g52nJVKlP+Q7wbzV1FJ0EQUBesr
q+BmGwxxtpIyACMc6/wWlYWszL/PbD7FDsb0v/LdgtOo2Ych/QjyIXo3SZZDXdY5
hKhS22PTXQAobWcAdQFFJnVNvP3If8EmZSOk62R/4GrIkWFnkRDjzm1HfQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFCLFzHw2TJDq+rppfgv1nwVWmpaVMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzAxLzU2OTQ0
Mi00ZTZkLTRlYmUtOWJiMi0zZmRiNzUzYTg2MTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDEvNTY5NDQy
LTRlNmQtNGViZS05YmIyLTNmZGI3NTNhODYxOS8xL0lzWE1mRFpNa09yNnVtbC1D
X1dmQlZhYWxwVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwjxSMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCj8zANBgkqhkiG9w0BAQsFAAOCAQEAlmF0axpaWZxlkuJMgvz7Ib2xpYb5B8ay
8eg908zHs3m4uPg1Ze27DU1k2JvFExTtNcgMA4ioBF9UrM3q8F9YHC7qm6C0H7Da
C6+QUcyXkLClOnbItTlClV3+OfLQJQ857bf1EuJhSJeccClUJBeNCSZsFm4j1kuk
S2BionssKBONhmM+UvWUD8HmM6dUT2b/LPf9UNPUF26LuYZYdFO/+5PitMfGSU6m
Ny/CsurVVVh80t16dF3dO/kMxVYmpvmmrSV499MrUSV0HrDEiKcywdfrLzoLVZIS
3xYLuceUbLOLoADMhfnm8dyza+M3Ehjtku9GKmMc4G64A81wQvrI7Q==
-----END CERTIFICATE-----