Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/J97R2QxNUraHECO8cSltCKmMTNs.cer
File:                     J97R2QxNUraHECO8cSltCKmMTNs.cer (raw, json)
Hash identifier:          0aTV5hTKhk/UWHRgGhvyX5CMK7WWNrikizK8b7kpd+E=
Subject key identifier:   27:DE:D1:D9:0C:4D:52:B6:87:10:23:BC:71:29:6D:08:A9:8C:4C:DB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56EC6D468B7D779F2589B00FDF7C8A4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6a/338212-38a7-468d-b874-351ab9f236b0/1/J97R2QxNUraHECO8cSltCKmMTNs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6a/338212-38a7-468d-b874-351ab9f236b0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:30:20 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 207183
                          IP: 185.135.56.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:c6:d4:68:b7:d7:79:f2:58:9b:00:fd:f7:c8:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27ded1d90c4d52b6871023bc71296d08a98c4cdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:38:6c:59:f2:b7:45:58:24:3a:cf:16:47:6b:
                    3a:13:88:7a:0d:fa:1e:6c:42:1d:82:f8:00:06:2d:
                    05:bb:fd:76:6b:8f:bf:06:28:74:31:72:d3:48:d0:
                    32:37:fd:1d:ac:1d:98:42:58:68:41:2b:9f:02:9d:
                    60:38:c9:a5:84:82:a4:75:5f:67:2a:5e:65:96:79:
                    aa:5a:9e:96:46:5e:63:39:85:97:22:f2:e8:27:8d:
                    d8:17:a4:0f:1c:f8:a0:47:70:f4:48:92:cf:21:3b:
                    87:fd:70:0e:8d:0d:6e:40:91:63:d0:f9:2f:50:a0:
                    09:a2:d1:10:a2:e3:f0:f7:3c:c9:47:85:bb:19:f3:
                    ca:76:d3:92:6e:58:59:2f:bd:2f:29:5d:08:32:79:
                    a7:87:7e:80:16:50:7a:4e:a3:f6:4c:b9:31:de:89:
                    75:52:69:6d:d2:1a:df:41:b8:4c:44:ca:22:c9:97:
                    3d:c0:45:2a:cb:17:1a:e0:be:9d:ab:f9:0a:4e:3e:
                    65:89:e1:71:3d:d5:26:dc:ab:74:cf:cc:49:99:5a:
                    db:30:d6:5d:48:b7:a6:b2:0b:03:07:90:cf:cb:6a:
                    3c:65:8c:9c:16:c5:49:f6:d7:3d:a6:d7:14:cb:07:
                    93:ea:5c:c7:77:96:45:fd:59:df:94:ea:51:c0:c8:
                    28:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:DE:D1:D9:0C:4D:52:B6:87:10:23:BC:71:29:6D:08:A9:8C:4C:DB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/338212-38a7-468d-b874-351ab9f236b0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/338212-38a7-468d-b874-351ab9f236b0/1/J97R2QxNUraHECO8cSltCKmMTNs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.56.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  207183

    Signature Algorithm: sha256WithRSAEncryption
         a9:02:0e:9c:1e:14:10:be:fa:00:ec:21:5b:13:bf:69:32:75:
         ef:80:a7:c7:43:37:61:81:2b:40:7f:ce:a1:a3:63:4c:58:18:
         8a:53:75:64:ff:e4:64:3c:85:26:f7:a5:94:af:6a:e4:d9:57:
         29:0d:75:c9:03:ab:60:b6:50:ee:25:45:c7:ff:8e:5f:36:05:
         8e:cb:34:ac:44:01:71:50:ff:81:d0:15:c1:6f:b8:44:04:e6:
         3b:d9:5f:95:d1:8d:99:06:2c:41:b2:48:e0:69:9c:0a:5b:74:
         5a:c3:c7:26:41:e0:60:07:01:67:35:42:d5:84:bb:b2:3f:1b:
         c0:f1:8d:e9:d4:65:57:88:e8:c6:4c:4e:9c:c7:df:87:19:49:
         2c:c3:29:84:34:26:b3:5a:5d:1c:9f:d5:23:7f:b2:40:5d:0e:
         fe:c4:5d:ea:02:35:96:e6:3e:99:f8:2b:08:24:96:ab:32:08:
         f6:9c:40:26:50:4c:5b:6b:2e:80:6b:3f:38:7f:84:7a:7a:9b:
         a7:d3:2c:f0:46:c9:4c:df:79:8b:e7:4a:5d:66:2c:25:18:bf:
         18:3a:0d:73:2b:06:5c:5d:81:dc:af:ca:a4:94:db:82:d5:62:
         ab:4e:78:2f:1e:40:0b:3a:19:24:06:b3:84:8c:33:6a:e1:07:
         d4:e4:57:7e
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzFbsbUaLfXefJYmwD998ikMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2RlZDFkOTBjNGQ1MmI2ODcxMDIzYmM3MTI5NmQwOGE5OGM0Y2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmDhsWfK3RVgkOs8WR2s6E4h6Dfoe
bEIdgvgABi0Fu/12a4+/Bih0MXLTSNAyN/0drB2YQlhoQSufAp1gOMmlhIKkdV9n
Kl5llnmqWp6WRl5jOYWXIvLoJ43YF6QPHPigR3D0SJLPITuH/XAOjQ1uQJFj0Pkv
UKAJotEQouPw9zzJR4W7GfPKdtOSblhZL70vKV0IMnmnh36AFlB6TqP2TLkx3ol1
Umlt0hrfQbhMRMoiyZc9wEUqyxca4L6dq/kKTj5lieFxPdUm3Kt0z8xJmVrbMNZd
SLemsgsDB5DPy2o8ZYycFsVJ9tc9ptcUyweT6lzHd5ZF/VnflOpRwMgoXwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFCfe0dkMTVK2hxAjvHEpbQipjEzbMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZhLzMzODIx
Mi0zOGE3LTQ2OGQtYjg3NC0zNTFhYjlmMjM2YjAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmEvMzM4MjEy
LTM4YTctNDY4ZC1iODc0LTM1MWFiOWYyMzZiMC8xL0o5N1IyUXhOVXJhSEVDTzhj
U2x0Q0ttTVROcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCuYc4MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMpTzANBgkqhkiG9w0BAQsFAAOCAQEAqQIOnB4UEL76AOwhWxO/aTJ174Cnx0M3
YYErQH/OoaNjTFgYilN1ZP/kZDyFJvellK9q5NlXKQ11yQOrYLZQ7iVFx/+OXzYF
jss0rEQBcVD/gdAVwW+4RATmO9lfldGNmQYsQbJI4GmcClt0WsPHJkHgYAcBZzVC
1YS7sj8bwPGN6dRlV4joxkxOnMffhxlJLMMphDQms1pdHJ/VI3+yQF0O/sRd6gI1
luY+mfgrCCSWqzII9pxAJlBMW2sugGs/OH+Eenqbp9Ms8EbJTN95i+dKXWYsJRi/
GDoNcysGXF2B3K/KpJTbgtViq054Lx5ACzoZJAazhIwzauEH1ORXfg==
-----END CERTIFICATE-----