Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/KR2Dw_S4d899CEy1MMSp42_PetA.cer
File:                     KR2Dw_S4d899CEy1MMSp42_PetA.cer (raw, json)
Hash identifier:          3WahozNh8gWaZ4qLSFeowRyweA2irIEocoKUXmoLv/Q=
Subject key identifier:   29:1D:83:C3:F4:B8:77:CF:7D:08:4C:B5:30:C4:A9:E3:6F:CF:7A:D0
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5001CE62A41649229D66A4DA1090395
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/KR2Dw_S4d899CEy1MMSp42_PetA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:29:28 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.213.3.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:1c:e6:2a:41:64:92:29:d6:6a:4d:a1:09:03:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=291d83c3f4b877cf7d084cb530c4a9e36fcf7ad0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:c0:81:a9:c3:7c:d1:fe:7d:0e:8e:35:e7:3b:
                    cd:b7:ef:ec:3d:0d:cf:71:2b:36:96:cb:e3:73:1a:
                    0a:19:73:27:ba:3c:8d:c6:1c:a8:f6:e3:fa:97:50:
                    0c:16:e7:23:16:04:fb:1c:0a:fd:9a:30:df:15:68:
                    c3:b8:84:9e:66:6e:1c:7e:93:f7:f3:8b:b1:77:b7:
                    dd:8d:8c:69:66:bc:92:f2:e4:eb:ff:c8:75:82:8d:
                    ad:86:df:67:98:c0:b8:8b:66:f8:71:ef:e4:5b:95:
                    f5:28:eb:d2:b2:8a:ad:2d:99:dc:61:2b:87:14:9b:
                    c7:87:73:74:d8:38:e2:f0:7a:82:42:b7:89:30:f6:
                    e6:75:9c:9c:31:af:dd:51:20:f9:a9:e5:76:fa:eb:
                    f4:80:70:4e:97:8e:e2:17:fd:29:30:f1:4a:e6:49:
                    07:bb:b7:cd:b2:44:d0:3f:b0:3c:11:72:78:1b:4f:
                    18:52:b4:67:54:03:1b:b9:b6:3b:1f:6b:2b:c6:81:
                    c4:40:44:dd:e2:74:39:b3:79:a9:95:c6:33:10:5a:
                    3e:e2:2b:59:a1:db:6b:ed:24:fe:e6:cb:eb:0e:61:
                    49:68:4c:b1:4f:37:b0:54:ee:77:44:86:19:22:18:
                    ff:f1:3f:21:44:0e:4a:ab:55:c5:0f:f9:c3:a0:58:
                    fd:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:1D:83:C3:F4:B8:77:CF:7D:08:4C:B5:30:C4:A9:E3:6F:CF:7A:D0
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/KR2Dw_S4d899CEy1MMSp42_PetA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:0b:16:b9:7a:31:6d:81:9a:d9:b4:c4:20:da:5d:f3:a2:43:
         5f:b7:a5:af:f8:14:8b:78:9f:4b:6c:61:25:87:36:e9:37:dc:
         48:68:9a:d6:60:d0:ce:dd:98:76:f2:14:50:95:12:0e:69:1a:
         10:1f:14:20:6c:02:00:2a:9c:28:f4:82:33:48:87:5b:db:3b:
         7e:eb:5c:b0:56:4e:4b:d6:b4:ab:d7:0d:8a:62:3d:1f:cd:df:
         07:9c:21:b2:1c:51:c4:d9:15:16:f5:b7:7a:40:70:72:42:be:
         67:e8:3f:aa:20:60:62:85:e3:73:94:8e:07:ab:ba:89:23:4b:
         5a:a2:59:43:10:bf:f6:6a:a8:cd:97:4c:6f:d4:a6:71:2a:7b:
         b8:7b:48:16:e9:9a:ba:bc:44:66:fd:e6:fa:5b:30:f8:c6:7b:
         e3:95:09:c7:d6:71:a2:55:b7:fc:ef:8d:c4:a8:df:bb:ec:24:
         ad:5f:4e:7e:68:d2:1e:3b:87:7c:b2:e1:a4:1b:c8:39:95:7c:
         fb:cf:d1:66:1a:4b:12:a3:a5:95:6e:02:e5:78:ff:51:1e:1f:
         6a:e8:64:2a:8d:8e:8b:6f:05:77:65:db:83:f0:aa:9d:ad:c0:
         e2:f8:c1:e9:ad:f4:5f:ee:58:4e:99:e3:d7:5b:68:2f:64:b4:
         1f:e0:18:d7
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzFABzmKkFkkinWak2hCQOVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTFkODNjM2Y0Yjg3N2NmN2QwODRjYjUzMGM0YTllMzZmY2Y3YWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysCBqcN80f59Do415zvNt+/sPQ3P
cSs2lsvjcxoKGXMnujyNxhyo9uP6l1AMFucjFgT7HAr9mjDfFWjDuISeZm4cfpP3
84uxd7fdjYxpZryS8uTr/8h1go2tht9nmMC4i2b4ce/kW5X1KOvSsoqtLZncYSuH
FJvHh3N02Dji8HqCQreJMPbmdZycMa/dUSD5qeV2+uv0gHBOl47iF/0pMPFK5kkH
u7fNskTQP7A8EXJ4G08YUrRnVAMbubY7H2srxoHEQETd4nQ5s3mplcYzEFo+4itZ
odtr7ST+5svrDmFJaEyxTzewVO53RIYZIhj/8T8hRA5Kq1XFD/nDoFj9ewIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFCkdg8P0uHfPfQhMtTDEqeNvz3rQMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzllLzU5NDU2
OS02ZjE4LTQ2MGEtYTE5Ni1mZmNkNDc3MzQ5ZmMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWUvNTk0NTY5
LTZmMTgtNDYwYS1hMTk2LWZmY2Q0NzczNDlmYy8xL0tSMkR3X1M0ZDg5OUNFeTFN
TVNwNDJfUGV0QS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9UDMA0GCSqGSIb3DQEBCwUAA4IBAQCoCxa5
ejFtgZrZtMQg2l3zokNft6Wv+BSLeJ9LbGElhzbpN9xIaJrWYNDO3Zh28hRQlRIO
aRoQHxQgbAIAKpwo9IIzSIdb2zt+61ywVk5L1rSr1w2KYj0fzd8HnCGyHFHE2RUW
9bd6QHByQr5n6D+qIGBiheNzlI4Hq7qJI0taollDEL/2aqjNl0xv1KZxKnu4e0gW
6Zq6vERm/eb6WzD4xnvjlQnH1nGiVbf8743EqN+77CStX05+aNIeO4d8suGkG8g5
lXz7z9FmGksSo6WVbgLleP9RHh9q6GQqjY6LbwV3ZduD8KqdrcDi+MHprfRf7lhO
mePXW2gvZLQf4BjX
-----END CERTIFICATE-----