Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/KqF-1AdDLEGLHJ6vYf0cocv_anQ.cer
File:                     KqF-1AdDLEGLHJ6vYf0cocv_anQ.cer (raw, json)
Hash identifier:          U09KKrj+TJrpyFlaHQ40OTiG91KuZyPVyuv4KwfY/bY=
Subject key identifier:   2A:A1:7E:D4:07:43:2C:41:8B:1C:9E:AF:61:FD:1C:A1:CB:FF:6A:74
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B704B3088B724684772666108487DE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/96/54d437-a277-41bd-988f-950f0a0101a9/1/KqF-1AdDLEGLHJ6vYf0cocv_anQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/96/54d437-a277-41bd-988f-950f0a0101a9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:30:00 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 194.124.145.0 -- 194.124.147.255

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:04:b3:08:8b:72:46:84:77:26:66:10:84:87:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2aa17ed407432c418b1c9eaf61fd1ca1cbff6a74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c1:63:84:77:00:ed:b8:ba:09:71:21:bd:e8:
                    e1:9c:c9:b2:c6:44:db:c8:d5:bf:63:2f:0d:4a:4f:
                    b0:f6:2b:46:c8:3a:f6:5f:4d:2c:09:fa:4d:60:84:
                    99:a1:b4:89:1b:d1:f6:f4:fc:bc:76:05:f2:06:b3:
                    3e:39:1f:0a:cf:d8:39:6a:42:57:61:76:12:59:b4:
                    be:9d:17:6a:df:15:5e:4b:31:6e:c4:0c:6a:67:57:
                    c1:11:99:f9:e3:1c:98:5b:69:e1:78:7e:f8:9f:e0:
                    6a:97:f7:2b:70:19:0f:9f:a2:a7:91:8a:bc:9c:8e:
                    f3:b0:78:83:17:a2:45:00:a8:94:bd:54:c7:b8:88:
                    49:2e:9e:8a:6b:c1:ba:c2:f5:83:aa:b5:af:31:2f:
                    3d:36:c8:52:8e:90:80:6b:9a:87:44:fd:fd:1f:f5:
                    8a:10:97:11:18:92:cd:bc:ac:cf:db:07:4d:47:3e:
                    c4:47:e3:f9:fe:e5:08:b7:a2:59:7d:1d:0b:d2:c7:
                    dc:89:5b:92:fb:14:19:27:5e:37:03:e2:84:63:91:
                    80:e7:d7:aa:e1:a5:04:d4:4e:7a:9b:92:42:d5:b0:
                    a8:33:44:da:ec:b8:f7:83:e5:c2:5c:9c:90:65:72:
                    c7:e6:02:dd:64:3e:db:64:c3:6e:79:5b:2c:d5:30:
                    40:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:A1:7E:D4:07:43:2C:41:8B:1C:9E:AF:61:FD:1C:A1:CB:FF:6A:74
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/54d437-a277-41bd-988f-950f0a0101a9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/54d437-a277-41bd-988f-950f0a0101a9/1/KqF-1AdDLEGLHJ6vYf0cocv_anQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.124.145.0-194.124.147.255

    Signature Algorithm: sha256WithRSAEncryption
         17:96:c7:b1:66:85:18:3f:11:a8:06:e7:c3:c2:e2:fb:84:96:
         cb:91:48:b1:bd:97:b5:7e:d6:0f:41:18:ef:4e:4f:fe:34:12:
         fc:bd:3b:4c:73:66:6a:4f:e0:a3:25:ec:6c:aa:1e:17:b2:8c:
         9d:b8:cf:a8:c2:08:2f:ee:6c:3a:eb:30:ce:6c:3e:e2:a2:e3:
         90:70:7a:d4:13:62:bd:43:82:c6:47:b1:bd:f6:89:52:e1:15:
         52:7c:a5:75:33:8e:c6:58:e6:e0:ad:22:8f:27:c8:b6:14:bd:
         73:37:17:f6:cf:0a:cb:2a:8c:b6:a7:8c:70:17:01:19:d2:1a:
         e1:05:ae:d7:9a:b7:30:ac:25:b6:47:ad:1a:5a:75:9c:b2:9b:
         5d:85:38:b9:57:f3:d2:8b:be:3e:d2:b4:a5:df:49:32:17:ff:
         0e:1e:18:95:dd:ee:81:42:31:d6:b5:b7:78:04:a9:55:40:03:
         e2:f5:81:e5:3d:3f:e6:b9:30:7b:cc:ba:94:5d:9b:0a:36:8f:
         63:56:d0:7b:3c:02:f8:46:84:9f:a3:80:cb:34:1e:6e:79:c9:
         15:15:7e:03:37:4c:41:b6:e9:05:4e:f4:84:c5:9a:30:5f:3b:
         9a:af:bb:b7:e4:ce:bc:9b:a6:ed:7a:3b:b1:32:10:13:3f:7a:
         76:e6:1e:a2
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgISAYzDtwSzCItyRoR3JmYQhIfeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWExN2VkNDA3NDMyYzQxOGIxYzllYWY2MWZkMWNhMWNiZmY2YTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8FjhHcA7bi6CXEhvejhnMmyxkTb
yNW/Yy8NSk+w9itGyDr2X00sCfpNYISZobSJG9H29Py8dgXyBrM+OR8Kz9g5akJX
YXYSWbS+nRdq3xVeSzFuxAxqZ1fBEZn54xyYW2nheH74n+Bql/crcBkPn6KnkYq8
nI7zsHiDF6JFAKiUvVTHuIhJLp6Ka8G6wvWDqrWvMS89NshSjpCAa5qHRP39H/WK
EJcRGJLNvKzP2wdNRz7ER+P5/uUIt6JZfR0L0sfciVuS+xQZJ143A+KEY5GA59eq
4aUE1E56m5JC1bCoM0Ta7Lj3g+XCXJyQZXLH5gLdZD7bZMNueVss1TBAFwIDAQAB
o4ICjDCCAogwHQYDVR0OBBYEFCqhftQHQyxBixyer2H9HKHL/2p0MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk2LzU0ZDQz
Ny1hMjc3LTQxYmQtOTg4Zi05NTBmMGEwMTAxYTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTYvNTRkNDM3
LWEyNzctNDFiZC05ODhmLTk1MGYwYTAxMDFhOS8xL0txRi0xQWRETEVHTEhKNnZZ
ZjBjb2N2X2FuUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCcGCCsGAQUF
BwEHAQH/BBgwFjAUBAIAATAOMAwDBADCfJEDBALCfJAwDQYJKoZIhvcNAQELBQAD
ggEBABeWx7FmhRg/EagG58PC4vuElsuRSLG9l7V+1g9BGO9OT/40Evy9O0xzZmpP
4KMl7GyqHheyjJ24z6jCCC/ubDrrMM5sPuKi45BwetQTYr1DgsZHsb32iVLhFVJ8
pXUzjsZY5uCtIo8nyLYUvXM3F/bPCssqjLanjHAXARnSGuEFrteatzCsJbZHrRpa
dZyym12FOLlX89KLvj7StKXfSTIX/w4eGJXd7oFCMda1t3gEqVVAA+L1geU9P+a5
MHvMupRdmwo2j2NW0Hs8AvhGhJ+jgMs0Hm55yRUVfgM3TEG26QVO9ITFmjBfO5qv
u7fkzrybpu16O7EyEBM/enbmHqI=
-----END CERTIFICATE-----