Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/LnOtRfij6-Znq7GWoonWcZvruC0.cer
File:                     LnOtRfij6-Znq7GWoonWcZvruC0.cer (raw, json)
Hash identifier:          b1l3NVzvI+zR22p4/jJBmC82aLLUgHfmtVeul9q1qoo=
Subject key identifier:   2E:73:AD:45:F8:A3:EB:E6:67:AB:B1:96:A2:89:D6:71:9B:EB:B8:2D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC793313E8F983FB1FA221CD02E814524
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8a/9a60cf-9d94-4585-a25b-5e7f95811562/1/LnOtRfij6-Znq7GWoonWcZvruC0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8a/9a60cf-9d94-4585-a25b-5e7f95811562/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:29:21 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 205055
                          IP: 185.231.176.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:31:3e:8f:98:3f:b1:fa:22:1c:d0:2e:81:45:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e73ad45f8a3ebe667abb196a289d6719bebb82d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ee:d8:7f:99:9d:16:2a:a0:52:2b:55:ba:bc:
                    91:b1:83:ed:51:09:aa:d4:b4:43:e2:b8:7d:d3:90:
                    ee:e8:6b:18:a9:2f:54:0b:2c:59:58:ec:57:5b:97:
                    3d:8a:33:35:1b:d5:69:5e:8b:bf:82:01:7c:a3:62:
                    51:2b:0a:01:5f:5c:af:2f:c2:99:54:3a:83:81:7b:
                    c5:5b:ab:cc:24:52:c9:e9:14:c0:bd:52:88:55:f0:
                    54:6b:85:fa:74:9b:90:11:f8:19:5b:11:ae:60:8b:
                    f1:db:e2:b8:cf:6a:5b:a0:70:15:09:4d:21:b0:b8:
                    00:8b:0c:4e:53:3e:43:3f:42:9a:6d:97:d6:f1:a4:
                    5c:97:1d:9d:40:45:7a:e2:64:f8:56:a0:02:62:bb:
                    c9:8d:21:c4:d3:26:b6:e7:6a:60:61:cf:66:ff:54:
                    74:ce:00:02:f0:c6:26:25:96:d0:ed:d8:fd:e1:a2:
                    13:b4:af:05:7c:8f:8b:13:67:ca:a8:ce:fc:ba:b2:
                    c4:fd:53:e0:e2:22:de:5a:7a:33:0d:2e:ac:a4:bb:
                    41:59:d0:cf:ad:1b:43:9d:10:5e:44:ff:8c:83:42:
                    f2:c8:1e:70:c1:04:12:81:e8:ed:58:95:5d:db:30:
                    7c:05:1d:30:24:35:b6:6c:3e:db:b1:aa:62:79:73:
                    91:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:73:AD:45:F8:A3:EB:E6:67:AB:B1:96:A2:89:D6:71:9B:EB:B8:2D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/9a60cf-9d94-4585-a25b-5e7f95811562/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/9a60cf-9d94-4585-a25b-5e7f95811562/1/LnOtRfij6-Znq7GWoonWcZvruC0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.176.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  205055

    Signature Algorithm: sha256WithRSAEncryption
         a3:08:ff:29:52:7e:b0:9b:41:ce:0c:8c:65:e5:89:68:1a:a6:
         a7:19:aa:b1:e0:24:f9:f1:8e:35:8e:67:68:4d:c5:21:ce:5b:
         df:29:12:6d:ae:ad:00:6d:05:07:8f:4d:1c:31:88:d6:20:a1:
         80:d2:64:97:5f:46:77:f9:e6:1d:f2:a0:32:a4:35:0d:da:2d:
         7c:ea:2b:50:4a:06:11:1a:61:32:a6:c6:4f:ba:89:6f:d7:fb:
         bc:18:50:3e:81:55:17:1f:fd:db:5b:8a:6c:b3:93:e6:82:99:
         9f:8b:3a:d5:1f:eb:9a:ef:7f:05:d7:2c:d3:1d:e1:b9:29:17:
         5c:45:76:25:e3:f6:c2:ab:94:13:bd:2f:f9:9d:1b:25:5e:28:
         be:85:33:71:c6:7a:59:2e:a9:f6:81:4e:3b:8d:b9:5d:7e:d7:
         f9:3a:8c:e9:44:d6:00:80:43:ef:d3:c0:e6:c6:e8:ff:83:33:
         bd:6f:c0:8b:55:2f:51:26:8a:ca:ce:87:94:1f:91:de:57:5a:
         3c:e5:23:52:b6:af:20:6b:43:d4:b6:32:9b:92:63:ea:e2:c0:
         29:b4:a6:31:45:74:a9:a8:62:0d:8f:12:3f:8d:59:cf:14:c8:
         86:ce:79:88:24:33:d2:e5:16:0f:1d:cb:56:70:dd:69:b3:3b:
         10:d9:22:d6
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzHkzE+j5g/sfoiHNAugUUkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTczYWQ0NWY4YTNlYmU2NjdhYmIxOTZhMjg5ZDY3MTliZWJiODJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwO7Yf5mdFiqgUitVuryRsYPtUQmq
1LRD4rh905Du6GsYqS9UCyxZWOxXW5c9ijM1G9VpXou/ggF8o2JRKwoBX1yvL8KZ
VDqDgXvFW6vMJFLJ6RTAvVKIVfBUa4X6dJuQEfgZWxGuYIvx2+K4z2pboHAVCU0h
sLgAiwxOUz5DP0KabZfW8aRclx2dQEV64mT4VqACYrvJjSHE0ya252pgYc9m/1R0
zgAC8MYmJZbQ7dj94aITtK8FfI+LE2fKqM78urLE/VPg4iLeWnozDS6spLtBWdDP
rRtDnRBeRP+Mg0LyyB5wwQQSgejtWJVd2zB8BR0wJDW2bD7bsapieXORSQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFC5zrUX4o+vmZ6uxlqKJ1nGb67gtMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhhLzlhNjBj
Zi05ZDk0LTQ1ODUtYTI1Yi01ZTdmOTU4MTE1NjIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGEvOWE2MGNm
LTlkOTQtNDU4NS1hMjViLTVlN2Y5NTgxMTU2Mi8xL0xuT3RSZmlqNi1abnE3R1dv
b25XY1p2cnVDMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCueewMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMg/zANBgkqhkiG9w0BAQsFAAOCAQEAowj/KVJ+sJtBzgyMZeWJaBqmpxmqseAk
+fGONY5naE3FIc5b3ykSba6tAG0FB49NHDGI1iChgNJkl19Gd/nmHfKgMqQ1Ddot
fOorUEoGERphMqbGT7qJb9f7vBhQPoFVFx/921uKbLOT5oKZn4s61R/rmu9/Bdcs
0x3huSkXXEV2JeP2wquUE70v+Z0bJV4ovoUzccZ6WS6p9oFOO425XX7X+TqM6UTW
AIBD79PA5sbo/4MzvW/Ai1UvUSaKys6HlB+R3ldaPOUjUravIGtD1LYym5Jj6uLA
KbSmMUV0qahiDY8SP41ZzxTIhs55iCQz0uUWDx3LVnDdabM7ENki1g==
-----END CERTIFICATE-----