Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/MNZrZqOYLSCoHvIB3HVe0zU7FqQ.cer
File:                     MNZrZqOYLSCoHvIB3HVe0zU7FqQ.cer (raw, json)
Hash identifier:          llRCnW2yKHtCkzN7lveUNjIKv2P6KMYtJW1YJDLE+24=
Subject key identifier:   30:D6:6B:66:A3:98:2D:20:A8:1E:F2:01:DC:75:5E:D3:35:3B:16:A4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5005AA1EAA7AB7F47975C049E40E282
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/44/88e482-8277-4280-9f5b-8144b140edf9/1/MNZrZqOYLSCoHvIB3HVe0zU7FqQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/44/88e482-8277-4280-9f5b-8144b140edf9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:29:43 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 197770
                          IP: 194.9.58.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:5a:a1:ea:a7:ab:7f:47:97:5c:04:9e:40:e2:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30d66b66a3982d20a81ef201dc755ed3353b16a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:68:cd:35:a9:19:62:28:8e:34:b5:48:b4:03:
                    ff:f8:01:3d:c6:a7:73:f3:ed:c7:d9:69:32:ef:77:
                    b6:9c:e2:a1:14:b0:af:a4:4f:fb:57:d0:d8:03:0c:
                    9c:8e:5b:7c:70:f7:c9:c2:fb:10:04:01:9b:e3:d6:
                    67:8f:0a:1b:13:be:21:e8:91:6c:12:34:ba:32:a2:
                    64:37:20:60:90:73:b6:55:3b:f6:06:4d:72:1c:23:
                    04:23:1c:24:62:87:af:ff:52:de:49:5f:4c:09:e2:
                    63:03:1e:2e:46:00:b4:97:c4:c8:c7:87:ee:b7:9b:
                    6a:d0:0d:f2:02:d3:df:92:64:93:1a:11:71:bb:d1:
                    c6:3d:2c:30:c7:e4:b9:42:10:6b:2d:20:bc:44:27:
                    e3:c4:8c:86:18:84:94:c1:96:be:b1:80:be:ec:13:
                    fd:e7:2a:d1:fa:f9:0c:38:20:6d:84:57:7c:c5:ee:
                    fd:89:8a:77:86:a9:4c:99:d6:63:e1:67:77:d3:2e:
                    1f:98:31:cf:3f:44:8f:f0:44:75:43:cc:fc:2f:b2:
                    71:07:cc:41:c2:e3:0c:e6:e6:05:79:7b:dc:0d:bd:
                    46:a3:33:fe:0f:2e:3f:8c:da:78:b2:7e:61:ec:5a:
                    3e:e2:10:40:25:17:f3:fe:00:18:fd:7a:e6:21:11:
                    cf:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:D6:6B:66:A3:98:2D:20:A8:1E:F2:01:DC:75:5E:D3:35:3B:16:A4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/88e482-8277-4280-9f5b-8144b140edf9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/88e482-8277-4280-9f5b-8144b140edf9/1/MNZrZqOYLSCoHvIB3HVe0zU7FqQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.58.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  197770

    Signature Algorithm: sha256WithRSAEncryption
         49:b0:26:ae:af:11:7e:ec:2c:e9:cb:51:33:cc:01:6d:70:ad:
         7c:d8:c0:47:e3:11:85:d2:4a:14:b2:4e:33:19:db:5b:0e:7e:
         2d:74:35:99:7a:8f:d4:60:7e:8d:e3:47:96:00:63:01:a6:68:
         11:b8:28:5b:79:28:18:b8:47:8d:b9:c4:e3:73:60:47:cb:cd:
         02:ed:e8:87:c6:81:fc:38:a8:1f:cb:68:ad:00:db:37:da:92:
         5b:d1:af:fb:3b:68:e1:88:aa:9d:df:d2:30:a8:61:a3:6a:4c:
         70:fd:fe:02:4d:c5:cf:70:dc:67:27:aa:35:d0:12:3d:79:ab:
         a0:38:ea:eb:4a:48:ce:88:3e:63:98:1a:6d:d4:6d:74:13:7f:
         b5:1a:70:36:45:1d:1d:9f:04:c5:99:3a:61:ec:a4:fe:0c:37:
         4b:37:fd:a7:88:94:d2:1b:51:cf:fc:06:4a:4e:8d:31:f9:04:
         d5:78:10:8f:92:93:53:4d:a4:5f:20:cf:8f:f0:bd:1e:94:fd:
         22:8a:e1:44:4a:be:a6:98:01:4c:17:84:08:71:af:95:13:8f:
         ef:e5:2a:33:cb:32:4c:c5:ad:f0:48:f2:f4:43:9d:c2:dc:15:
         40:fb:5b:bb:93:d9:10:cf:19:87:91:69:ed:9d:6c:73:16:d9:
         72:90:0a:1a
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzFAFqh6qerf0eXXASeQOKCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGQ2NmI2NmEzOTgyZDIwYTgxZWYyMDFkYzc1NWVkMzM1M2IxNmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2jNNakZYiiONLVItAP/+AE9xqdz
8+3H2Wky73e2nOKhFLCvpE/7V9DYAwycjlt8cPfJwvsQBAGb49ZnjwobE74h6JFs
EjS6MqJkNyBgkHO2VTv2Bk1yHCMEIxwkYoev/1LeSV9MCeJjAx4uRgC0l8TIx4fu
t5tq0A3yAtPfkmSTGhFxu9HGPSwwx+S5QhBrLSC8RCfjxIyGGISUwZa+sYC+7BP9
5yrR+vkMOCBthFd8xe79iYp3hqlMmdZj4Wd30y4fmDHPP0SP8ER1Q8z8L7JxB8xB
wuMM5uYFeXvcDb1GozP+Dy4/jNp4sn5h7Fo+4hBAJRfz/gAY/XrmIRHPyQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFDDWa2ajmC0gqB7yAdx1XtM1OxakMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ0Lzg4ZTQ4
Mi04Mjc3LTQyODAtOWY1Yi04MTQ0YjE0MGVkZjkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDQvODhlNDgy
LTgyNzctNDI4MC05ZjViLTgxNDRiMTQwZWRmOS8xL01OWnJacU9ZTFNDb0h2SUIz
SFZlMHpVN0ZxUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBwgk6MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMEijANBgkqhkiG9w0BAQsFAAOCAQEASbAmrq8Rfuws6ctRM8wBbXCtfNjAR+MR
hdJKFLJOMxnbWw5+LXQ1mXqP1GB+jeNHlgBjAaZoEbgoW3koGLhHjbnE43NgR8vN
Au3oh8aB/DioH8torQDbN9qSW9Gv+zto4Yiqnd/SMKhho2pMcP3+Ak3Fz3DcZyeq
NdASPXmroDjq60pIzog+Y5gabdRtdBN/tRpwNkUdHZ8ExZk6Yeyk/gw3Szf9p4iU
0htRz/wGSk6NMfkE1XgQj5KTU02kXyDPj/C9HpT9IorhREq+ppgBTBeECHGvlROP
7+UqM8syTMWt8Ejy9EOdwtwVQPtbu5PZEM8Zh5Fp7Z1scxbZcpAKGg==
-----END CERTIFICATE-----