Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/P4_xyWZv4ZXySqH-jDRdecSOe8A.cer
File:                     P4_xyWZv4ZXySqH-jDRdecSOe8A.cer (raw, json)
Hash identifier:          Z0BkVt98v3MrKcbs3Vx4Ms+JSYt8+eQTHiCMZIWP494=
Subject key identifier:   3F:8F:F1:C9:66:6F:E1:95:F2:4A:A1:FE:8C:34:5D:79:C4:8E:7B:C0
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC500800BA6CE207755B3E7118B335F41
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e7/572ebf-18bb-4c38-a994-fbd361cb8193/1/P4_xyWZv4ZXySqH-jDRdecSOe8A.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e7/572ebf-18bb-4c38-a994-fbd361cb8193/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:29:53 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 57312
                          IP: 91.231.112.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:80:0b:a6:ce:20:77:55:b3:e7:11:8b:33:5f:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f8ff1c9666fe195f24aa1fe8c345d79c48e7bc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:7c:c6:3a:1d:92:5d:24:a3:6f:6a:40:5e:16:
                    69:4b:07:19:63:a2:0f:d3:e7:8e:63:74:0d:77:58:
                    27:02:01:38:99:81:bc:e2:0a:f3:b2:78:5b:7d:fa:
                    54:84:ff:55:4f:31:6b:c1:0a:ef:a4:a1:4d:30:5c:
                    da:15:24:52:5d:5b:79:64:97:66:1d:5c:c9:4d:4d:
                    9f:e5:f3:08:9b:62:f6:92:cc:d2:10:25:60:1d:7f:
                    4b:2a:3e:5b:47:a8:08:91:eb:6c:76:f5:f4:b4:76:
                    df:b2:7b:73:14:ac:d1:15:f3:f9:69:49:f9:fd:44:
                    e8:a5:0f:2e:e2:a5:2e:75:9f:77:82:4d:d0:77:75:
                    4d:06:dd:d0:9b:a0:61:63:1a:0c:27:a2:5c:95:20:
                    fe:0c:26:7d:2a:f6:97:49:55:74:59:b4:dc:a9:47:
                    2e:72:53:38:b2:70:ea:50:d6:c0:96:7a:7a:af:07:
                    62:87:0e:30:02:e1:6f:58:aa:0e:56:8b:3d:06:b8:
                    6e:97:cb:db:f3:3a:49:a0:f4:f5:5f:46:65:62:3a:
                    f6:ae:66:eb:3e:f6:c2:83:6f:dc:25:98:d8:dd:8d:
                    3d:55:af:8f:09:80:49:ce:58:f3:93:6c:8b:e1:95:
                    18:50:93:92:92:dd:7d:3b:06:40:b6:77:e7:a7:4a:
                    32:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:8F:F1:C9:66:6F:E1:95:F2:4A:A1:FE:8C:34:5D:79:C4:8E:7B:C0
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/572ebf-18bb-4c38-a994-fbd361cb8193/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/572ebf-18bb-4c38-a994-fbd361cb8193/1/P4_xyWZv4ZXySqH-jDRdecSOe8A.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.112.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  57312

    Signature Algorithm: sha256WithRSAEncryption
         00:39:7b:79:3f:7e:26:30:9d:78:f7:84:35:0c:b9:87:a6:28:
         68:16:b6:25:89:9a:bd:d1:77:ec:0c:78:0c:91:59:17:70:c6:
         01:4c:b5:b5:d2:4b:c8:ce:91:ac:e6:4e:b2:13:09:89:9b:fa:
         f0:63:1c:df:1d:d2:91:f7:c0:bb:3d:7c:4d:f0:c5:14:d4:c5:
         f3:21:cf:23:8e:be:1f:3b:a0:54:87:8a:6b:f2:b0:a2:7a:da:
         b5:2c:4f:1c:62:62:a1:92:80:35:06:9d:4d:52:61:b2:35:76:
         c2:86:4f:e1:37:69:95:f6:ce:4e:6f:55:be:23:51:44:98:6d:
         51:51:b0:db:af:bd:33:4f:87:34:60:71:13:db:46:ea:16:75:
         0a:de:03:eb:c0:13:5e:c7:d1:00:75:5a:3f:71:a5:e8:6e:a1:
         e3:50:06:ce:e7:38:5a:bc:15:1d:1c:e1:09:33:c6:21:d0:2c:
         e1:8f:24:47:fd:df:96:1d:bf:d1:8d:06:e8:99:c2:59:4f:1c:
         0e:a5:d4:e1:d6:50:cd:ca:f2:21:1b:65:3f:af:ba:5c:08:be:
         46:27:71:61:ff:23:a7:55:2f:48:53:8e:01:14:bf:0e:6a:05:
         7e:f8:ed:af:56:c7:34:d5:59:ce:3e:a8:4a:49:24:07:97:5a:
         e9:e4:d2:4e
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzFAIALps4gd1Wz5xGLM19BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjhmZjFjOTY2NmZlMTk1ZjI0YWExZmU4YzM0NWQ3OWM0OGU3YmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXzGOh2SXSSjb2pAXhZpSwcZY6IP
0+eOY3QNd1gnAgE4mYG84grzsnhbffpUhP9VTzFrwQrvpKFNMFzaFSRSXVt5ZJdm
HVzJTU2f5fMIm2L2kszSECVgHX9LKj5bR6gIketsdvX0tHbfsntzFKzRFfP5aUn5
/UTopQ8u4qUudZ93gk3Qd3VNBt3Qm6BhYxoMJ6JclSD+DCZ9KvaXSVV0WbTcqUcu
clM4snDqUNbAlnp6rwdihw4wAuFvWKoOVos9Brhul8vb8zpJoPT1X0ZlYjr2rmbr
PvbCg2/cJZjY3Y09Va+PCYBJzljzk2yL4ZUYUJOSkt19OwZAtnfnp0oy+QIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFD+P8clmb+GV8kqh/ow0XXnEjnvAMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U3LzU3MmVi
Zi0xOGJiLTRjMzgtYTk5NC1mYmQzNjFjYjgxOTMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTcvNTcyZWJm
LTE4YmItNGMzOC1hOTk0LWZiZDM2MWNiODE5My8xL1A0X3h5V1p2NFpYeVNxSC1q
RFJkZWNTT2U4QS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBW+dwMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDf4DANBgkqhkiG9w0BAQsFAAOCAQEAADl7eT9+JjCdePeENQy5h6YoaBa2JYma
vdF37Ax4DJFZF3DGAUy1tdJLyM6RrOZOshMJiZv68GMc3x3SkffAuz18TfDFFNTF
8yHPI46+HzugVIeKa/KwonratSxPHGJioZKANQadTVJhsjV2woZP4TdplfbOTm9V
viNRRJhtUVGw26+9M0+HNGBxE9tG6hZ1Ct4D68ATXsfRAHVaP3Gl6G6h41AGzuc4
WrwVHRzhCTPGIdAs4Y8kR/3flh2/0Y0G6JnCWU8cDqXU4dZQzcryIRtlP6+6XAi+
RidxYf8jp1UvSFOOARS/DmoFfvjtr1bHNNVZzj6oSkkkB5da6eTSTg==
-----END CERTIFICATE-----