Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Q0llhOXPObVodN6Nx3qjpv-eih4.cer
File:                     Q0llhOXPObVodN6Nx3qjpv-eih4.cer (raw, json)
Hash identifier:          EgcEH8mU9U9RLMuYwRaExwKjKvE+pSQcwJDEbX8ZVoU=
Subject key identifier:   43:49:65:84:E5:CF:39:B5:68:74:DE:8D:C7:7A:A3:A6:FF:9E:8A:1E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8DF7ACE9274F03AED2B329EBE500865
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f7/fbc3a9-0564-4a2c-ab11-e2c9228aac53/1/Q0llhOXPObVodN6Nx3qjpv-eih4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f7/fbc3a9-0564-4a2c-ab11-e2c9228aac53/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 06:32:18 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.1.106.0/24
                          IP: 2001:7f8:c0::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:7a:ce:92:74:f0:3a:ed:2b:32:9e:be:50:08:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:32:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43496584e5cf39b56874de8dc77aa3a6ff9e8a1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ff:0b:48:6a:90:8b:21:81:0b:f7:b9:df:65:
                    27:67:5d:33:68:b4:72:f6:0a:e8:41:20:72:52:05:
                    a5:5c:d9:b8:7b:83:11:8a:d1:bb:80:a0:f9:ec:1f:
                    70:a7:3b:bb:b8:d6:dd:d3:a5:65:7d:a5:e5:b6:7c:
                    3f:86:55:99:51:3a:66:41:67:d2:2a:4e:24:1f:10:
                    7b:d1:62:a5:1e:d6:a5:f9:11:17:35:a4:35:ae:ee:
                    3b:6d:41:1e:78:c9:e5:56:ee:31:81:39:d6:84:50:
                    30:4c:b8:00:66:bb:25:72:b0:09:b3:76:5b:7a:47:
                    8f:34:87:6b:af:b0:4c:83:90:8a:1f:fc:7a:ba:f9:
                    4b:2f:72:3c:0a:fa:41:a4:8b:20:e7:7d:c7:eb:d0:
                    38:f9:16:e2:9d:ca:4e:f2:3a:e4:25:b3:4a:49:d1:
                    7f:0c:1f:9c:76:84:6d:2d:ce:d0:ef:63:93:69:cc:
                    c4:09:13:ad:9b:a7:6b:91:29:9c:98:a1:22:08:07:
                    f5:b7:ac:6a:2d:f3:cd:f8:df:a8:bc:be:af:e6:a2:
                    74:cd:dc:7e:b5:f5:58:52:70:8b:b8:73:4e:ab:eb:
                    4f:fc:24:37:7f:81:e5:b1:b4:92:05:dd:58:43:96:
                    20:ba:a7:ff:f9:1a:8d:10:7d:85:ce:0b:ba:78:46:
                    cd:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:49:65:84:E5:CF:39:B5:68:74:DE:8D:C7:7A:A3:A6:FF:9E:8A:1E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/fbc3a9-0564-4a2c-ab11-e2c9228aac53/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/fbc3a9-0564-4a2c-ab11-e2c9228aac53/1/Q0llhOXPObVodN6Nx3qjpv-eih4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.106.0/24
                IPv6:
                  2001:7f8:c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:16:1c:1d:8a:16:b2:66:36:82:fb:e2:e5:fb:95:d1:0d:05:
         8c:dd:45:0f:de:31:9b:8a:bc:6a:07:36:07:d6:58:4d:5a:f8:
         a8:d0:e2:6e:9f:b2:48:3e:ec:84:86:ad:64:39:92:24:3a:ba:
         13:59:7c:82:11:11:fc:1b:50:1a:a7:53:ca:ed:3c:f5:2f:71:
         30:cc:ec:2d:86:c7:8b:32:7c:38:2c:99:9f:24:b5:9b:d6:dc:
         91:3d:72:37:58:b3:05:40:49:1a:74:08:14:ee:2f:50:db:89:
         50:6d:74:54:74:23:99:6c:ab:01:37:53:01:be:92:d6:61:42:
         e9:b0:d9:3e:dc:a1:9b:20:7c:ad:55:39:11:ae:8f:03:10:de:
         14:9a:3a:5e:e1:68:0b:9e:92:11:55:68:77:90:ff:95:7f:ef:
         3c:9c:54:86:de:7a:c8:d3:31:a0:32:2c:76:0f:40:65:d8:ed:
         40:1d:93:b5:2f:d0:d0:57:fd:7f:75:04:1f:51:ff:72:1d:4a:
         31:e7:1e:59:5c:cb:94:50:50:71:16:e0:7e:72:7e:5b:74:39:
         34:aa:b1:8c:2e:91:a7:a4:48:14:5d:89:d3:77:c1:5c:b4:9a:
         57:b3:00:33:10:f1:c9:de:d0:8d:73:14:96:b2:c7:f0:93:ef:
         b7:9d:c7:52
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgISAYzI33rOknTwOu0rMp6+UAhlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDYzMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzQ5NjU4NGU1Y2YzOWI1Njg3NGRlOGRjNzdhYTNhNmZmOWU4YTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxP8LSGqQiyGBC/e532UnZ10zaLRy
9groQSByUgWlXNm4e4MRitG7gKD57B9wpzu7uNbd06VlfaXltnw/hlWZUTpmQWfS
Kk4kHxB70WKlHtal+REXNaQ1ru47bUEeeMnlVu4xgTnWhFAwTLgAZrslcrAJs3Zb
ekePNIdrr7BMg5CKH/x6uvlLL3I8CvpBpIsg533H69A4+RbincpO8jrkJbNKSdF/
DB+cdoRtLc7Q72OTaczECROtm6drkSmcmKEiCAf1t6xqLfPN+N+ovL6v5qJ0zdx+
tfVYUnCLuHNOq+tP/CQ3f4HlsbSSBd1YQ5Yguqf/+RqNEH2Fzgu6eEbNTQIDAQAB
o4IClTCCApEwHQYDVR0OBBYEFENJZYTlzzm1aHTejcd6o6b/nooeMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y3L2ZiYzNh
OS0wNTY0LTRhMmMtYWIxMS1lMmM5MjI4YWFjNTMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjcvZmJjM2E5
LTA1NjQtNGEyYy1hYjExLWUyYzkyMjhhYWM1My8xL1EwbGxoT1hQT2JWb2RONk54
M3FqcHYtZWloNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUF
BwEHAQH/BCEwHzAMBAIAATAGAwQAuQFqMA8EAgACMAkDBwAgAQf4AMAwDQYJKoZI
hvcNAQELBQADggEBADgWHB2KFrJmNoL74uX7ldENBYzdRQ/eMZuKvGoHNgfWWE1a
+KjQ4m6fskg+7ISGrWQ5kiQ6uhNZfIIREfwbUBqnU8rtPPUvcTDM7C2Gx4syfDgs
mZ8ktZvW3JE9cjdYswVASRp0CBTuL1DbiVBtdFR0I5lsqwE3UwG+ktZhQumw2T7c
oZsgfK1VORGujwMQ3hSaOl7haAuekhFVaHeQ/5V/7zycVIbeesjTMaAyLHYPQGXY
7UAdk7Uv0NBX/X91BB9R/3IdSjHnHllcy5RQUHEW4H5yflt0OTSqsYwukaekSBRd
idN3wVy0mlezADMQ8cne0I1zFJayx/CT77edx1I=
-----END CERTIFICATE-----