Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Q2T-c0GbyG1fLnK0FLa01DedW_U.cer
File:                     Q2T-c0GbyG1fLnK0FLa01DedW_U.cer (raw, json)
Hash identifier:          K+Rz9Mrr+DGeTOh56Ek0G7rHB7BsBLPQUCdB6I2WMMk=
Subject key identifier:   43:64:FE:73:41:9B:C8:6D:5F:2E:72:B4:14:B6:B4:D4:37:9D:5B:F5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0191FF4856911A1D8286DEBAA2A2E4BB92FB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e7/0b1815-53d7-456d-9fb4-670308d1ec9d/1/Q2T-c0GbyG1fLnK0FLa01DedW_U.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e7/0b1815-53d7-456d-9fb4-670308d1ec9d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 17 Sep 2024 09:20:16 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.172.108.0/22
                          IP: 2a09:4c00::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:ff:48:56:91:1a:1d:82:86:de:ba:a2:a2:e4:bb:92:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Sep 17 09:20:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4364fe73419bc86d5f2e72b414b6b4d4379d5bf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b0:5d:c4:cd:50:b8:97:7d:bc:43:6b:de:75:
                    d6:55:ca:31:1f:ee:e3:8f:81:e4:94:ad:51:90:07:
                    d4:e0:a4:2b:40:06:40:4c:04:e8:30:b3:24:cd:c5:
                    cd:e5:da:18:49:34:93:fa:df:67:f2:96:68:52:ab:
                    c1:0c:21:57:ee:2b:31:d0:55:ba:05:3a:1d:dd:1a:
                    81:bc:e6:d6:fc:7a:2d:f3:e3:20:2c:fc:bf:a0:c9:
                    7a:8d:5b:58:ac:1f:d8:76:5d:45:aa:aa:68:3d:90:
                    91:43:67:0c:56:28:50:ab:87:c3:d6:da:26:1c:8a:
                    47:8a:79:9b:e8:56:fa:88:66:97:dc:0d:6f:61:45:
                    41:9d:58:8a:54:09:33:93:bb:ad:14:69:7b:58:ff:
                    70:67:a9:3d:b9:0e:e9:fe:28:47:d7:43:35:eb:da:
                    eb:14:8a:fc:7a:7a:5b:38:cc:4c:60:15:83:8b:a3:
                    61:a2:87:6e:f8:ba:0b:ae:23:bc:41:15:f8:2f:8f:
                    7b:fb:9a:57:0b:4a:d5:0f:49:b7:86:e1:67:89:43:
                    89:71:c9:68:cd:d3:22:72:36:69:c1:26:6a:8c:8f:
                    67:5c:79:7e:32:10:d7:10:62:8b:8e:c5:02:e0:5a:
                    a7:fc:22:da:fd:0d:0b:2c:6a:f4:54:aa:93:f6:18:
                    4f:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:64:FE:73:41:9B:C8:6D:5F:2E:72:B4:14:B6:B4:D4:37:9D:5B:F5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/0b1815-53d7-456d-9fb4-670308d1ec9d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/0b1815-53d7-456d-9fb4-670308d1ec9d/1/Q2T-c0GbyG1fLnK0FLa01DedW_U.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.108.0/22
                IPv6:
                  2a09:4c00::/29

    Signature Algorithm: sha256WithRSAEncryption
         4b:02:b5:43:32:60:e7:0f:28:f8:99:f5:a1:ef:f2:a8:38:72:
         8e:82:f0:6b:0c:8b:91:08:49:a8:a2:cd:c3:f9:11:1b:f9:81:
         da:06:81:b7:52:1c:61:fe:1f:05:95:02:77:e4:d8:9a:46:1d:
         18:73:79:47:43:79:c8:5f:ba:a8:bc:0a:7d:d1:91:ba:70:82:
         d4:d8:15:e1:40:44:c4:7a:84:d2:14:be:db:93:d8:a1:8a:f7:
         d4:0a:7a:38:47:b8:21:bc:9e:40:6b:72:59:34:5b:88:79:fd:
         4c:82:15:1d:4b:fd:27:ce:af:ca:5a:80:58:00:e1:63:d8:85:
         93:40:48:f8:bf:a7:ad:ed:a4:c8:e4:9a:08:82:87:5f:df:66:
         60:a7:19:ec:4a:15:be:85:15:f8:24:9c:a7:a3:08:3a:8b:e4:
         46:7f:b4:dd:79:c4:5e:1c:5e:78:33:d3:50:ae:9a:a9:4c:da:
         41:f8:48:df:69:b1:46:4a:7e:f1:cd:6b:46:0f:df:bd:76:94:
         9e:ac:06:65:1b:22:47:8d:dd:79:20:9e:32:36:4c:b0:ec:bd:
         2d:da:0d:c1:14:99:5a:ff:e1:2d:f8:dd:76:39:e9:70:c4:b4:
         fd:a4:fb:a1:c4:f7:6a:15:ab:3e:35:cb:c0:6f:89:d5:4c:39:
         e7:c6:a9:a9
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZH/SFaRGh2Cht66oqLku5L7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwOTE3MDkyMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzY0ZmU3MzQxOWJjODZkNWYyZTcyYjQxNGI2YjRkNDM3OWQ1YmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLBdxM1QuJd9vENr3nXWVcoxH+7j
j4HklK1RkAfU4KQrQAZATAToMLMkzcXN5doYSTST+t9n8pZoUqvBDCFX7isx0FW6
BTod3RqBvObW/Hot8+MgLPy/oMl6jVtYrB/Ydl1FqqpoPZCRQ2cMVihQq4fD1tom
HIpHinmb6Fb6iGaX3A1vYUVBnViKVAkzk7utFGl7WP9wZ6k9uQ7p/ihH10M169rr
FIr8enpbOMxMYBWDi6Nhoodu+LoLriO8QRX4L497+5pXC0rVD0m3huFniUOJcclo
zdMicjZpwSZqjI9nXHl+MhDXEGKLjsUC4Fqn/CLa/Q0LLGr0VKqT9hhPtwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFENk/nNBm8htXy5ytBS2tNQ3nVv1MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U3LzBiMTgx
NS01M2Q3LTQ1NmQtOWZiNC02NzAzMDhkMWVjOWQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTcvMGIxODE1
LTUzZDctNDU2ZC05ZmI0LTY3MDMwOGQxZWM5ZC8xL1EyVC1jMEdieUcxZkxuSzBG
TGEwMURlZFdfVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuaxsMA0EAgACMAcDBQMqCUwAMA0GCSqGSIb3
DQEBCwUAA4IBAQBLArVDMmDnDyj4mfWh7/KoOHKOgvBrDIuRCEmoos3D+REb+YHa
BoG3Uhxh/h8FlQJ35NiaRh0Yc3lHQ3nIX7qovAp90ZG6cILU2BXhQETEeoTSFL7b
k9ihivfUCno4R7ghvJ5Aa3JZNFuIef1MghUdS/0nzq/KWoBYAOFj2IWTQEj4v6et
7aTI5JoIgodf32ZgpxnsShW+hRX4JJynowg6i+RGf7TdecReHF54M9NQrpqpTNpB
+EjfabFGSn7xzWtGD9+9dpSerAZlGyJHjd15IJ4yNkyw7L0t2g3BFJla/+Et+N12
OelwxLT9pPuhxPdqFas+NcvAb4nVTDnnxqmp
-----END CERTIFICATE-----