Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/QA3igTHHO19TIPUdrmwb1Hq4L5I.cer
File:                     QA3igTHHO19TIPUdrmwb1Hq4L5I.cer (raw, json)
Hash identifier:          7jwHn7KSNOiS1OF/4S317Y91+dFRlD7bMsDNZdR1OEU=
Subject key identifier:   40:0D:E2:81:31:C7:3B:5F:53:20:F5:1D:AE:6C:1B:D4:7A:B8:2F:92
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0192770B915CB85016465D85BD03956A7F47
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/99/e797f2-f272-4663-b145-bc6a1b21fd5e/1/QA3igTHHO19TIPUdrmwb1Hq4L5I.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/99/e797f2-f272-4663-b145-bc6a1b21fd5e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 10 Oct 2024 15:28:19 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.197.243.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:77:0b:91:5c:b8:50:16:46:5d:85:bd:03:95:6a:7f:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Oct 10 15:28:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=400de28131c73b5f5320f51dae6c1bd47ab82f92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e6:94:a2:52:29:d1:99:89:8f:24:58:e4:a5:
                    a3:07:aa:4c:40:a9:88:35:51:c3:23:75:47:80:ad:
                    39:68:8f:dc:80:5c:05:46:77:63:9f:26:8f:26:25:
                    3d:75:9b:fa:1e:fb:98:c2:35:3f:f7:88:54:c7:37:
                    c7:c4:03:36:9e:6b:65:83:6a:54:22:03:d7:88:4c:
                    96:79:09:fe:57:28:b3:80:80:a6:17:fa:5a:b9:a3:
                    76:e0:16:0f:bb:c6:d4:05:aa:a5:04:36:ca:a0:96:
                    3b:d8:13:00:30:17:b0:06:dd:9a:ab:59:57:34:82:
                    3d:81:f7:a2:32:83:b3:e2:0f:13:a0:59:f3:bd:64:
                    12:26:1c:aa:ea:7c:bf:79:1d:c3:d5:4a:ac:39:61:
                    49:61:6f:29:49:e7:35:a2:b1:16:4a:c6:5e:59:9f:
                    b6:8e:6e:53:b2:6e:e2:87:75:22:cb:41:8c:55:ce:
                    fc:42:81:91:e9:83:d5:59:24:5a:ae:31:c3:4c:99:
                    96:38:19:39:62:37:69:76:ef:39:0a:f5:c4:be:7e:
                    31:aa:a6:78:f5:d8:49:28:0c:d8:81:c8:74:c0:39:
                    9b:22:6c:38:00:46:d4:44:45:97:d5:90:5d:13:63:
                    2c:5d:85:15:dc:ba:8a:a9:2f:53:f4:4a:be:ab:7b:
                    4a:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:0D:E2:81:31:C7:3B:5F:53:20:F5:1D:AE:6C:1B:D4:7A:B8:2F:92
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/e797f2-f272-4663-b145-bc6a1b21fd5e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/e797f2-f272-4663-b145-bc6a1b21fd5e/1/QA3igTHHO19TIPUdrmwb1Hq4L5I.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:f0:4d:d8:01:e1:29:b9:1e:0c:5e:bb:fc:11:5d:ce:5e:83:
         32:66:7c:fc:42:ef:dc:63:a5:ee:92:13:c7:2f:54:dc:9f:45:
         df:ad:e1:ca:87:32:56:28:34:7c:9d:8f:f8:bf:bb:05:e8:5d:
         a2:e8:b7:9c:a6:b8:70:1c:a7:47:c0:19:61:2e:94:db:07:ad:
         d5:ce:e0:00:30:9d:60:b5:0e:6f:17:ec:68:ff:f1:b0:75:52:
         b7:01:d4:ef:04:b4:95:c6:92:c6:64:c3:88:4d:74:6a:e4:e1:
         0b:21:50:00:a3:61:db:aa:ff:3c:f0:73:1b:d5:46:26:00:b8:
         77:d2:1e:5c:f2:f4:47:3b:e8:b3:cb:51:e7:36:b8:75:4b:38:
         b5:fa:e3:05:b7:78:f2:24:49:a9:c7:70:5a:1e:e0:5f:a5:c4:
         de:3e:3e:38:a0:ac:85:b1:1f:e5:77:b5:94:ab:a5:c6:45:49:
         05:81:3a:1b:ce:f2:04:a5:6f:4c:60:73:f8:a8:9f:71:b0:03:
         b7:25:9b:26:e4:ea:c3:7e:7e:1c:ee:60:fc:d9:3a:70:15:ef:
         95:a6:dc:7c:9b:c2:d5:aa:51:39:13:d8:27:27:21:1b:14:dd:
         4c:24:b9:4f:e7:9c:65:81:d6:60:ee:9a:ca:cc:21:a1:65:bc:
         40:96:f7:c2
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZJ3C5FcuFAWRl2FvQOVan9HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQxMDEwMTUyODE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDBkZTI4MTMxYzczYjVmNTMyMGY1MWRhZTZjMWJkNDdhYjgyZjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAseaUolIp0ZmJjyRY5KWjB6pMQKmI
NVHDI3VHgK05aI/cgFwFRndjnyaPJiU9dZv6HvuYwjU/94hUxzfHxAM2nmtlg2pU
IgPXiEyWeQn+VyizgICmF/pauaN24BYPu8bUBaqlBDbKoJY72BMAMBewBt2aq1lX
NII9gfeiMoOz4g8ToFnzvWQSJhyq6ny/eR3D1UqsOWFJYW8pSec1orEWSsZeWZ+2
jm5Tsm7ih3Uiy0GMVc78QoGR6YPVWSRarjHDTJmWOBk5Yjdpdu85CvXEvn4xqqZ4
9dhJKAzYgch0wDmbImw4AEbUREWX1ZBdE2MsXYUV3LqKqS9T9Eq+q3tKjwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFEAN4oExxztfUyD1Ha5sG9R6uC+SMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk5L2U3OTdm
Mi1mMjcyLTQ2NjMtYjE0NS1iYzZhMWIyMWZkNWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTkvZTc5N2Yy
LWYyNzItNDY2My1iMTQ1LWJjNmExYjIxZmQ1ZS8xL1FBM2lnVEhITzE5VElQVWRy
bXdiMUhxNEw1SS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW8XzMA0GCSqGSIb3DQEBCwUAA4IBAQAE8E3Y
AeEpuR4MXrv8EV3OXoMyZnz8Qu/cY6XukhPHL1Tcn0XfreHKhzJWKDR8nY/4v7sF
6F2i6LecprhwHKdHwBlhLpTbB63VzuAAMJ1gtQ5vF+xo//GwdVK3AdTvBLSVxpLG
ZMOITXRq5OELIVAAo2Hbqv888HMb1UYmALh30h5c8vRHO+izy1HnNrh1Szi1+uMF
t3jyJEmpx3BaHuBfpcTePj44oKyFsR/ld7WUq6XGRUkFgTobzvIEpW9MYHP4qJ9x
sAO3JZsm5OrDfn4c7mD82TpwFe+Vptx8m8LVqlE5E9gnJyEbFN1MJLlP55xlgdZg
7prKzCGhZbxAlvfC
-----END CERTIFICATE-----