Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/QRZSBM_kcHPMhtbeQ8QdiBfi5C4.cer
File:                     QRZSBM_kcHPMhtbeQ8QdiBfi5C4.cer (raw, json)
Hash identifier:          wy4H5b+/fEdcOpdF3l7tlgMtVjA/M6u0e4HBUs96ezs=
Subject key identifier:   41:16:52:04:CF:E4:70:73:CC:86:D6:DE:43:C4:1D:88:17:E2:E4:2E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC86FAC32284645C04ABBF8A1EC7BCD96
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/69/fd3568-dde9-409c-bbd0-34d28b43c324/1/QRZSBM_kcHPMhtbeQ8QdiBfi5C4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/69/fd3568-dde9-409c-bbd0-34d28b43c324/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 04:30:10 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 58337

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:ac:32:28:46:45:c0:4a:bb:f8:a1:ec:7b:cd:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41165204cfe47073cc86d6de43c41d8817e2e42e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:2c:11:ef:f5:12:85:97:9f:c8:fd:0f:c5:ab:
                    ff:17:c4:84:b1:40:ea:c9:b6:c3:49:7b:e3:ec:47:
                    47:6e:70:db:0d:e8:ac:da:86:ec:f6:5c:0d:10:c1:
                    6b:72:19:2a:30:f9:bf:db:b7:d2:5a:ef:48:19:46:
                    a7:77:44:ef:81:fa:d0:28:39:af:a0:ad:d7:6d:02:
                    a5:17:66:9e:ac:62:0a:2c:94:ff:a0:b4:cf:36:61:
                    af:2a:b6:f5:ba:35:68:b0:32:cd:2e:95:d4:12:a4:
                    e8:24:74:ce:b0:f8:b3:2f:5f:05:0e:68:e8:0b:75:
                    14:7c:7d:18:2d:84:f0:a6:24:01:76:ae:96:39:e0:
                    61:c9:29:32:f1:a1:e2:b2:07:fc:5f:27:9b:64:5a:
                    00:25:cc:9b:78:a8:03:a9:4f:31:f3:2e:9f:a9:81:
                    6c:e0:5a:c5:20:b2:0e:85:40:8e:8b:99:b6:ef:8b:
                    33:0a:fb:4b:a7:6a:d7:6f:c3:5a:0a:b6:46:9e:0f:
                    9d:bc:84:7f:29:9c:03:17:3f:59:f1:07:c5:2b:05:
                    d8:86:61:c5:e7:b0:72:f0:74:70:2c:dd:45:c2:02:
                    70:55:32:e2:91:32:0d:eb:19:6f:b9:88:f5:6f:84:
                    89:3e:52:64:40:5c:46:45:c6:cc:fa:53:a3:65:29:
                    b7:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:16:52:04:CF:E4:70:73:CC:86:D6:DE:43:C4:1D:88:17:E2:E4:2E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/fd3568-dde9-409c-bbd0-34d28b43c324/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/fd3568-dde9-409c-bbd0-34d28b43c324/1/QRZSBM_kcHPMhtbeQ8QdiBfi5C4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  58337

    Signature Algorithm: sha256WithRSAEncryption
         a9:3a:b2:db:97:64:fe:12:5a:f9:69:8c:ab:48:e9:c9:04:b3:
         27:22:4c:90:99:44:68:59:e0:4e:19:07:2c:77:b1:e4:68:c7:
         41:8d:6e:f3:1f:ca:70:69:a4:a7:38:11:e5:67:51:5f:d8:59:
         1c:dd:15:de:ff:fd:17:54:be:d4:0f:d3:78:7e:dd:1d:d9:ae:
         2b:38:44:fd:61:11:4f:26:63:68:fe:26:35:c6:cf:22:6f:aa:
         46:f4:5c:09:8b:35:1c:8d:89:04:22:cb:f3:10:41:e6:3a:7c:
         eb:a3:f6:cc:ce:b6:dd:9f:9d:9f:5c:1b:9c:8f:4b:03:ea:87:
         00:5d:d4:9b:de:60:87:1c:27:e9:fb:66:94:37:e9:67:a6:c5:
         4a:3e:bb:81:17:f4:97:1a:ef:4b:f9:ea:17:35:ae:19:d2:56:
         0c:34:8c:fb:1c:e8:51:0a:7b:99:0b:b0:92:e5:a5:89:83:e7:
         25:88:30:19:f4:16:a8:dd:0e:6e:1b:55:9b:d9:21:ae:35:bd:
         ea:d2:83:1c:f7:f8:48:86:92:60:54:ac:d6:79:40:12:1c:97:
         3a:54:f4:e3:a8:6a:03:d4:fe:32:30:e7:b7:73:11:73:64:08:
         68:2c:dc:77:61:3c:be:f8:08:45:cb:c4:6f:9b:b9:4d:cc:eb:
         0f:4d:52:6c
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzIb6wyKEZFwEq7+KHse82WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTE2NTIwNGNmZTQ3MDczY2M4NmQ2ZGU0M2M0MWQ4ODE3ZTJlNDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSwR7/UShZefyP0Pxav/F8SEsUDq
ybbDSXvj7EdHbnDbDeis2obs9lwNEMFrchkqMPm/27fSWu9IGUand0TvgfrQKDmv
oK3XbQKlF2aerGIKLJT/oLTPNmGvKrb1ujVosDLNLpXUEqToJHTOsPizL18FDmjo
C3UUfH0YLYTwpiQBdq6WOeBhySky8aHisgf8XyebZFoAJcybeKgDqU8x8y6fqYFs
4FrFILIOhUCOi5m274szCvtLp2rXb8NaCrZGng+dvIR/KZwDFz9Z8QfFKwXYhmHF
57By8HRwLN1FwgJwVTLikTIN6xlvuYj1b4SJPlJkQFxGRcbM+lOjZSm3fwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFEEWUgTP5HBzzIbW3kPEHYgX4uQuMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzY5L2ZkMzU2
OC1kZGU5LTQwOWMtYmJkMC0zNGQyOGI0M2MzMjQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjkvZmQzNTY4
LWRkZTktNDA5Yy1iYmQwLTM0ZDI4YjQzYzMyNC8xL1FSWlNCTV9rY0hQTWh0YmVR
OFFkaUJmaTVDNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwDj4TANBgkqhkiG9w0BAQsFAAOCAQEAqTqy25dk/hJa
+WmMq0jpyQSzJyJMkJlEaFngThkHLHex5GjHQY1u8x/KcGmkpzgR5WdRX9hZHN0V
3v/9F1S+1A/TeH7dHdmuKzhE/WERTyZjaP4mNcbPIm+qRvRcCYs1HI2JBCLL8xBB
5jp866P2zM623Z+dn1wbnI9LA+qHAF3Um95ghxwn6ftmlDfpZ6bFSj67gRf0lxrv
S/nqFzWuGdJWDDSM+xzoUQp7mQuwkuWliYPnJYgwGfQWqN0ObhtVm9khrjW96tKD
HPf4SIaSYFSs1nlAEhyXOlT046hqA9T+MjDnt3MRc2QIaCzcd2E8vvgIRcvEb5u5
TczrD01SbA==
-----END CERTIFICATE-----