Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/QWb8VOLSQfRBrQPMGOMxv-NKV-8.cer
File:                     QWb8VOLSQfRBrQPMGOMxv-NKV-8.cer (raw, json)
Hash identifier:          yjLtUUpGLDp0lOOF8ck1sfW65/I0wawR3iJzVXnS3sw=
Subject key identifier:   41:66:FC:54:E2:D2:41:F4:41:AD:03:CC:18:E3:31:BF:E3:4A:57:EF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942521BCC32EC100ECEED2B4E7C50F4A9C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/19/9d7886-34dc-4998-9717-f11c6e06488f/1/QWb8VOLSQfRBrQPMGOMxv-NKV-8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/19/9d7886-34dc-4998-9717-f11c6e06488f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 03:49:15 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 196633
                          IP: 91.213.82.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:bc:c3:2e:c1:00:ec:ee:d2:b4:e7:c5:0f:4a:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 03:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4166fc54e2d241f441ad03cc18e331bfe34a57ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d6:c4:b8:2e:55:fb:9d:74:13:db:e1:bf:65:
                    29:3d:bd:ec:47:3a:5f:16:08:d8:c6:70:1a:17:aa:
                    21:30:0b:a9:7f:4f:ac:f8:f7:35:72:37:0d:74:8d:
                    f9:fb:9e:25:40:f5:5f:e6:a3:e2:a3:4d:9c:09:db:
                    aa:0e:90:25:96:75:55:65:f9:98:2c:8d:42:4d:15:
                    03:e8:21:95:55:54:da:97:ac:36:96:3f:c8:99:66:
                    f9:dc:eb:6c:22:24:57:17:70:ab:5a:0e:d4:1c:1d:
                    e9:e7:0f:a4:52:03:70:dd:fc:7a:e6:5a:7c:e0:6e:
                    f4:72:31:7b:7f:42:3c:ad:73:2f:2e:64:88:d2:32:
                    bb:d0:d5:3a:02:24:68:17:ef:2b:0d:85:ff:07:77:
                    73:7b:07:c7:e8:78:e9:c4:40:86:ca:57:fe:23:92:
                    6b:e8:e8:ef:dc:d8:3e:10:f4:ea:26:f5:b0:b3:92:
                    f1:92:d8:af:37:06:ef:47:fe:98:1d:aa:4d:2a:98:
                    88:ce:d5:0e:ad:e7:37:72:32:91:e6:23:29:19:56:
                    93:d9:51:5a:b5:ed:9d:90:d3:4d:27:b2:e7:c2:a3:
                    8c:d7:fa:1a:27:87:eb:1e:b8:d4:47:0e:99:f3:c8:
                    6c:d7:72:50:a0:a1:f0:df:b5:71:dd:ac:39:b7:36:
                    fd:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:66:FC:54:E2:D2:41:F4:41:AD:03:CC:18:E3:31:BF:E3:4A:57:EF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/9d7886-34dc-4998-9717-f11c6e06488f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/9d7886-34dc-4998-9717-f11c6e06488f/1/QWb8VOLSQfRBrQPMGOMxv-NKV-8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.82.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  196633

    Signature Algorithm: sha256WithRSAEncryption
         52:3b:f4:8d:32:d2:55:81:19:e6:fc:3e:4b:41:90:1b:58:17:
         25:a3:89:4e:01:11:ec:cd:5b:da:93:bc:ef:59:23:f8:3a:36:
         10:55:b7:1c:87:47:83:77:b5:7c:84:95:c9:b7:07:7f:ab:91:
         ae:89:88:0f:54:aa:0b:24:5f:93:51:07:94:82:90:af:91:14:
         72:ef:e4:62:c2:66:b0:86:d9:1e:d7:c5:de:57:2f:b9:fb:76:
         9f:2e:69:0e:4a:28:80:90:8b:4e:ff:0e:79:22:5c:f6:7d:59:
         9a:76:93:13:05:39:4c:25:73:b6:eb:60:68:31:73:51:1a:c8:
         27:f3:f3:d5:8e:37:d8:28:3e:99:99:8d:f6:91:93:70:c2:ea:
         3c:4c:f6:07:3b:66:20:14:2a:d6:4c:d2:d6:eb:4a:b8:f0:c4:
         8a:fb:6e:20:31:64:40:2f:2b:90:61:37:0f:89:23:1c:3a:4d:
         6a:43:d6:07:f0:b2:6e:b4:3c:83:c1:11:db:c4:90:2b:f9:4d:
         f0:bc:11:42:57:0d:e5:78:8c:26:c6:18:87:e8:d2:fd:c1:92:
         f5:2b:52:70:2d:95:3c:d8:77:86:42:e1:f5:60:14:3c:81:1c:
         9a:51:ef:96:be:4c:5c:0d:d4:c1:d9:08:5a:3b:56:e7:ab:2b:
         b0:83:1e:88
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQlIbzDLsEA7O7StOfFD0qcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDM0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTY2ZmM1NGUyZDI0MWY0NDFhZDAzY2MxOGUzMzFiZmUzNGE1N2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdbEuC5V+510E9vhv2UpPb3sRzpf
FgjYxnAaF6ohMAupf0+s+Pc1cjcNdI35+54lQPVf5qPio02cCduqDpAllnVVZfmY
LI1CTRUD6CGVVVTal6w2lj/ImWb53OtsIiRXF3CrWg7UHB3p5w+kUgNw3fx65lp8
4G70cjF7f0I8rXMvLmSI0jK70NU6AiRoF+8rDYX/B3dzewfH6HjpxECGylf+I5Jr
6Ojv3Ng+EPTqJvWws5LxktivNwbvR/6YHapNKpiIztUOrec3cjKR5iMpGVaT2VFa
te2dkNNNJ7LnwqOM1/oaJ4frHrjURw6Z88hs13JQoKHw37Vx3aw5tzb9vwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFEFm/FTi0kH0Qa0DzBjjMb/jSlfvMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE5LzlkNzg4
Ni0zNGRjLTQ5OTgtOTcxNy1mMTFjNmUwNjQ4OGYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTkvOWQ3ODg2
LTM0ZGMtNDk5OC05NzE3LWYxMWM2ZTA2NDg4Zi8xL1FXYjhWT0xTUWZSQnJRUE1H
T014di1OS1YtOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9VSMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMAGTANBgkqhkiG9w0BAQsFAAOCAQEAUjv0jTLSVYEZ5vw+S0GQG1gXJaOJTgER
7M1b2pO871kj+Do2EFW3HIdHg3e1fISVybcHf6uRromID1SqCyRfk1EHlIKQr5EU
cu/kYsJmsIbZHtfF3lcvuft2ny5pDkoogJCLTv8OeSJc9n1ZmnaTEwU5TCVztutg
aDFzURrIJ/Pz1Y432Cg+mZmN9pGTcMLqPEz2BztmIBQq1kzS1utKuPDEivtuIDFk
QC8rkGE3D4kjHDpNakPWB/CybrQ8g8ER28SQK/lN8LwRQlcN5XiMJsYYh+jS/cGS
9StScC2VPNh3hkLh9WAUPIEcmlHvlr5MXA3UwdkIWjtW56srsIMeiA==
-----END CERTIFICATE-----