Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/QWb8VOLSQfRBrQPMGOMxv-NKV-8.cer
File:                     QWb8VOLSQfRBrQPMGOMxv-NKV-8.cer (raw, json)
Hash identifier:          /7x291LXi29mE4KnJ1femp2XLNeaHHlGwOsd86AbN2Y=
Subject key identifier:   41:66:FC:54:E2:D2:41:F4:41:AD:03:CC:18:E3:31:BF:E3:4A:57:EF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018ECCA2B6D8888F514BCFD7BB30F8BAF009
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/19/9d7886-34dc-4998-9717-f11c6e06488f/1/QWb8VOLSQfRBrQPMGOMxv-NKV-8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/19/9d7886-34dc-4998-9717-f11c6e06488f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 11 Apr 2024 10:09:59 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 196633
                          IP: 91.213.82.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:cc:a2:b6:d8:88:8f:51:4b:cf:d7:bb:30:f8:ba:f0:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr 11 10:09:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4166fc54e2d241f441ad03cc18e331bfe34a57ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d6:c4:b8:2e:55:fb:9d:74:13:db:e1:bf:65:
                    29:3d:bd:ec:47:3a:5f:16:08:d8:c6:70:1a:17:aa:
                    21:30:0b:a9:7f:4f:ac:f8:f7:35:72:37:0d:74:8d:
                    f9:fb:9e:25:40:f5:5f:e6:a3:e2:a3:4d:9c:09:db:
                    aa:0e:90:25:96:75:55:65:f9:98:2c:8d:42:4d:15:
                    03:e8:21:95:55:54:da:97:ac:36:96:3f:c8:99:66:
                    f9:dc:eb:6c:22:24:57:17:70:ab:5a:0e:d4:1c:1d:
                    e9:e7:0f:a4:52:03:70:dd:fc:7a:e6:5a:7c:e0:6e:
                    f4:72:31:7b:7f:42:3c:ad:73:2f:2e:64:88:d2:32:
                    bb:d0:d5:3a:02:24:68:17:ef:2b:0d:85:ff:07:77:
                    73:7b:07:c7:e8:78:e9:c4:40:86:ca:57:fe:23:92:
                    6b:e8:e8:ef:dc:d8:3e:10:f4:ea:26:f5:b0:b3:92:
                    f1:92:d8:af:37:06:ef:47:fe:98:1d:aa:4d:2a:98:
                    88:ce:d5:0e:ad:e7:37:72:32:91:e6:23:29:19:56:
                    93:d9:51:5a:b5:ed:9d:90:d3:4d:27:b2:e7:c2:a3:
                    8c:d7:fa:1a:27:87:eb:1e:b8:d4:47:0e:99:f3:c8:
                    6c:d7:72:50:a0:a1:f0:df:b5:71:dd:ac:39:b7:36:
                    fd:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:66:FC:54:E2:D2:41:F4:41:AD:03:CC:18:E3:31:BF:E3:4A:57:EF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/9d7886-34dc-4998-9717-f11c6e06488f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/9d7886-34dc-4998-9717-f11c6e06488f/1/QWb8VOLSQfRBrQPMGOMxv-NKV-8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.82.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  196633

    Signature Algorithm: sha256WithRSAEncryption
         26:a0:62:42:a7:ed:ae:1e:26:55:32:df:4f:e6:1b:af:c8:19:
         30:80:c9:43:71:f0:34:ce:81:1c:37:d5:12:5e:23:d5:ce:49:
         87:dd:24:ae:21:49:08:49:b3:7d:bc:02:11:a9:04:c9:86:16:
         5d:7b:21:12:a9:aa:8f:88:8e:ca:26:ec:73:68:8d:c6:f4:e8:
         59:81:62:93:55:08:3d:a8:e3:88:3d:47:2c:83:ae:d1:8e:ec:
         af:91:01:d3:86:88:51:0e:f5:6b:fc:3e:2e:b2:30:26:8f:d5:
         c6:4f:18:53:34:92:c2:a8:31:91:13:7e:ec:23:75:a6:be:07:
         b0:9a:1f:f5:5e:c1:ef:b3:1c:5c:70:93:6a:67:95:02:93:70:
         be:a6:45:b5:32:36:d3:b8:a7:04:0c:f6:9c:8a:e3:0e:0d:17:
         aa:65:0d:18:76:79:68:7f:9b:25:49:8a:bd:ed:af:47:b4:d8:
         42:e4:58:67:4e:49:2e:49:01:b5:8d:a2:c6:93:77:3b:17:8f:
         d6:7e:27:4c:38:c3:32:db:59:48:a6:64:d1:10:f3:61:bd:76:
         46:cc:7c:5a:0f:21:a4:af:a4:7c:a8:7f:3f:d2:a6:ba:5d:f8:
         da:d2:94:92:b4:56:fa:de:aa:ca:73:39:6b:47:d4:45:53:3a:
         d0:dd:79:c6
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAY7MorbYiI9RS8/XuzD4uvAJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNDExMTAwOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTY2ZmM1NGUyZDI0MWY0NDFhZDAzY2MxOGUzMzFiZmUzNGE1N2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdbEuC5V+510E9vhv2UpPb3sRzpf
FgjYxnAaF6ohMAupf0+s+Pc1cjcNdI35+54lQPVf5qPio02cCduqDpAllnVVZfmY
LI1CTRUD6CGVVVTal6w2lj/ImWb53OtsIiRXF3CrWg7UHB3p5w+kUgNw3fx65lp8
4G70cjF7f0I8rXMvLmSI0jK70NU6AiRoF+8rDYX/B3dzewfH6HjpxECGylf+I5Jr
6Ojv3Ng+EPTqJvWws5LxktivNwbvR/6YHapNKpiIztUOrec3cjKR5iMpGVaT2VFa
te2dkNNNJ7LnwqOM1/oaJ4frHrjURw6Z88hs13JQoKHw37Vx3aw5tzb9vwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFEFm/FTi0kH0Qa0DzBjjMb/jSlfvMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE5LzlkNzg4
Ni0zNGRjLTQ5OTgtOTcxNy1mMTFjNmUwNjQ4OGYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTkvOWQ3ODg2
LTM0ZGMtNDk5OC05NzE3LWYxMWM2ZTA2NDg4Zi8xL1FXYjhWT0xTUWZSQnJRUE1H
T014di1OS1YtOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9VSMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMAGTANBgkqhkiG9w0BAQsFAAOCAQEAJqBiQqftrh4mVTLfT+Ybr8gZMIDJQ3Hw
NM6BHDfVEl4j1c5Jh90kriFJCEmzfbwCEakEyYYWXXshEqmqj4iOyibsc2iNxvTo
WYFik1UIPajjiD1HLIOu0Y7sr5EB04aIUQ71a/w+LrIwJo/Vxk8YUzSSwqgxkRN+
7CN1pr4HsJof9V7B77McXHCTameVApNwvqZFtTI207inBAz2nIrjDg0XqmUNGHZ5
aH+bJUmKve2vR7TYQuRYZ05JLkkBtY2ixpN3OxeP1n4nTDjDMttZSKZk0RDzYb12
Rsx8Wg8hpK+kfKh/P9Kmul342tKUkrRW+t6qynM5a0fURVM60N15xg==
-----END CERTIFICATE-----