Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Qn35XuEKKtTq8ILfrBWYOLN9NFA.cer
File:                     Qn35XuEKKtTq8ILfrBWYOLN9NFA.cer (raw, json)
Hash identifier:          3O70KQe8Mx9NS1VdEXUTQjTy/mdML7k5mftzaFR66yE=
Subject key identifier:   42:7D:F9:5E:E1:0A:2A:D4:EA:F0:82:DF:AC:15:98:38:B3:7D:34:50
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941F8C444FE406ED82A509E212A1FA7087
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b4/4a3068-ea9d-4966-be55-7943d9a79bd2/1/Qn35XuEKKtTq8ILfrBWYOLN9NFA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b4/4a3068-ea9d-4966-be55-7943d9a79bd2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 01:47:53 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 59635
                          IP: 91.247.66.0/23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:44:4f:e4:06:ed:82:a5:09:e2:12:a1:fa:70:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=427df95ee10a2ad4eaf082dfac159838b37d3450
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:2e:03:5b:88:9e:c3:6c:89:90:03:55:62:1e:
                    f4:c4:88:fd:ad:8d:c1:e2:41:c7:27:4c:a7:07:05:
                    3b:53:b2:e7:0d:80:68:d3:64:e6:4f:06:7e:7a:25:
                    4b:66:11:b8:67:40:a7:38:ed:bc:a4:1a:fb:54:c1:
                    20:00:d3:6b:d8:51:09:fe:9f:2c:54:10:71:5b:d4:
                    cf:92:9b:46:50:90:52:42:38:db:62:de:e0:c4:ee:
                    a5:12:97:1e:a8:f2:8c:05:74:39:34:73:2d:09:3e:
                    73:ec:3c:8c:06:1f:41:48:d4:7f:01:58:82:bd:45:
                    67:fb:5f:b6:1c:fe:97:df:27:5f:6c:54:6d:6d:9b:
                    36:fe:2f:73:7e:74:07:ed:39:09:8e:5d:79:be:b1:
                    9a:bf:e9:5f:89:55:a3:0d:b6:23:f8:67:8b:72:d8:
                    16:86:45:74:cb:8c:1b:49:65:69:a9:4e:37:40:f8:
                    4a:6b:56:d4:0a:1c:b8:49:68:f1:8c:72:c0:c5:a0:
                    d4:40:b9:9b:ce:fd:bb:aa:ec:d7:3a:0c:64:9e:0c:
                    ac:a6:ae:62:3f:71:70:8c:66:53:4c:47:45:b8:43:
                    1c:75:23:c2:65:d6:72:77:ad:56:d8:8e:11:f8:9b:
                    9b:22:62:a7:07:bf:a7:be:7f:04:3f:63:b4:a2:09:
                    3d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:7D:F9:5E:E1:0A:2A:D4:EA:F0:82:DF:AC:15:98:38:B3:7D:34:50
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/4a3068-ea9d-4966-be55-7943d9a79bd2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/4a3068-ea9d-4966-be55-7943d9a79bd2/1/Qn35XuEKKtTq8ILfrBWYOLN9NFA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.247.66.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  59635

    Signature Algorithm: sha256WithRSAEncryption
         3c:9b:c7:df:38:e9:b9:f2:40:01:5b:aa:b1:a4:e9:3f:32:08:
         01:07:e4:4b:c7:83:85:0e:83:7e:38:f4:e8:9c:ca:5e:6c:2c:
         5f:b3:0f:26:d2:cb:cf:84:15:d0:13:1b:95:01:3b:92:d8:74:
         00:b6:2c:e9:d1:39:30:ab:0e:c3:08:f6:77:21:5f:1b:0d:8e:
         fb:69:3b:2b:d6:59:47:5b:3b:6a:11:e0:76:ca:58:e8:45:1d:
         aa:98:ed:5c:a5:94:a1:3d:24:0b:b3:0d:77:52:2a:8f:1c:c6:
         1b:5e:28:b2:d1:4a:f1:07:47:f1:d9:54:87:21:d2:21:33:a7:
         7b:9a:6b:e5:03:9e:d2:16:a2:6f:0d:70:cf:ae:85:cc:4b:8c:
         ea:52:21:38:bd:11:82:3b:6c:5f:5d:be:08:60:48:92:75:29:
         98:4e:f4:44:37:d8:a1:9c:1d:c8:a1:80:2c:b6:8c:bb:45:6c:
         2f:42:6c:e0:65:16:2b:f1:49:bd:93:74:7b:4a:f8:76:fb:2a:
         5f:72:06:07:44:b6:55:b4:9e:b6:35:38:af:42:6e:3c:1a:56:
         0e:b5:97:f0:cf:2d:90:ce:db:81:15:22:05:ce:58:08:fd:27:
         04:c5:11:41:67:6d:d7:bf:33:68:50:55:7c:33:07:29:a0:41:
         65:4d:e5:24
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQfjERP5AbtgqUJ4hKh+nCHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDE0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjdkZjk1ZWUxMGEyYWQ0ZWFmMDgyZGZhYzE1OTgzOGIzN2QzNDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAti4DW4iew2yJkANVYh70xIj9rY3B
4kHHJ0ynBwU7U7LnDYBo02TmTwZ+eiVLZhG4Z0CnOO28pBr7VMEgANNr2FEJ/p8s
VBBxW9TPkptGUJBSQjjbYt7gxO6lEpceqPKMBXQ5NHMtCT5z7DyMBh9BSNR/AViC
vUVn+1+2HP6X3ydfbFRtbZs2/i9zfnQH7TkJjl15vrGav+lfiVWjDbYj+GeLctgW
hkV0y4wbSWVpqU43QPhKa1bUChy4SWjxjHLAxaDUQLmbzv27quzXOgxkngyspq5i
P3FwjGZTTEdFuEMcdSPCZdZyd61W2I4R+JubImKnB7+nvn8EP2O0ogk9gQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFEJ9+V7hCirU6vCC36wVmDizfTRQMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2I0LzRhMzA2
OC1lYTlkLTQ5NjYtYmU1NS03OTQzZDlhNzliZDIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjQvNGEzMDY4
LWVhOWQtNDk2Ni1iZTU1LTc5NDNkOWE3OWJkMi8xL1FuMzVYdUVLS3RUcThJTGZy
QldZT0xOOU5GQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBW/dCMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDo8zANBgkqhkiG9w0BAQsFAAOCAQEAPJvH3zjpufJAAVuqsaTpPzIIAQfkS8eD
hQ6Dfjj06JzKXmwsX7MPJtLLz4QV0BMblQE7kth0ALYs6dE5MKsOwwj2dyFfGw2O
+2k7K9ZZR1s7ahHgdspY6EUdqpjtXKWUoT0kC7MNd1IqjxzGG14ostFK8QdH8dlU
hyHSITOne5pr5QOe0haibw1wz66FzEuM6lIhOL0RgjtsX12+CGBIknUpmE70RDfY
oZwdyKGALLaMu0VsL0Js4GUWK/FJvZN0e0r4dvsqX3IGB0S2VbSetjU4r0JuPBpW
DrWX8M8tkM7bgRUiBc5YCP0nBMURQWdt178zaFBVfDMHKaBBZU3lJA==
-----END CERTIFICATE-----