Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/QtvPm46wNgQ7t_e40zhrziTV3W4.cer
File:                     QtvPm46wNgQ7t_e40zhrziTV3W4.cer (raw, json)
Hash identifier:          MQ5VvptlI9NRYeuld8lS6Xzbo5OO7IuFNjy5E4f6CGY=
Subject key identifier:   42:DB:CF:9B:8E:B0:36:04:3B:B7:F7:B8:D3:38:6B:CE:24:D5:DD:6E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC9BCF972E8BA03F8D20A8A15018184CA
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d4/80841a-88ae-4b0e-8e25-48ae70161e79/1/QtvPm46wNgQ7t_e40zhrziTV3W4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d4/80841a-88ae-4b0e-8e25-48ae70161e79/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 10:34:14 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 212151
                          IP: 91.213.53.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:f9:72:e8:ba:03:f8:d2:0a:8a:15:01:81:84:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 10:34:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42dbcf9b8eb036043bb7f7b8d3386bce24d5dd6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:2c:a2:4b:d3:4b:c8:e2:9a:22:00:b4:f6:0a:
                    6b:19:74:48:6e:9e:bf:ab:e6:60:9e:6c:e6:58:70:
                    92:43:41:c3:18:9e:41:7c:3f:13:55:d0:44:70:4d:
                    90:06:3f:b9:31:68:5e:66:7d:59:28:75:95:f6:30:
                    24:57:f0:5c:9b:01:53:13:34:39:91:dd:5c:12:62:
                    77:57:de:32:74:3e:b2:52:83:0d:1d:e2:79:a3:00:
                    83:cb:28:25:61:f7:00:14:e8:ed:06:d3:f6:63:8b:
                    3a:f9:e4:91:be:29:51:06:c7:da:cd:8e:5d:27:c9:
                    82:e2:f1:9f:b4:8f:b1:bd:a7:96:4a:7e:b9:16:70:
                    d2:27:25:5a:bf:cb:8c:8d:6a:3e:31:3f:74:20:30:
                    13:86:e7:42:b6:71:46:f9:bb:5a:62:dd:05:0a:ee:
                    28:d2:4a:7e:4b:8a:b3:0f:99:b0:d6:e6:f0:7c:49:
                    57:d6:01:aa:31:15:64:e0:2a:fd:67:c2:14:c0:cd:
                    7a:a2:f0:cf:86:eb:3a:30:e3:22:36:c9:94:58:1f:
                    8f:2e:c1:c4:47:c3:7c:6f:66:7b:9b:71:3e:4a:f9:
                    e5:77:f2:93:c7:df:b3:0a:65:a9:18:69:e6:15:d0:
                    ea:9e:c9:01:15:2d:ca:5a:d2:00:ae:0b:4b:9b:5f:
                    13:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:DB:CF:9B:8E:B0:36:04:3B:B7:F7:B8:D3:38:6B:CE:24:D5:DD:6E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/80841a-88ae-4b0e-8e25-48ae70161e79/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/80841a-88ae-4b0e-8e25-48ae70161e79/1/QtvPm46wNgQ7t_e40zhrziTV3W4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.53.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  212151

    Signature Algorithm: sha256WithRSAEncryption
         a7:12:e4:23:d0:07:bf:ad:8e:04:32:b8:e8:ba:60:d3:bf:91:
         f5:20:c8:fe:aa:65:9e:ea:8b:c2:fa:44:6a:fb:f6:8f:4e:7e:
         b8:f0:26:af:51:85:38:1a:9c:1a:df:dc:7e:c3:e6:8f:84:01:
         ef:c6:c4:68:ec:b4:e0:1e:47:3d:59:c2:8a:1d:a2:d8:ce:17:
         9f:ab:4b:23:51:90:e1:94:a6:c1:14:8d:79:08:b9:84:6b:78:
         d6:91:75:4f:ae:b9:91:a1:f3:4f:2f:af:3a:bc:cd:d0:98:43:
         6c:83:2a:78:75:7d:71:7b:14:5e:cc:42:33:47:68:93:a0:58:
         3c:c2:62:c3:e3:63:82:06:fd:11:60:0f:ce:f3:37:bb:72:cb:
         4e:a1:0d:a2:d7:3f:0a:8e:50:40:56:0d:a9:55:ca:a9:47:5a:
         70:e6:d0:ff:0d:f5:36:b4:81:09:08:b9:bb:35:d1:fd:7d:36:
         2a:d0:f0:8c:5c:ab:b3:38:a4:ec:78:59:a0:e8:12:e9:3c:31:
         e1:b9:a4:df:b9:7f:2f:5b:6b:fe:9e:76:1d:b6:54:35:f8:35:
         bd:dd:88:7f:ad:8b:11:a0:4c:5f:f1:ec:46:6a:b5:26:10:b3:
         8b:41:3b:c1:8c:be:09:80:74:03:69:ed:f7:6b:2b:16:e0:ff:
         45:84:08:a2
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzJvPly6LoD+NIKihUBgYTKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTAzNDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmRiY2Y5YjhlYjAzNjA0M2JiN2Y3YjhkMzM4NmJjZTI0ZDVkZDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyyiS9NLyOKaIgC09gprGXRIbp6/
q+ZgnmzmWHCSQ0HDGJ5BfD8TVdBEcE2QBj+5MWheZn1ZKHWV9jAkV/BcmwFTEzQ5
kd1cEmJ3V94ydD6yUoMNHeJ5owCDyyglYfcAFOjtBtP2Y4s6+eSRvilRBsfazY5d
J8mC4vGftI+xvaeWSn65FnDSJyVav8uMjWo+MT90IDAThudCtnFG+btaYt0FCu4o
0kp+S4qzD5mw1ubwfElX1gGqMRVk4Cr9Z8IUwM16ovDPhus6MOMiNsmUWB+PLsHE
R8N8b2Z7m3E+Svnld/KTx9+zCmWpGGnmFdDqnskBFS3KWtIArgtLm18TJwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFELbz5uOsDYEO7f3uNM4a84k1d1uMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q0LzgwODQx
YS04OGFlLTRiMGUtOGUyNS00OGFlNzAxNjFlNzkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDQvODA4NDFh
LTg4YWUtNGIwZS04ZTI1LTQ4YWU3MDE2MWU3OS8xL1F0dlBtNDZ3TmdRN3RfZTQw
emhyemlUVjNXNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9U1MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwM8tzANBgkqhkiG9w0BAQsFAAOCAQEApxLkI9AHv62OBDK46Lpg07+R9SDI/qpl
nuqLwvpEavv2j05+uPAmr1GFOBqcGt/cfsPmj4QB78bEaOy04B5HPVnCih2i2M4X
n6tLI1GQ4ZSmwRSNeQi5hGt41pF1T665kaHzTy+vOrzN0JhDbIMqeHV9cXsUXsxC
M0dok6BYPMJiw+Njggb9EWAPzvM3u3LLTqENotc/Co5QQFYNqVXKqUdacObQ/w31
NrSBCQi5uzXR/X02KtDwjFyrszik7HhZoOgS6Twx4bmk37l/L1tr/p52HbZUNfg1
vd2If62LEaBMX/HsRmq1JhCzi0E7wYy+CYB0A2nt92srFuD/RYQIog==
-----END CERTIFICATE-----