Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Qy6rb9B3j6qP588vgG2WTEqpOBM.cer
File:                     Qy6rb9B3j6qP588vgG2WTEqpOBM.cer (raw, json)
Hash identifier:          OQMc7vMrPlb1q2tSoJPScQmYIlBPghxXUeHgXVPJQms=
Subject key identifier:   43:2E:AB:6F:D0:77:8F:AA:8F:E7:CF:2F:80:6D:96:4C:4A:A9:38:13
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC6B7A2F01DE8D7A8BF1AF48477E9E2B7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/cf/193e1f-f70e-4df7-a04c-746faed2f561/1/Qy6rb9B3j6qP588vgG2WTEqpOBM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/cf/193e1f-f70e-4df7-a04c-746faed2f561/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 20:29:32 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.251.18.0/24
                          IP: 2a0b:d40::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a2:f0:1d:e8:d7:a8:bf:1a:f4:84:77:e9:e2:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=432eab6fd0778faa8fe7cf2f806d964c4aa93813
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:39:f2:fc:3d:76:d6:dd:ed:5b:94:32:39:75:
                    be:87:17:38:bf:78:73:f2:99:73:2e:aa:d5:05:d2:
                    07:d9:00:38:87:46:88:52:e3:cf:31:0d:19:28:ae:
                    95:9c:73:aa:82:78:0d:e2:e6:78:03:5e:e5:c1:04:
                    01:4d:d1:60:c8:1d:ee:2a:3f:2c:9c:df:df:1a:e0:
                    90:38:6b:36:13:00:b3:21:1c:f2:3b:e3:d8:b7:0d:
                    3c:75:ef:25:a7:08:d5:55:ea:03:aa:41:d3:4e:fa:
                    bc:d7:52:c9:12:78:12:99:20:9e:90:cd:06:ad:40:
                    83:cb:f2:a8:cb:c8:ae:3d:2d:76:89:1c:f6:d0:0d:
                    39:f1:e6:03:d3:2f:ff:2c:38:bc:c8:a9:c2:71:34:
                    0d:64:31:98:dd:64:e2:c5:dc:50:e1:8c:ee:9f:97:
                    0a:3c:e2:04:cb:82:3d:75:8e:1b:6d:ee:82:e0:13:
                    7c:9b:f2:fd:a8:6a:bd:37:4f:c7:5a:03:8d:5e:6e:
                    be:c2:4e:41:87:a5:c2:1e:b9:40:98:ed:15:98:46:
                    98:3c:d5:4f:a5:0a:de:51:af:48:e4:e3:98:a6:e9:
                    e5:4d:35:14:5b:b2:a1:38:dd:91:9a:83:d3:0f:c2:
                    b2:d0:98:58:9a:7f:43:9c:c9:92:c6:79:20:b5:62:
                    ef:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:2E:AB:6F:D0:77:8F:AA:8F:E7:CF:2F:80:6D:96:4C:4A:A9:38:13
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/193e1f-f70e-4df7-a04c-746faed2f561/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/193e1f-f70e-4df7-a04c-746faed2f561/1/Qy6rb9B3j6qP588vgG2WTEqpOBM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.251.18.0/24
                IPv6:
                  2a0b:d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         a4:e0:5c:5d:8b:db:14:50:67:4c:df:d6:7a:f0:71:85:3d:a9:
         06:c6:e0:1c:f8:0e:81:18:ae:5a:10:cb:ba:63:99:67:06:16:
         8e:52:74:54:c5:88:52:93:52:a7:ca:38:83:5d:f8:c7:be:12:
         88:a1:8d:1e:7b:dd:31:0b:d0:c6:61:48:8a:0f:de:5f:19:e2:
         32:fe:8c:12:d6:89:3a:22:e4:ac:59:37:5c:4a:d4:d4:2f:78:
         d5:f3:be:f6:89:6a:98:04:eb:c5:14:92:bd:d1:80:9b:27:29:
         d7:14:95:2f:40:a5:0d:3e:1f:b3:fe:8b:20:ef:57:e9:8f:5b:
         8c:4e:bf:8b:23:2a:8e:5e:37:80:03:0e:0e:f1:c6:8e:1c:99:
         ab:65:b7:fc:70:6f:90:ea:3d:f7:dc:08:30:86:f6:c7:86:ee:
         43:ff:21:4b:46:b4:63:cf:5f:8d:3b:a5:53:3b:01:76:98:4a:
         70:a0:14:cd:84:91:67:48:97:ee:7c:1c:f1:d9:2e:2c:9b:1c:
         ce:7e:ee:67:da:ff:e1:14:f6:79:13:aa:40:1d:fa:bb:c9:19:
         a1:21:82:3f:35:3d:d4:8f:a0:7e:f6:76:1d:91:7c:9e:98:48:
         79:98:c7:16:2d:f7:89:d5:af:07:9d:20:bb:5d:96:4b:f6:86:
         e5:70:a9:62
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzGt6LwHejXqL8a9IR36eK3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzJlYWI2ZmQwNzc4ZmFhOGZlN2NmMmY4MDZkOTY0YzRhYTkzODEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzny/D121t3tW5QyOXW+hxc4v3hz
8plzLqrVBdIH2QA4h0aIUuPPMQ0ZKK6VnHOqgngN4uZ4A17lwQQBTdFgyB3uKj8s
nN/fGuCQOGs2EwCzIRzyO+PYtw08de8lpwjVVeoDqkHTTvq811LJEngSmSCekM0G
rUCDy/Koy8iuPS12iRz20A058eYD0y//LDi8yKnCcTQNZDGY3WTixdxQ4Yzun5cK
POIEy4I9dY4bbe6C4BN8m/L9qGq9N0/HWgONXm6+wk5Bh6XCHrlAmO0VmEaYPNVP
pQreUa9I5OOYpunlTTUUW7KhON2RmoPTD8Ky0JhYmn9DnMmSxnkgtWLv3QIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFEMuq2/Qd4+qj+fPL4BtlkxKqTgTMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NmLzE5M2Ux
Zi1mNzBlLTRkZjctYTA0Yy03NDZmYWVkMmY1NjEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2YvMTkzZTFm
LWY3MGUtNGRmNy1hMDRjLTc0NmZhZWQyZjU2MS8xL1F5NnJiOUIzajZxUDU4OHZn
RzJXVEVxcE9CTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAufsSMA0EAgACMAcDBQMqCw1AMA0GCSqGSIb3
DQEBCwUAA4IBAQCk4Fxdi9sUUGdM39Z68HGFPakGxuAc+A6BGK5aEMu6Y5lnBhaO
UnRUxYhSk1KnyjiDXfjHvhKIoY0ee90xC9DGYUiKD95fGeIy/owS1ok6IuSsWTdc
StTUL3jV8772iWqYBOvFFJK90YCbJynXFJUvQKUNPh+z/osg71fpj1uMTr+LIyqO
XjeAAw4O8caOHJmrZbf8cG+Q6j333AgwhvbHhu5D/yFLRrRjz1+NO6VTOwF2mEpw
oBTNhJFnSJfufBzx2S4smxzOfu5n2v/hFPZ5E6pAHfq7yRmhIYI/NT3Uj6B+9nYd
kXyemEh5mMcWLfeJ1a8HnSC7XZZL9oblcKli
-----END CERTIFICATE-----