Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/RQHoXAAlxK4pUoBY4jLXN8L0lc4.cer
File:                     RQHoXAAlxK4pUoBY4jLXN8L0lc4.cer (raw, json)
Hash identifier:          iGkFAdeKBFq+L93Qu8KsZ009NBByTRZeZ76CtDEUG7o=
Subject key identifier:   45:01:E8:5C:00:25:C4:AE:29:52:80:58:E2:32:D7:37:C2:F4:95:CE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019421B1EAE42610759193004DF7BEDE105F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4d/d3e8a8-58ef-4630-bf35-cee64195533c/1/RQHoXAAlxK4pUoBY4jLXN8L0lc4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4d/d3e8a8-58ef-4630-bf35-cee64195533c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 11:48:15 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 57035
                          IP: 91.230.79.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:ea:e4:26:10:75:91:93:00:4d:f7:be:de:10:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 11:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4501e85c0025c4ae29528058e232d737c2f495ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:90:01:27:17:4f:b5:6a:75:fd:6f:99:bb:47:
                    49:8f:b7:03:4d:93:28:e6:11:fd:98:2c:84:3b:23:
                    69:87:2e:a2:72:00:83:2f:37:17:be:7a:76:a6:77:
                    fb:c1:d2:c7:cf:50:d3:91:07:0c:4b:41:ac:25:90:
                    53:97:48:1c:4a:38:55:43:8e:1b:6a:1d:13:c5:b7:
                    64:98:11:6d:2f:89:d2:0f:ba:cb:1b:1b:c1:a2:98:
                    c2:d4:61:39:d3:d1:3e:eb:70:5a:4d:b1:66:df:b2:
                    68:42:0f:8e:8e:5c:91:dd:77:c9:63:3c:84:b2:79:
                    11:33:11:d0:74:a5:93:65:31:1d:35:19:ed:c7:51:
                    f1:64:79:7f:f1:fd:45:46:e0:65:65:b3:34:bc:46:
                    27:74:3f:f3:1a:e6:a3:a8:83:2d:5d:60:62:e3:4c:
                    65:f4:ee:54:c4:4f:99:1f:d2:dd:47:8e:6b:a8:56:
                    f9:05:b1:7f:2c:02:dd:ae:d2:3d:3e:e0:c2:75:41:
                    37:89:58:69:9e:5f:d6:a5:12:2e:0a:84:f5:f4:48:
                    e3:73:51:81:37:89:b9:10:98:40:4e:3e:b8:f7:00:
                    f8:e6:c5:df:9d:14:27:84:bf:25:71:8c:28:f0:9a:
                    62:3b:c0:fc:df:78:49:b5:f0:72:c5:2d:aa:21:d0:
                    ae:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:01:E8:5C:00:25:C4:AE:29:52:80:58:E2:32:D7:37:C2:F4:95:CE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/d3e8a8-58ef-4630-bf35-cee64195533c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/d3e8a8-58ef-4630-bf35-cee64195533c/1/RQHoXAAlxK4pUoBY4jLXN8L0lc4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.79.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  57035

    Signature Algorithm: sha256WithRSAEncryption
         7d:a9:39:1a:9a:e8:e2:2d:4d:8d:3b:c9:7a:c0:a8:41:79:dc:
         76:b2:54:97:fd:2d:fd:e9:ae:56:29:a1:d5:f1:4f:68:b3:38:
         e6:12:79:ce:21:72:e6:a3:5c:3a:7a:2b:c5:3e:90:40:b7:d9:
         21:4d:4a:dd:82:53:37:4a:6c:ea:aa:d4:0a:46:9d:af:6c:cf:
         70:bf:f5:b3:de:a8:ca:cb:f7:b0:fe:80:3a:c9:37:8e:19:3d:
         bc:b0:ce:f8:6b:8d:24:09:f6:62:54:db:f5:a3:74:29:b8:ac:
         5b:ba:d6:42:76:ef:b6:7a:da:eb:12:9e:02:2c:d9:9c:00:7f:
         5d:28:d4:87:d2:e4:e1:bf:55:65:cb:1e:d7:f8:7d:02:28:5f:
         f5:45:b0:d5:cb:e5:8e:95:df:d4:ff:b1:f2:23:d2:91:9b:77:
         55:75:90:6f:59:9a:56:d5:2e:ef:ab:79:4d:a4:90:3c:68:19:
         31:e1:53:6f:0a:9d:6a:05:bf:5a:2b:0d:52:34:be:a1:77:38:
         50:3f:4f:40:02:c2:b9:d6:ab:e9:0e:d9:28:41:53:94:db:fc:
         9e:ba:64:f0:0e:96:aa:6a:b0:bb:48:e1:56:d6:3e:68:e4:6b:
         39:26:f6:bd:75:de:d0:8e:c7:e5:c0:cd:2b:8a:15:4b:f5:97:
         50:ab:4f:0d
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQhserkJhB1kZMATfe+3hBfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTAxZTg1YzAwMjVjNGFlMjk1MjgwNThlMjMyZDczN2MyZjQ5NWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppABJxdPtWp1/W+Zu0dJj7cDTZMo
5hH9mCyEOyNphy6icgCDLzcXvnp2pnf7wdLHz1DTkQcMS0GsJZBTl0gcSjhVQ44b
ah0TxbdkmBFtL4nSD7rLGxvBopjC1GE509E+63BaTbFm37JoQg+OjlyR3XfJYzyE
snkRMxHQdKWTZTEdNRntx1HxZHl/8f1FRuBlZbM0vEYndD/zGuajqIMtXWBi40xl
9O5UxE+ZH9LdR45rqFb5BbF/LALdrtI9PuDCdUE3iVhpnl/WpRIuCoT19Ejjc1GB
N4m5EJhATj649wD45sXfnRQnhL8lcYwo8JpiO8D833hJtfByxS2qIdCu7wIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFEUB6FwAJcSuKVKAWOIy1zfC9JXOMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRkL2QzZThh
OC01OGVmLTQ2MzAtYmYzNS1jZWU2NDE5NTUzM2MvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGQvZDNlOGE4
LTU4ZWYtNDYzMC1iZjM1LWNlZTY0MTk1NTMzYy8xL1JRSG9YQUFseEs0cFVvQlk0
akxYTjhMMGxjNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW+ZPMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDeyzANBgkqhkiG9w0BAQsFAAOCAQEAfak5Gpro4i1NjTvJesCoQXncdrJUl/0t
/emuVimh1fFPaLM45hJ5ziFy5qNcOnorxT6QQLfZIU1K3YJTN0ps6qrUCkadr2zP
cL/1s96oysv3sP6AOsk3jhk9vLDO+GuNJAn2YlTb9aN0KbisW7rWQnbvtnra6xKe
AizZnAB/XSjUh9Lk4b9VZcse1/h9Aihf9UWw1cvljpXf1P+x8iPSkZt3VXWQb1ma
VtUu76t5TaSQPGgZMeFTbwqdagW/WisNUjS+oXc4UD9PQALCudar6Q7ZKEFTlNv8
nrpk8A6Wqmqwu0jhVtY+aORrOSb2vXXe0I7H5cDNK4oVS/WXUKtPDQ==
-----END CERTIFICATE-----