Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/RzLQ_Og_tnOCzqzjdWyLE8CpXJg.cer
File:                     RzLQ_Og_tnOCzqzjdWyLE8CpXJg.cer (raw, json)
Hash identifier:          JrWGJI7W0DZV0CUSe4SKlc38WA4qdmOemfCbEdm78iM=
Subject key identifier:   47:32:D0:FC:E8:3F:B6:73:82:CE:AC:E3:75:6C:8B:13:C0:A9:5C:98
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC72745057B8C326393B0D105E0EB91E6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/91/dcacd2-d780-46f7-a5b6-79cc7a14bf9a/1/RzLQ_Og_tnOCzqzjdWyLE8CpXJg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/91/dcacd2-d780-46f7-a5b6-79cc7a14bf9a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 22:31:28 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 213193
                          IP: 88.218.156.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:45:05:7b:8c:32:63:93:b0:d1:05:e0:eb:91:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4732d0fce83fb67382ceace3756c8b13c0a95c98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:5f:ca:8a:c1:5b:c7:ef:48:26:c6:7b:0f:3e:
                    2a:13:08:6f:5c:0e:b7:85:12:04:c2:22:01:87:ff:
                    c9:39:db:53:d7:4a:16:38:39:86:c1:f9:39:fa:2d:
                    66:01:a6:7a:43:9e:e1:a3:73:50:8c:f0:61:0d:ba:
                    a4:e5:08:61:95:5e:89:8e:82:f9:84:b8:c0:d6:f4:
                    fa:5d:dc:6d:7b:3e:a3:56:aa:0a:5f:60:38:a1:0c:
                    56:df:77:59:0c:b6:d6:f2:fa:09:6b:8b:eb:6e:03:
                    b7:a5:a4:f0:97:7a:44:d4:c1:15:24:ad:67:1a:f8:
                    c3:3d:7c:ba:29:1a:50:45:47:43:aa:97:ee:2a:67:
                    02:80:77:dc:a9:62:e1:78:90:01:ea:4a:ae:b9:91:
                    c8:c4:d2:08:4d:c9:8a:ad:e5:9e:1d:f5:1a:e2:dc:
                    0c:4e:df:01:c3:19:a7:57:97:25:c5:6f:cd:72:31:
                    da:41:57:e7:f6:87:57:8a:4a:f2:8f:7c:35:bb:c6:
                    4b:7e:0c:63:76:e9:49:66:ae:d7:a7:d9:da:04:15:
                    8c:ae:11:70:5e:d3:34:d9:3a:5d:75:cb:f8:9b:82:
                    61:37:39:69:02:f1:82:bd:92:9b:46:d4:c8:72:d6:
                    4b:03:f7:cd:bc:c3:c8:8c:ef:a8:a1:3c:95:55:97:
                    f9:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:32:D0:FC:E8:3F:B6:73:82:CE:AC:E3:75:6C:8B:13:C0:A9:5C:98
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/dcacd2-d780-46f7-a5b6-79cc7a14bf9a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/dcacd2-d780-46f7-a5b6-79cc7a14bf9a/1/RzLQ_Og_tnOCzqzjdWyLE8CpXJg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.156.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213193

    Signature Algorithm: sha256WithRSAEncryption
         a1:ee:4b:fa:bc:47:c1:1b:3b:0d:d5:33:59:e8:eb:f8:c8:cc:
         d4:e1:ce:47:e4:db:3c:1e:ba:93:dc:9a:88:1c:92:7a:9a:54:
         b8:f6:06:12:8c:11:55:88:53:2f:aa:87:18:c9:53:62:89:69:
         39:88:70:f3:98:0a:55:d7:73:6e:62:8e:c8:c7:2d:87:77:e2:
         83:8c:b0:ba:57:99:b5:2d:3b:b5:71:c4:6b:b6:a7:c0:2d:65:
         f6:2f:ef:1e:d0:7c:33:29:54:96:7e:59:37:c0:14:5a:2e:75:
         8b:40:20:cb:50:86:e5:c9:81:1b:92:cb:f3:51:37:b6:49:3a:
         4e:fe:59:94:07:32:65:07:c9:d4:c4:52:e2:b0:b3:99:62:a2:
         db:78:b2:f7:ad:cc:99:5b:f5:95:bc:a6:26:f6:8b:1f:a4:0e:
         14:e1:f8:d1:fc:9a:4a:76:4e:35:89:d1:49:18:42:45:55:0c:
         9b:e4:23:79:84:aa:b8:c1:a6:1b:89:72:7f:e2:2b:0e:97:37:
         e5:2b:b8:00:ee:15:4a:e7:da:7c:79:9f:ff:28:35:ae:d8:34:
         6c:f3:63:0f:1b:01:b9:63:5c:27:1a:f5:49:1a:e3:6a:83:f4:
         a1:d2:35:8a:90:be:53:07:55:e1:3b:1d:4c:5d:1c:9b:01:76:
         bf:04:52:ef
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzHJ0UFe4wyY5Ow0QXg65HmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjIzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzMyZDBmY2U4M2ZiNjczODJjZWFjZTM3NTZjOGIxM2MwYTk1Yzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApl/KisFbx+9IJsZ7Dz4qEwhvXA63
hRIEwiIBh//JOdtT10oWODmGwfk5+i1mAaZ6Q57ho3NQjPBhDbqk5QhhlV6JjoL5
hLjA1vT6Xdxtez6jVqoKX2A4oQxW33dZDLbW8voJa4vrbgO3paTwl3pE1MEVJK1n
GvjDPXy6KRpQRUdDqpfuKmcCgHfcqWLheJAB6kquuZHIxNIITcmKreWeHfUa4twM
Tt8BwxmnV5clxW/NcjHaQVfn9odXikryj3w1u8ZLfgxjdulJZq7Xp9naBBWMrhFw
XtM02Tpddcv4m4JhNzlpAvGCvZKbRtTIctZLA/fNvMPIjO+ooTyVVZf5WQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFEcy0PzoP7Zzgs6s43VsixPAqVyYMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkxL2RjYWNk
Mi1kNzgwLTQ2ZjctYTViNi03OWNjN2ExNGJmOWEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTEvZGNhY2Qy
LWQ3ODAtNDZmNy1hNWI2LTc5Y2M3YTE0YmY5YS8xL1J6TFFfT2dfdG5PQ3pxempk
V3lMRThDcFhKZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCWNqcMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwNAyTANBgkqhkiG9w0BAQsFAAOCAQEAoe5L+rxHwRs7DdUzWejr+MjM1OHOR+Tb
PB66k9yaiBySeppUuPYGEowRVYhTL6qHGMlTYolpOYhw85gKVddzbmKOyMcth3fi
g4ywuleZtS07tXHEa7anwC1l9i/vHtB8MylUln5ZN8AUWi51i0Agy1CG5cmBG5LL
81E3tkk6Tv5ZlAcyZQfJ1MRS4rCzmWKi23iy963MmVv1lbymJvaLH6QOFOH40fya
SnZONYnRSRhCRVUMm+QjeYSquMGmG4lyf+IrDpc35Su4AO4VSufafHmf/yg1rtg0
bPNjDxsBuWNcJxr1SRrjaoP0odI1ipC+UwdV4TsdTF0cmwF2vwRS7w==
-----END CERTIFICATE-----