Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/S-kZqE4aIp94nZOdGqpxKk08OZ0.cer
File:                     S-kZqE4aIp94nZOdGqpxKk08OZ0.cer (raw, json)
Hash identifier:          GXExjsUYnVMiI6q4C5BfFTBsQ+TVc5SiaJ1ZxqpryiQ=
Subject key identifier:   4B:E9:19:A8:4E:1A:22:9F:78:9D:93:9D:1A:AA:71:2A:4D:3C:39:9D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018FDDA9D4C8D335636A372352EA62D77449
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d1/367748-885c-4621-b44c-1195fe050de1/1/S-kZqE4aIp94nZOdGqpxKk08OZ0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d1/367748-885c-4621-b44c-1195fe050de1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 03 Jun 2024 10:34:05 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 198746
                          IP: 91.238.254.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:dd:a9:d4:c8:d3:35:63:6a:37:23:52:ea:62:d7:74:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jun  3 10:34:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4be919a84e1a229f789d939d1aaa712a4d3c399d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e4:0e:03:8b:ba:b8:06:71:41:b5:f2:87:40:
                    d2:a9:7e:d9:94:f7:cc:1e:44:31:c4:94:14:9e:37:
                    94:6d:21:f7:ea:6c:92:1d:07:cc:ae:57:c1:7e:d9:
                    7f:4f:10:1e:2b:33:ea:b6:92:17:f8:d9:31:d5:43:
                    42:dc:d8:fe:b1:ae:8c:36:18:a6:a3:3b:84:19:5c:
                    c7:00:2d:53:57:6c:a5:91:f7:fb:16:d6:e5:54:ed:
                    b8:2b:64:dc:c6:3e:78:57:d1:5f:a1:cf:89:92:f1:
                    6d:59:60:bc:9a:4e:4a:74:c4:6b:c5:2d:79:b4:99:
                    b3:54:36:b9:65:13:c8:84:38:39:ec:84:02:1f:ca:
                    df:e1:9a:33:81:7e:5a:53:e3:d6:f0:cb:4a:62:d3:
                    31:28:37:80:6c:68:33:7e:53:94:cc:07:b8:6b:2a:
                    17:de:50:7e:76:32:fb:25:7a:fd:ea:ff:5d:27:d5:
                    91:2d:2d:92:7c:42:75:cc:e9:38:8d:cf:0f:fd:b7:
                    dc:49:e6:ab:ed:2f:a5:83:02:d7:51:6c:ea:16:a5:
                    ef:55:ed:45:8b:a9:34:95:f8:6c:6b:79:91:c0:4f:
                    f3:df:7e:c0:a0:d6:25:8f:65:6c:26:04:5b:10:6b:
                    78:0b:2d:b9:91:b3:32:a8:e1:d6:33:bf:ee:85:7c:
                    ae:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:E9:19:A8:4E:1A:22:9F:78:9D:93:9D:1A:AA:71:2A:4D:3C:39:9D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/367748-885c-4621-b44c-1195fe050de1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/367748-885c-4621-b44c-1195fe050de1/1/S-kZqE4aIp94nZOdGqpxKk08OZ0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.254.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198746

    Signature Algorithm: sha256WithRSAEncryption
         97:4c:58:e2:dd:e7:01:bd:23:ee:ee:66:97:ec:42:60:3e:cc:
         7e:9e:44:d1:5e:7e:a3:b2:8a:e1:ab:be:17:43:32:ca:ca:51:
         7f:e8:7a:92:68:d3:6d:3e:0b:7e:c4:1e:33:7c:67:3c:36:a1:
         70:f9:30:36:82:83:ce:29:3d:03:7f:f2:60:ee:b1:2f:9d:6b:
         75:b2:fd:39:4e:dc:69:79:e3:9a:73:13:92:d0:32:32:3f:71:
         8c:8e:30:d9:61:5b:d1:fc:b9:03:49:2a:7e:18:74:5b:51:9f:
         52:b7:0a:f7:16:69:b9:cc:8c:a8:18:e8:50:5e:6a:32:ad:3d:
         ba:fd:73:be:32:a6:39:ff:88:97:4b:ce:57:67:a8:3d:aa:7b:
         0c:a3:ff:46:63:b3:15:a6:3a:81:66:ca:c1:3f:90:92:05:d4:
         07:8b:2b:46:9e:b5:7c:0c:3c:e7:02:c4:53:09:60:08:1e:e6:
         1d:d3:fe:a4:d3:13:d5:2d:9e:47:f3:4b:4c:f0:06:55:cb:12:
         5f:96:59:54:74:d9:07:68:24:79:fa:e6:0a:1b:65:fb:4f:fb:
         08:0a:92:67:e6:79:b1:ab:f3:87:7c:e1:5e:d9:39:34:1e:1f:
         9a:f5:23:ec:c5:2b:41:ce:26:6a:ea:e8:44:6a:61:6a:7c:6e:
         be:00:d6:9d
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAY/dqdTI0zVjajcjUupi13RJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNjAzMTAzNDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmU5MTlhODRlMWEyMjlmNzg5ZDkzOWQxYWFhNzEyYTRkM2MzOTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+QOA4u6uAZxQbXyh0DSqX7ZlPfM
HkQxxJQUnjeUbSH36mySHQfMrlfBftl/TxAeKzPqtpIX+Nkx1UNC3Nj+sa6MNhim
ozuEGVzHAC1TV2ylkff7FtblVO24K2Tcxj54V9Ffoc+JkvFtWWC8mk5KdMRrxS15
tJmzVDa5ZRPIhDg57IQCH8rf4ZozgX5aU+PW8MtKYtMxKDeAbGgzflOUzAe4ayoX
3lB+djL7JXr96v9dJ9WRLS2SfEJ1zOk4jc8P/bfcSear7S+lgwLXUWzqFqXvVe1F
i6k0lfhsa3mRwE/z337AoNYlj2VsJgRbEGt4Cy25kbMyqOHWM7/uhXyuAwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFEvpGahOGiKfeJ2TnRqqcSpNPDmdMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2QxLzM2Nzc0
OC04ODVjLTQ2MjEtYjQ0Yy0xMTk1ZmUwNTBkZTEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDEvMzY3NzQ4
LTg4NWMtNDYyMS1iNDRjLTExOTVmZTA1MGRlMS8xL1Mta1pxRTRhSXA5NG5aT2RH
cXB4S2swOE9aMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW+7+MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMIWjANBgkqhkiG9w0BAQsFAAOCAQEAl0xY4t3nAb0j7u5ml+xCYD7Mfp5E0V5+
o7KK4au+F0MyyspRf+h6kmjTbT4LfsQeM3xnPDahcPkwNoKDzik9A3/yYO6xL51r
dbL9OU7caXnjmnMTktAyMj9xjI4w2WFb0fy5A0kqfhh0W1GfUrcK9xZpucyMqBjo
UF5qMq09uv1zvjKmOf+Il0vOV2eoPap7DKP/RmOzFaY6gWbKwT+QkgXUB4srRp61
fAw85wLEUwlgCB7mHdP+pNMT1S2eR/NLTPAGVcsSX5ZZVHTZB2gkefrmChtl+0/7
CAqSZ+Z5savzh3zhXtk5NB4fmvUj7MUrQc4mauroRGphanxuvgDWnQ==
-----END CERTIFICATE-----