Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ZGHiGIOECxNlwzhXExO30yqtnFc.cer
File:                     ZGHiGIOECxNlwzhXExO30yqtnFc.cer (raw, json)
Hash identifier:          oxR0vcSidSamXcC1lXSiLzBkuqfKjlpPeFaq5LtibGE=
Subject key identifier:   64:61:E2:18:83:84:0B:13:65:C3:38:57:13:13:B7:D3:2A:AD:9C:57
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC7949D15B501AFD0B29C56EF6B2E8A60
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6a/d201dd-47dd-4c4e-a42c-1c1b974ffafc/1/ZGHiGIOECxNlwzhXExO30yqtnFc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6a/d201dd-47dd-4c4e-a42c-1c1b974ffafc/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:30:54 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 199014
                          IP: 91.240.179.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:9d:15:b5:01:af:d0:b2:9c:56:ef:6b:2e:8a:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6461e21883840b1365c338571313b7d32aad9c57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:d6:25:b2:0e:cb:e7:a4:71:1b:9d:17:8a:04:
                    f8:0b:f8:9b:b5:23:82:8b:cc:b2:15:97:17:c7:4c:
                    99:3a:a8:c7:f5:cc:7a:c7:e7:a3:e2:a1:78:a1:e5:
                    e7:f4:20:5c:dc:03:03:cf:a4:0e:14:d6:1f:bc:3f:
                    4f:64:e1:8d:07:44:fd:8e:f7:68:e6:a2:b4:24:d6:
                    5a:62:ec:ed:8f:fb:e9:97:c9:64:7f:f3:cb:df:89:
                    24:1a:8d:88:f6:f9:d6:71:5b:59:89:82:5e:cc:72:
                    7b:91:c2:56:7b:dc:6b:9d:eb:75:bc:53:2f:e7:b7:
                    42:31:c3:f9:dd:63:89:82:42:e1:30:9d:f0:77:5b:
                    a2:6d:be:1e:cf:dc:9b:69:44:70:62:ee:de:1a:e5:
                    77:80:f5:b7:ca:74:1d:b6:3c:63:c6:f2:88:ae:75:
                    bb:3c:58:dd:22:c9:cb:47:1d:71:98:f8:95:b7:06:
                    2e:65:4f:e7:31:0d:69:71:d5:43:96:f0:22:8f:e2:
                    a6:29:a7:24:b3:7a:63:ea:5f:f5:82:dd:7c:39:c9:
                    64:53:04:cf:7f:b5:ee:91:ed:46:c1:fc:33:d4:c1:
                    d6:f8:b7:70:6f:d5:3b:11:08:bc:39:03:f6:2c:60:
                    45:63:1f:7a:e6:17:d2:aa:de:ff:70:d1:5b:a7:b1:
                    90:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:61:E2:18:83:84:0B:13:65:C3:38:57:13:13:B7:D3:2A:AD:9C:57
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/d201dd-47dd-4c4e-a42c-1c1b974ffafc/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/d201dd-47dd-4c4e-a42c-1c1b974ffafc/1/ZGHiGIOECxNlwzhXExO30yqtnFc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.179.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  199014

    Signature Algorithm: sha256WithRSAEncryption
         2e:34:ba:ac:48:d5:80:8c:e2:13:41:9a:22:e7:76:3f:65:fd:
         19:86:5c:73:d7:9d:d9:15:a2:e8:3f:79:62:24:a6:c5:62:04:
         dd:20:5b:83:06:cf:ce:49:85:bb:31:43:36:62:26:c2:2f:f2:
         24:5a:00:50:bf:e1:98:c2:e7:69:08:99:f1:bf:31:bd:2c:2c:
         d5:0c:75:78:d4:20:51:fb:c1:ff:2c:e3:08:14:11:5a:f4:f4:
         8a:b3:1a:4d:73:4a:10:ed:b1:bf:a7:6d:c7:29:ef:09:d2:d1:
         7c:e5:de:b4:cb:23:72:6a:52:01:ba:97:76:7e:ee:15:bc:e4:
         d8:4c:d5:25:f8:aa:08:da:62:a9:99:15:3f:85:74:12:51:49:
         80:b9:ad:76:9a:1c:d1:d3:08:c6:0d:5a:02:4d:15:77:68:59:
         1c:45:c9:9a:1d:f3:a4:4e:2e:b2:49:f5:77:dd:03:d3:81:78:
         c8:1c:77:6d:69:5d:86:01:4f:e4:c9:05:e4:95:d1:56:f3:9d:
         9c:b0:a5:a7:d5:07:f5:1d:b3:3b:95:ee:99:7c:d1:a9:3c:a3:
         18:3f:e0:7b:cf:34:8f:d7:72:43:3d:f8:70:6b:6b:8b:c4:e1:
         b1:76:67:d8:35:c3:f4:17:d9:d8:6e:d1:b5:9c:8d:06:34:40:
         15:d2:3c:cb
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzHlJ0VtQGv0LKcVu9rLopgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDYxZTIxODgzODQwYjEzNjVjMzM4NTcxMzEzYjdkMzJhYWQ5YzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9Ylsg7L56RxG50XigT4C/ibtSOC
i8yyFZcXx0yZOqjH9cx6x+ej4qF4oeXn9CBc3AMDz6QOFNYfvD9PZOGNB0T9jvdo
5qK0JNZaYuztj/vpl8lkf/PL34kkGo2I9vnWcVtZiYJezHJ7kcJWe9xrnet1vFMv
57dCMcP53WOJgkLhMJ3wd1uibb4ez9ybaURwYu7eGuV3gPW3ynQdtjxjxvKIrnW7
PFjdIsnLRx1xmPiVtwYuZU/nMQ1pcdVDlvAij+KmKacks3pj6l/1gt18OclkUwTP
f7Xuke1Gwfwz1MHW+Ldwb9U7EQi8OQP2LGBFYx965hfSqt7/cNFbp7GQFwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFGRh4hiDhAsTZcM4VxMTt9MqrZxXMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZhL2QyMDFk
ZC00N2RkLTRjNGUtYTQyYy0xYzFiOTc0ZmZhZmMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmEvZDIwMWRk
LTQ3ZGQtNGM0ZS1hNDJjLTFjMWI5NzRmZmFmYy8xL1pHSGlHSU9FQ3hObHd6aFhF
eE8zMHlxdG5GYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW/CzMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMJZjANBgkqhkiG9w0BAQsFAAOCAQEALjS6rEjVgIziE0GaIud2P2X9GYZcc9ed
2RWi6D95YiSmxWIE3SBbgwbPzkmFuzFDNmImwi/yJFoAUL/hmMLnaQiZ8b8xvSws
1Qx1eNQgUfvB/yzjCBQRWvT0irMaTXNKEO2xv6dtxynvCdLRfOXetMsjcmpSAbqX
dn7uFbzk2EzVJfiqCNpiqZkVP4V0ElFJgLmtdpoc0dMIxg1aAk0Vd2hZHEXJmh3z
pE4uskn1d90D04F4yBx3bWldhgFP5MkF5JXRVvOdnLClp9UH9R2zO5XumXzRqTyj
GD/ge880j9dyQz34cGtri8ThsXZn2DXD9BfZ2G7RtZyNBjRAFdI8yw==
-----END CERTIFICATE-----