Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ZZbw3BZbfNIJAispZINMRedNISw.cer
File:                     ZZbw3BZbfNIJAispZINMRedNISw.cer (raw, json)
Hash identifier:          qNaLOpOVRJgnGUXUWQYftUzTdmHA4g3YhQlR40Ub0b4=
Subject key identifier:   65:96:F0:DC:16:5B:7C:D2:09:02:2B:29:64:83:4C:45:E7:4D:21:2C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC4923E6D2504C9113A87F6EE9FD302A0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e4/9904b3-8ca0-4946-8766-2d13cf9b45c0/1/ZZbw3BZbfNIJAispZINMRedNISw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e4/9904b3-8ca0-4946-8766-2d13cf9b45c0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 10:29:27 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 198569
                          IP: 37.152.160.0/20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:3e:6d:25:04:c9:11:3a:87:f6:ee:9f:d3:02:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 10:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6596f0dc165b7cd209022b2964834c45e74d212c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:7d:cf:ac:6c:75:c5:52:f4:08:16:26:ee:23:
                    a7:cf:da:ab:6f:18:94:76:c5:96:e5:5a:5c:ba:1b:
                    d7:42:d8:c6:1f:de:f2:f9:ad:b5:19:90:45:69:42:
                    c4:56:0d:5e:5b:14:f0:50:98:df:ee:b2:5b:ae:59:
                    ca:80:a2:b3:b7:85:58:44:d2:3b:9c:1e:46:d3:ec:
                    0a:2c:20:a9:01:56:6e:9f:18:57:e0:00:8f:f6:24:
                    fe:b8:25:b0:78:71:6d:ac:d0:81:2e:a4:1e:87:02:
                    81:cf:ee:ae:9f:c5:d3:55:b2:e9:b5:dc:f8:77:37:
                    4a:a8:f5:89:cf:7b:1a:ce:01:b1:55:5b:12:7c:42:
                    1b:37:f7:f7:84:51:fb:69:3a:21:63:de:38:8b:86:
                    2e:e2:84:8a:f1:d9:2d:ff:d1:36:c2:23:81:56:81:
                    6b:99:20:0b:f9:8d:0c:9d:1b:64:f0:68:7d:7f:97:
                    08:3a:5b:03:2f:de:09:01:14:b2:8e:79:29:7c:65:
                    c4:e0:fb:f3:0b:04:70:a5:b0:06:79:86:92:2a:60:
                    c9:08:2c:c4:b5:6c:94:f7:65:55:a9:9a:d3:1d:5d:
                    31:f6:d0:d3:22:f7:bd:36:57:c0:7f:12:a7:35:8d:
                    e3:a3:55:f5:cd:7d:54:4d:94:1b:0b:f3:d9:53:7d:
                    e2:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:96:F0:DC:16:5B:7C:D2:09:02:2B:29:64:83:4C:45:E7:4D:21:2C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/9904b3-8ca0-4946-8766-2d13cf9b45c0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/9904b3-8ca0-4946-8766-2d13cf9b45c0/1/ZZbw3BZbfNIJAispZINMRedNISw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.152.160.0/20

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198569

    Signature Algorithm: sha256WithRSAEncryption
         7e:61:e2:f9:fb:05:70:36:7d:c1:04:d3:e0:ac:65:03:e6:0d:
         32:6f:7a:0d:4c:cb:24:df:7d:03:70:29:f8:85:0c:e6:3a:56:
         1f:51:bd:0b:9f:e4:4c:68:ed:0b:e3:67:5e:6c:0e:bc:0b:70:
         3b:19:a3:27:50:66:b9:9c:27:74:a4:e2:3e:38:7d:b6:20:da:
         1d:d4:f8:68:ed:19:ed:7b:73:e2:ec:f7:61:73:9b:22:20:a5:
         29:a5:fc:05:fb:ad:d2:25:2a:a5:e2:7f:a6:4f:6b:31:47:2c:
         13:7e:21:47:20:01:4f:2b:3e:ad:4b:eb:85:c2:1a:78:50:46:
         da:f4:9e:80:79:3f:4b:af:5f:ab:2a:0a:cc:2a:b1:ad:0d:29:
         26:13:9a:79:40:71:82:9d:f9:a2:75:48:71:16:19:70:e9:9a:
         41:e6:ca:fd:f5:7e:50:62:b5:5e:29:15:41:9c:4b:38:10:62:
         ab:f1:f1:7a:9f:af:d8:3b:cc:07:60:4b:fb:f8:07:99:50:26:
         24:10:72:4e:2d:22:9c:74:a4:9b:c1:38:92:62:81:55:14:d8:
         1e:db:cc:76:e9:4a:dd:32:fd:7f:92:df:4d:b9:47:5e:d2:c4:
         e5:e0:47:4a:8a:09:12:71:84:22:73:aa:07:80:7c:c6:d4:34:
         0e:5f:78:bd
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzEkj5tJQTJETqH9u6f0wKgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTk2ZjBkYzE2NWI3Y2QyMDkwMjJiMjk2NDgzNGM0NWU3NGQyMTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApn3PrGx1xVL0CBYm7iOnz9qrbxiU
dsWW5VpcuhvXQtjGH97y+a21GZBFaULEVg1eWxTwUJjf7rJbrlnKgKKzt4VYRNI7
nB5G0+wKLCCpAVZunxhX4ACP9iT+uCWweHFtrNCBLqQehwKBz+6un8XTVbLptdz4
dzdKqPWJz3sazgGxVVsSfEIbN/f3hFH7aTohY944i4Yu4oSK8dkt/9E2wiOBVoFr
mSAL+Y0MnRtk8Gh9f5cIOlsDL94JARSyjnkpfGXE4PvzCwRwpbAGeYaSKmDJCCzE
tWyU92VVqZrTHV0x9tDTIve9NlfAfxKnNY3jo1X1zX1UTZQbC/PZU33i+QIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFGWW8NwWW3zSCQIrKWSDTEXnTSEsMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U0Lzk5MDRi
My04Y2EwLTQ5NDYtODc2Ni0yZDEzY2Y5YjQ1YzAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTQvOTkwNGIz
LThjYTAtNDk0Ni04NzY2LTJkMTNjZjliNDVjMC8xL1paYnczQlpiZk5JSkFpc3Ba
SU5NUmVkTklTdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQEJZigMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMHqTANBgkqhkiG9w0BAQsFAAOCAQEAfmHi+fsFcDZ9wQTT4KxlA+YNMm96DUzL
JN99A3Ap+IUM5jpWH1G9C5/kTGjtC+NnXmwOvAtwOxmjJ1BmuZwndKTiPjh9tiDa
HdT4aO0Z7Xtz4uz3YXObIiClKaX8Bfut0iUqpeJ/pk9rMUcsE34hRyABTys+rUvr
hcIaeFBG2vSegHk/S69fqyoKzCqxrQ0pJhOaeUBxgp35onVIcRYZcOmaQebK/fV+
UGK1XikVQZxLOBBiq/Hxep+v2DvMB2BL+/gHmVAmJBByTi0inHSkm8E4kmKBVRTY
HtvMdulK3TL9f5LfTblHXtLE5eBHSooJEnGEInOqB4B8xtQ0Dl94vQ==
-----END CERTIFICATE-----