Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ZgPtTHhFQlARbxBetpYdwp4dvGw.cer
File:                     ZgPtTHhFQlARbxBetpYdwp4dvGw.cer (raw, json)
Hash identifier:          wqDKh6OXNDX9Q7SrLBy8Y4ZkiDrXw2YY/Ipiid6gcDw=
Subject key identifier:   66:03:ED:4C:78:45:42:50:11:6F:10:5E:B6:96:1D:C2:9E:1D:BC:6C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3491583FDF645663ACC36B09689327E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/de/44d603-fbf5-459b-a0ba-d2763c007752/1/ZgPtTHhFQlARbxBetpYdwp4dvGw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/de/44d603-fbf5-459b-a0ba-d2763c007752/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:29:55 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 49266
                          IP: 91.207.216.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:15:83:fd:f6:45:66:3a:cc:36:b0:96:89:32:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6603ed4c78454250116f105eb6961dc29e1dbc6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:77:b0:3b:3b:6a:b5:21:83:6a:49:cc:86:25:
                    b2:87:6b:65:80:97:74:9f:6e:e8:ef:94:4f:33:6a:
                    d5:1b:57:31:31:55:a0:c7:53:f9:9c:09:44:7d:ac:
                    60:d2:69:23:50:94:3b:33:b3:79:2c:f8:c4:16:bf:
                    f6:1e:ca:11:15:4d:79:a8:8b:1e:08:94:88:07:e7:
                    3b:a1:4b:2b:be:3d:2b:61:f2:45:97:3d:0e:cc:71:
                    c2:64:e5:8f:2b:3a:82:15:d9:96:c0:36:58:d3:6d:
                    56:98:89:0e:5e:e3:d3:63:d3:93:92:fa:c0:7f:8f:
                    05:78:2b:98:56:9d:40:c1:16:12:43:66:ac:e9:41:
                    3b:6d:d7:2c:21:37:bd:d9:3f:ae:55:66:d5:4d:9a:
                    f5:5f:16:51:2c:78:4d:e7:c9:de:e8:bb:70:a4:29:
                    02:6d:b7:e8:f5:b6:4c:ff:34:6f:c2:95:45:cd:5c:
                    51:c5:f4:ca:da:dd:32:9d:9c:c5:c2:5b:fe:78:a3:
                    9d:fe:de:a8:e1:68:b6:59:88:ff:c4:d3:1f:6c:c3:
                    e2:2c:66:9b:05:4d:5a:e3:95:4e:c1:7d:db:8a:99:
                    8a:34:4b:88:3b:23:b8:94:8d:e4:48:d7:c4:98:b7:
                    c5:d5:46:cd:18:84:70:33:c3:c0:ca:f5:84:04:c7:
                    e1:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:03:ED:4C:78:45:42:50:11:6F:10:5E:B6:96:1D:C2:9E:1D:BC:6C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/44d603-fbf5-459b-a0ba-d2763c007752/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/44d603-fbf5-459b-a0ba-d2763c007752/1/ZgPtTHhFQlARbxBetpYdwp4dvGw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.216.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  49266

    Signature Algorithm: sha256WithRSAEncryption
         6a:c1:8f:64:f5:ab:93:5e:7f:16:87:0e:d5:fc:e8:fb:56:83:
         cd:6f:7c:8e:df:10:92:6a:ed:7f:28:c4:bd:bb:3d:e3:a2:07:
         77:64:70:4d:82:a1:6e:12:29:16:ff:a6:03:17:b7:c3:ce:d5:
         b2:18:96:ce:95:ce:84:7f:d8:ff:1a:c6:ca:71:4a:af:27:db:
         d6:8e:87:30:a5:19:a5:d5:4b:3c:28:d4:f4:8e:83:13:6c:5c:
         b6:fc:2a:0c:64:b8:75:83:30:35:9d:da:53:33:c0:1c:ce:ff:
         ff:1b:cd:5c:9f:02:a2:9c:79:4e:c1:bb:8b:54:1e:45:de:70:
         fb:18:6b:2b:e5:15:6b:4d:69:f7:fe:2a:be:17:8d:75:1d:f3:
         ed:fe:17:bd:e2:81:e2:5e:f8:23:78:46:7b:30:01:3f:4d:07:
         11:14:73:e0:f3:d9:a8:8d:5e:5a:81:1a:d9:8c:1f:ac:72:02:
         dc:21:1d:75:af:e3:55:00:1a:92:3a:69:8e:c6:62:9e:e3:2e:
         41:82:a9:0a:28:6d:cf:0e:50:04:a1:59:ae:33:36:79:a8:1f:
         ba:ec:57:bf:9e:16:73:17:cd:d5:c3:34:42:54:f3:d8:7d:62:
         6f:17:26:d5:d6:54:53:43:d9:76:06:44:25:b7:ba:f9:6e:67:
         a5:ab:bb:66
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzDSRWD/fZFZjrMNrCWiTJ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjAzZWQ0Yzc4NDU0MjUwMTE2ZjEwNWViNjk2MWRjMjllMWRiYzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHewOztqtSGDaknMhiWyh2tlgJd0
n27o75RPM2rVG1cxMVWgx1P5nAlEfaxg0mkjUJQ7M7N5LPjEFr/2HsoRFU15qIse
CJSIB+c7oUsrvj0rYfJFlz0OzHHCZOWPKzqCFdmWwDZY021WmIkOXuPTY9OTkvrA
f48FeCuYVp1AwRYSQ2as6UE7bdcsITe92T+uVWbVTZr1XxZRLHhN58ne6LtwpCkC
bbfo9bZM/zRvwpVFzVxRxfTK2t0ynZzFwlv+eKOd/t6o4Wi2WYj/xNMfbMPiLGab
BU1a45VOwX3bipmKNEuIOyO4lI3kSNfEmLfF1UbNGIRwM8PAyvWEBMfhwQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFGYD7Ux4RUJQEW8QXraWHcKeHbxsMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2RlLzQ0ZDYw
My1mYmY1LTQ1OWItYTBiYS1kMjc2M2MwMDc3NTIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGUvNDRkNjAz
LWZiZjUtNDU5Yi1hMGJhLWQyNzYzYzAwNzc1Mi8xL1pnUHRUSGhGUWxBUmJ4QmV0
cFlkd3A0ZHZHdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBW8/YMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDAcjANBgkqhkiG9w0BAQsFAAOCAQEAasGPZPWrk15/FocO1fzo+1aDzW98jt8Q
kmrtfyjEvbs946IHd2RwTYKhbhIpFv+mAxe3w87VshiWzpXOhH/Y/xrGynFKryfb
1o6HMKUZpdVLPCjU9I6DE2xctvwqDGS4dYMwNZ3aUzPAHM7//xvNXJ8Copx5TsG7
i1QeRd5w+xhrK+UVa01p9/4qvheNdR3z7f4XveKB4l74I3hGezABP00HERRz4PPZ
qI1eWoEa2YwfrHIC3CEdda/jVQAakjppjsZinuMuQYKpCihtzw5QBKFZrjM2eagf
uuxXv54WcxfN1cM0QlTz2H1ibxcm1dZUU0PZdgZEJbe6+W5npau7Zg==
-----END CERTIFICATE-----