Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aEdQ3w66d01LTWROyOM1CPj1OP4.cer
File:                     aEdQ3w66d01LTWROyOM1CPj1OP4.cer (raw, json)
Hash identifier:          j+leeCPZdVcRbynFm7v9G1mFESuv3Y9AIYDy85661GM=
Subject key identifier:   68:47:50:DF:0E:BA:77:4D:4B:4D:64:4E:C8:E3:35:08:F8:F5:38:FE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC64B5A66CF204BFA6FD46128AA710FCF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/bf/9901fe-52c1-4d5b-9e0f-d325f6863343/1/aEdQ3w66d01LTWROyOM1CPj1OP4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/bf/9901fe-52c1-4d5b-9e0f-d325f6863343/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:31:16 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 210268
                          IP: 185.229.164.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:5a:66:cf:20:4b:fa:6f:d4:61:28:aa:71:0f:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=684750df0eba774d4b4d644ec8e33508f8f538fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:c3:ca:b6:f0:b9:18:de:a9:21:b2:2a:a5:81:
                    20:1e:08:86:b2:e7:df:4c:37:03:3a:68:cb:a0:93:
                    bf:5b:36:1a:bc:f3:79:3f:bc:8e:67:e9:fd:cf:e8:
                    6c:d9:1b:da:c1:98:fc:1c:bf:51:c5:68:28:74:34:
                    29:62:ff:33:75:c4:a1:b8:27:2a:fc:64:bb:a6:c6:
                    cd:e2:5e:9e:59:97:04:a1:99:0a:8d:99:8a:7b:a5:
                    5c:3e:e4:c5:24:75:e3:b3:c7:b6:ad:f7:39:df:e6:
                    39:b1:c2:20:c1:96:b0:0f:13:62:af:b9:e8:38:64:
                    6d:6f:ea:7c:be:10:aa:ea:82:a8:e2:59:e5:1b:00:
                    47:95:9b:59:7a:d1:cd:6e:90:70:b3:8b:8c:86:ae:
                    4e:0d:3c:c1:c8:8c:0f:32:9e:2c:1f:7a:6b:3c:d1:
                    13:b6:90:3c:10:77:79:50:3d:a0:a7:9c:24:2c:90:
                    1d:d6:95:c2:29:a2:be:22:29:ee:cc:60:1a:70:6d:
                    0b:da:0f:d4:09:e9:e6:76:33:ad:9e:89:f5:86:d3:
                    17:86:6d:c7:df:37:90:f3:e6:20:21:22:0c:e1:b8:
                    73:15:99:73:ac:1d:34:94:e8:10:75:0c:6d:81:cb:
                    a1:ac:a5:6b:02:e2:2d:b8:6d:e7:88:5a:3e:71:56:
                    49:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:47:50:DF:0E:BA:77:4D:4B:4D:64:4E:C8:E3:35:08:F8:F5:38:FE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/9901fe-52c1-4d5b-9e0f-d325f6863343/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/9901fe-52c1-4d5b-9e0f-d325f6863343/1/aEdQ3w66d01LTWROyOM1CPj1OP4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.164.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210268

    Signature Algorithm: sha256WithRSAEncryption
         ad:11:0b:89:bb:7e:6e:f5:83:3e:2a:83:d5:79:1f:43:f2:ff:
         2b:62:20:6a:5e:39:a3:fc:2d:33:85:ea:a3:61:45:fd:92:58:
         a6:84:5e:a9:bd:dc:98:1a:a2:24:06:ba:13:07:69:58:95:19:
         b3:92:4e:8e:1f:8c:6c:8a:42:5d:4c:4b:e1:23:0d:e3:83:d9:
         87:8d:9f:47:a7:da:03:46:f3:c2:b3:04:3e:0a:71:5f:92:42:
         89:d5:98:7f:54:19:a6:97:02:5e:60:44:9f:56:9d:ce:c0:ff:
         c7:83:3c:22:97:56:e3:9e:19:1d:5e:5f:da:de:03:af:f5:17:
         31:64:49:f3:0d:e6:cc:db:a4:60:95:0e:6c:76:40:7e:0a:73:
         8e:95:9d:33:d3:9c:7f:4f:b3:f4:d1:9b:aa:f7:4e:0f:3b:d9:
         d3:73:e8:3c:2d:f3:fe:8c:a3:13:17:e2:43:28:76:0a:45:cf:
         ea:33:c7:38:5d:e5:c3:64:34:8b:9b:3e:b6:fb:4b:52:76:d9:
         54:a0:05:04:25:c1:b5:48:bb:44:75:7c:57:df:c8:b7:51:72:
         67:7f:5c:7b:fa:18:5b:d5:23:5a:8b:04:0d:7f:78:e4:7e:e6:
         46:77:cd:c7:47:7b:c0:df:a6:61:17:a5:54:09:20:7d:13:ef:
         4e:36:85:82
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzGS1pmzyBL+m/UYSiqcQ/PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODQ3NTBkZjBlYmE3NzRkNGI0ZDY0NGVjOGUzMzUwOGY4ZjUzOGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0MPKtvC5GN6pIbIqpYEgHgiGsuff
TDcDOmjLoJO/WzYavPN5P7yOZ+n9z+hs2RvawZj8HL9RxWgodDQpYv8zdcShuCcq
/GS7psbN4l6eWZcEoZkKjZmKe6VcPuTFJHXjs8e2rfc53+Y5scIgwZawDxNir7no
OGRtb+p8vhCq6oKo4lnlGwBHlZtZetHNbpBws4uMhq5ODTzByIwPMp4sH3prPNET
tpA8EHd5UD2gp5wkLJAd1pXCKaK+IinuzGAacG0L2g/UCenmdjOtnon1htMXhm3H
3zeQ8+YgISIM4bhzFZlzrB00lOgQdQxtgcuhrKVrAuItuG3niFo+cVZJ1QIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFGhHUN8OundNS01kTsjjNQj49Tj+MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JmLzk5MDFm
ZS01MmMxLTRkNWItOWUwZi1kMzI1ZjY4NjMzNDMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmYvOTkwMWZl
LTUyYzEtNGQ1Yi05ZTBmLWQzMjVmNjg2MzM0My8xL2FFZFEzdzY2ZDAxTFRXUk95
T00xQ1BqMU9QNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCueWkMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwM1XDANBgkqhkiG9w0BAQsFAAOCAQEArRELibt+bvWDPiqD1XkfQ/L/K2Igal45
o/wtM4Xqo2FF/ZJYpoReqb3cmBqiJAa6EwdpWJUZs5JOjh+MbIpCXUxL4SMN44PZ
h42fR6faA0bzwrMEPgpxX5JCidWYf1QZppcCXmBEn1adzsD/x4M8IpdW454ZHV5f
2t4Dr/UXMWRJ8w3mzNukYJUObHZAfgpzjpWdM9Ocf0+z9NGbqvdODzvZ03PoPC3z
/oyjExfiQyh2CkXP6jPHOF3lw2Q0i5s+tvtLUnbZVKAFBCXBtUi7RHV8V9/It1Fy
Z39ce/oYW9UjWosEDX945H7mRnfNx0d7wN+mYRelVAkgfRPvTjaFgg==
-----END CERTIFICATE-----