Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aqNKS6w794E80qZrT0W5x4bdNUI.cer
File:                     aqNKS6w794E80qZrT0W5x4bdNUI.cer (raw, json)
Hash identifier:          oWqqT7NhBZn9HdEwMWUyphqzXNPaWzZQTGDt/M/YBQ8=
Subject key identifier:   6A:A3:4A:4B:AC:3B:F7:81:3C:D2:A6:6B:4F:45:B9:C7:86:DD:35:42
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DAEE992CEC933663A314EE9286FF8A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8c/cc920d-8109-4119-b840-664ef0da8c30/1/aqNKS6w794E80qZrT0W5x4bdNUI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8c/cc920d-8109-4119-b840-664ef0da8c30/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:37 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 217.197.108.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ee:99:2c:ec:93:36:63:a3:14:ee:92:86:ff:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6aa34a4bac3bf7813cd2a66b4f45b9c786dd3542
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:0e:a0:74:eb:bb:61:7f:5d:77:c7:69:5d:f0:
                    f2:4c:75:4d:d3:e3:76:2e:85:c8:cf:19:85:31:d4:
                    55:06:09:35:ec:76:67:c8:ee:a9:a9:d3:58:e4:85:
                    12:df:6f:2f:8f:4b:db:44:58:11:11:5c:e0:24:fa:
                    57:16:06:e1:9a:0a:ac:ae:a8:ff:c1:7d:c0:5e:7c:
                    99:a0:d7:6a:99:61:0e:ec:b9:73:a0:9b:97:3b:c2:
                    15:df:c4:45:bf:65:0c:7d:ea:35:70:0f:ad:2f:c4:
                    d1:65:e1:22:88:db:64:19:db:23:ec:3e:81:e5:75:
                    11:e2:e9:38:a3:66:78:8b:79:7a:16:d8:29:bd:e3:
                    de:89:7d:70:ce:58:9a:d1:7b:ad:a8:b7:05:c1:bf:
                    fa:7f:4e:f7:79:fc:bd:2c:fc:12:93:3e:a0:75:df:
                    75:f8:f8:6c:fc:a0:50:cc:0e:d6:f7:eb:a9:3c:ec:
                    d8:c3:2a:b6:4d:e5:12:2a:b4:20:b2:e2:18:e3:f1:
                    69:e7:30:8c:78:a9:e2:a7:bd:06:df:71:51:57:66:
                    21:d5:d5:79:07:e4:d6:bb:7e:91:13:e5:6c:00:4c:
                    e2:5e:0c:aa:02:f2:5b:58:dc:e2:ba:92:17:17:18:
                    2f:98:21:59:4f:db:96:48:4e:1b:3a:c2:54:0f:6e:
                    a0:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:A3:4A:4B:AC:3B:F7:81:3C:D2:A6:6B:4F:45:B9:C7:86:DD:35:42
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/cc920d-8109-4119-b840-664ef0da8c30/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/cc920d-8109-4119-b840-664ef0da8c30/1/aqNKS6w794E80qZrT0W5x4bdNUI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.197.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:ed:04:cf:4b:f5:1c:8d:13:61:27:66:5b:b2:87:ca:29:ab:
         93:17:fc:85:eb:23:c5:4a:26:0d:7f:ed:d3:ac:20:2c:ab:a3:
         c1:ba:ad:49:66:fe:e5:b1:f5:5f:c5:87:8d:f9:1d:5f:fb:66:
         68:5a:aa:cd:c7:88:f4:6a:82:5c:d8:06:14:5e:69:d1:c8:1f:
         cd:f4:6a:d9:c5:bc:aa:ff:ca:8d:58:bd:2b:04:c7:67:88:c4:
         1f:38:e4:f2:97:4c:fe:2d:50:3c:22:95:eb:9f:c7:e7:8b:40:
         d0:bc:fc:be:66:2e:56:a3:65:53:ca:54:c8:d4:ac:3c:fe:ae:
         45:04:6d:b4:8d:94:14:1b:71:51:f4:8f:0f:5c:13:a6:24:aa:
         d6:54:85:28:0a:a7:10:1c:4a:16:75:1e:b4:21:62:94:86:f5:
         e6:a4:10:ab:34:34:1f:9d:60:7b:42:d6:69:31:5b:c3:5e:f9:
         83:f3:26:b4:6a:30:36:c9:bf:86:ea:17:32:e4:3f:fa:8e:dd:
         49:fb:49:cf:6f:49:e9:65:5e:03:7b:03:b0:29:bd:0b:4f:a6:
         91:d3:03:ee:bc:56:ce:7d:76:c9:99:8e:d1:96:b4:eb:fc:5a:
         a8:d3:9e:94:33:c6:d3:cc:6b:6d:02:a6:0c:d7:97:59:b8:ff:
         95:79:96:d8
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzC2u6ZLOyTNmOjFO6Shv+KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWEzNGE0YmFjM2JmNzgxM2NkMmE2NmI0ZjQ1YjljNzg2ZGQzNTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAww6gdOu7YX9dd8dpXfDyTHVN0+N2
LoXIzxmFMdRVBgk17HZnyO6pqdNY5IUS328vj0vbRFgREVzgJPpXFgbhmgqsrqj/
wX3AXnyZoNdqmWEO7LlzoJuXO8IV38RFv2UMfeo1cA+tL8TRZeEiiNtkGdsj7D6B
5XUR4uk4o2Z4i3l6FtgpvePeiX1wzlia0XutqLcFwb/6f073efy9LPwSkz6gdd91
+Phs/KBQzA7W9+upPOzYwyq2TeUSKrQgsuIY4/Fp5zCMeKnip70G33FRV2Yh1dV5
B+TWu36RE+VsAEziXgyqAvJbWNziupIXFxgvmCFZT9uWSE4bOsJUD26g7QIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFGqjSkusO/eBPNKma09FuceG3TVCMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhjL2NjOTIw
ZC04MTA5LTQxMTktYjg0MC02NjRlZjBkYThjMzAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGMvY2M5MjBk
LTgxMDktNDExOS1iODQwLTY2NGVmMGRhOGMzMC8xL2FxTktTNnc3OTRFODBxWnJU
MFc1eDRiZE5VSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQA2cVsMA0GCSqGSIb3DQEBCwUAA4IBAQA17QTP
S/UcjRNhJ2ZbsofKKauTF/yF6yPFSiYNf+3TrCAsq6PBuq1JZv7lsfVfxYeN+R1f
+2ZoWqrNx4j0aoJc2AYUXmnRyB/N9GrZxbyq/8qNWL0rBMdniMQfOOTyl0z+LVA8
IpXrn8fni0DQvPy+Zi5Wo2VTylTI1Kw8/q5FBG20jZQUG3FR9I8PXBOmJKrWVIUo
CqcQHEoWdR60IWKUhvXmpBCrNDQfnWB7QtZpMVvDXvmD8ya0ajA2yb+G6hcy5D/6
jt1J+0nPb0npZV4DewOwKb0LT6aR0wPuvFbOfXbJmY7RlrTr/Fqo056UM8bTzGtt
AqYM15dZuP+VeZbY
-----END CERTIFICATE-----