Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eci_aFCnp-KvNMwWI23QgwlODO4.cer
File:                     eci_aFCnp-KvNMwWI23QgwlODO4.cer (raw, json)
Hash identifier:          VKe09wPBEqAznxZu6PslDMM23UUlb4K+Yq5oLKxuniA=
Subject key identifier:   79:C8:BF:68:50:A7:A7:E2:AF:34:CC:16:23:6D:D0:83:09:4E:0C:EE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2A945DC46A40457CADADE4015D25BD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/aa/74fe2c-87d1-468d-a121-d1095be7c48f/1/eci_aFCnp-KvNMwWI23QgwlODO4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/aa/74fe2c-87d1-468d-a121-d1095be7c48f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:33:57 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 208742
                          IP: 45.84.248.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:94:5d:c4:6a:40:45:7c:ad:ad:e4:01:5d:25:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:33:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79c8bf6850a7a7e2af34cc16236dd083094e0cee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:db:54:da:0c:2c:71:46:b4:ca:f1:b5:88:7d:
                    47:ed:4d:e5:1b:e1:ee:84:ed:58:13:7f:07:5c:90:
                    59:54:1f:e4:f3:dc:b2:3d:6e:b0:20:e6:c7:89:20:
                    06:5a:2c:da:19:6d:91:74:c2:bc:30:4d:0d:72:30:
                    d3:b2:8c:ab:25:b8:fb:d1:85:cc:f6:ff:44:d5:db:
                    d6:9e:38:1e:6a:c9:a9:5f:6e:fb:32:3d:9d:30:77:
                    5b:ed:c9:b3:9e:0f:30:23:f3:fd:16:32:bb:b9:a4:
                    d3:64:b8:4e:42:5e:90:ec:3b:2e:f0:94:75:6a:f5:
                    1d:0f:df:01:15:2b:cf:e8:50:d6:86:91:6f:e3:ec:
                    af:c0:fa:d8:36:6c:5b:60:26:9d:78:85:7b:55:6e:
                    f7:7f:2b:d8:62:d7:b7:12:63:b2:83:91:7f:5f:29:
                    ad:95:0b:04:62:df:2e:62:ae:8a:86:11:bf:2a:61:
                    99:76:08:8f:99:4d:f4:9e:91:93:d2:26:56:e5:df:
                    0d:29:3e:aa:21:c9:4c:0a:59:74:08:d7:87:57:90:
                    16:4b:87:75:b1:3d:24:f1:4e:bc:58:94:0c:d0:6e:
                    44:30:36:9b:d3:29:14:f2:9e:c7:24:1b:19:0e:08:
                    06:1d:6e:42:7b:fd:db:17:fc:3d:72:7d:5e:a0:89:
                    0e:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:C8:BF:68:50:A7:A7:E2:AF:34:CC:16:23:6D:D0:83:09:4E:0C:EE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/74fe2c-87d1-468d-a121-d1095be7c48f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/74fe2c-87d1-468d-a121-d1095be7c48f/1/eci_aFCnp-KvNMwWI23QgwlODO4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.248.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  208742

    Signature Algorithm: sha256WithRSAEncryption
         29:26:9e:18:ba:5b:50:98:f6:c0:8d:75:6c:28:20:84:0c:bb:
         2a:b6:04:ab:92:dd:17:f2:ed:4e:17:7f:4c:eb:16:29:2f:7b:
         46:ae:c0:62:d9:77:80:e1:e1:f0:5a:8f:6d:d9:f1:ff:af:91:
         54:63:ee:fd:b8:55:f8:29:de:f2:04:d6:21:f4:f3:52:e7:91:
         64:e4:f6:83:77:ed:ba:07:83:6a:48:21:cb:c5:ef:51:98:28:
         8a:8c:1d:01:73:98:f7:94:69:af:39:a1:3f:da:fc:98:94:aa:
         68:5e:fb:59:58:ac:1b:e2:30:a1:09:17:51:00:9a:c4:59:59:
         dd:92:7b:92:b0:26:fe:18:eb:69:db:c6:ba:80:aa:60:32:2b:
         63:aa:97:d0:5e:2c:5a:b1:ca:6f:0a:78:7a:2d:a9:07:90:51:
         d1:a5:08:b2:88:8f:52:c7:4c:4e:5f:14:26:42:95:e7:8d:9c:
         2c:bc:02:7b:2f:d0:0e:e4:15:cf:08:17:d6:83:90:36:7a:5c:
         c7:31:3a:cc:48:f0:3d:87:a7:86:44:22:1a:3a:92:aa:d3:d3:
         e2:1e:33:fc:7c:47:dc:f6:8a:1c:c3:a0:ce:96:51:76:98:c2:
         59:e6:1a:b3:37:57:d6:1c:de:34:bc:11:bb:e1:8e:56:95:ad:
         af:84:f6:88
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzKKpRdxGpARXytreQBXSW9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzMzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWM4YmY2ODUwYTdhN2UyYWYzNGNjMTYyMzZkZDA4MzA5NGUwY2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9tU2gwscUa0yvG1iH1H7U3lG+Hu
hO1YE38HXJBZVB/k89yyPW6wIObHiSAGWizaGW2RdMK8ME0NcjDTsoyrJbj70YXM
9v9E1dvWnjgeasmpX277Mj2dMHdb7cmzng8wI/P9FjK7uaTTZLhOQl6Q7Dsu8JR1
avUdD98BFSvP6FDWhpFv4+yvwPrYNmxbYCadeIV7VW73fyvYYte3EmOyg5F/Xymt
lQsEYt8uYq6KhhG/KmGZdgiPmU30npGT0iZW5d8NKT6qIclMCll0CNeHV5AWS4d1
sT0k8U68WJQM0G5EMDab0ykU8p7HJBsZDggGHW5Ce/3bF/w9cn1eoIkOvwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFHnIv2hQp6firzTMFiNt0IMJTgzuMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2FhLzc0ZmUy
Yy04N2QxLTQ2OGQtYTEyMS1kMTA5NWJlN2M0OGYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWEvNzRmZTJj
LTg3ZDEtNDY4ZC1hMTIxLWQxMDk1YmU3YzQ4Zi8xL2VjaV9hRkNucC1Ldk5Nd1dJ
MjNRZ3dsT0RPNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCLVT4MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMvZjANBgkqhkiG9w0BAQsFAAOCAQEAKSaeGLpbUJj2wI11bCgghAy7KrYEq5Ld
F/LtThd/TOsWKS97Rq7AYtl3gOHh8FqPbdnx/6+RVGPu/bhV+Cne8gTWIfTzUueR
ZOT2g3ftugeDakghy8XvUZgoiowdAXOY95RprzmhP9r8mJSqaF77WVisG+IwoQkX
UQCaxFlZ3ZJ7krAm/hjradvGuoCqYDIrY6qX0F4sWrHKbwp4ei2pB5BR0aUIsoiP
UsdMTl8UJkKV542cLLwCey/QDuQVzwgX1oOQNnpcxzE6zEjwPYenhkQiGjqSqtPT
4h4z/HxH3PaKHMOgzpZRdpjCWeYaszdX1hzeNLwRu+GOVpWtr4T2iA==
-----END CERTIFICATE-----