Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/epJLjlyQurMK5Ys1ZN2qF837EIU.cer
File:                     epJLjlyQurMK5Ys1ZN2qF837EIU.cer (raw, json)
Hash identifier:          0RPleOYKhMnWIl1dXzMgScFx54/tYCP0JOe1B0m02PI=
Subject key identifier:   7A:92:4B:8E:5C:90:BA:B3:0A:E5:8B:35:64:DD:AA:17:CD:FB:10:85
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC794CB86FD7571EF4F85B1A5206999D6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/55/7a9279-69f5-4a09-8cae-edb30b02b5ba/1/epJLjlyQurMK5Ys1ZN2qF837EIU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/55/7a9279-69f5-4a09-8cae-edb30b02b5ba/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:31:06 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 197604
                          IP: 91.230.230.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:cb:86:fd:75:71:ef:4f:85:b1:a5:20:69:99:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a924b8e5c90bab30ae58b3564ddaa17cdfb1085
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:01:6a:69:f5:c3:b9:43:2a:30:26:7b:f9:ef:
                    f9:fd:6e:2e:a2:2f:65:55:e9:75:ab:88:5a:00:c6:
                    7d:11:00:01:cf:40:40:6e:e5:d9:8c:07:d9:2e:df:
                    af:ce:bb:72:6c:be:9e:d9:6b:66:c2:7f:83:ad:cb:
                    83:a7:3b:46:30:89:8b:6f:71:c3:40:4e:a9:4b:6e:
                    7f:c3:24:4b:13:83:9d:a6:1c:65:36:48:68:be:ae:
                    7e:2d:95:e0:70:7c:5c:e9:3e:ad:cf:ba:2d:f4:ee:
                    56:93:c1:53:46:5f:00:86:21:dc:f1:27:9d:7b:82:
                    9e:11:6b:8f:50:3f:56:38:37:d4:e8:10:fb:56:bc:
                    95:94:c1:e6:5d:50:cc:51:e0:bd:ff:45:a0:47:57:
                    ae:88:f1:6f:4b:35:e2:c5:0c:f4:11:91:d0:88:68:
                    3b:7e:75:b8:02:47:9d:45:c1:7f:df:9e:2d:32:0d:
                    bb:b2:1d:e8:24:ec:82:18:20:57:ef:7f:36:f7:de:
                    ed:22:8c:bd:b3:a5:d2:bd:63:69:a5:20:a3:af:13:
                    7f:a3:6f:74:6a:df:11:ce:1b:6f:eb:05:17:09:98:
                    c8:f6:99:aa:31:ae:b2:46:e1:b4:34:ae:3f:1b:b5:
                    80:f7:24:83:3a:30:75:14:9c:99:39:f5:ef:05:62:
                    29:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:92:4B:8E:5C:90:BA:B3:0A:E5:8B:35:64:DD:AA:17:CD:FB:10:85
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/7a9279-69f5-4a09-8cae-edb30b02b5ba/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/7a9279-69f5-4a09-8cae-edb30b02b5ba/1/epJLjlyQurMK5Ys1ZN2qF837EIU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.230.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  197604

    Signature Algorithm: sha256WithRSAEncryption
         90:0a:0d:ee:a3:1a:b7:1d:cf:ab:7a:a2:9a:b6:a2:64:3b:cc:
         a4:ed:1b:21:76:28:6d:54:c8:f7:e9:c2:20:6c:56:91:56:e8:
         7b:19:fe:fb:18:d4:d0:3b:63:01:8a:79:0e:4b:24:08:04:9d:
         60:f3:59:2e:fd:16:d1:83:5e:0a:3b:63:5a:58:67:66:95:fc:
         db:6a:d6:78:72:09:76:dc:29:01:82:bb:5f:d1:9c:c3:82:01:
         5e:c0:88:91:b8:45:d1:51:d0:60:09:6b:d4:5b:67:84:11:ef:
         be:78:78:c1:84:f9:ba:fe:f0:62:b0:11:2c:07:26:72:95:e5:
         71:2e:6c:0d:12:a1:63:42:f5:00:ef:98:70:7d:03:a9:5e:d8:
         68:05:b8:04:50:e0:dc:ca:e2:9a:4f:fe:83:07:6f:f8:a9:95:
         3a:16:44:44:51:2d:fe:f2:4f:5f:95:b9:c9:73:2d:51:9c:b8:
         35:ab:aa:0c:00:9c:36:87:2f:43:b9:c8:87:9c:36:ea:73:03:
         b8:92:53:18:00:53:a4:a1:83:d1:af:39:65:62:55:1c:8e:7a:
         86:d1:d8:36:9d:b9:d0:6f:ce:e0:98:5b:99:1e:4d:b5:aa:7b:
         96:a2:bf:64:f4:97:ff:94:68:8e:e3:cb:95:b6:7b:32:fc:6b:
         39:f3:8f:ec
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzHlMuG/XVx70+FsaUgaZnWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTkyNGI4ZTVjOTBiYWIzMGFlNThiMzU2NGRkYWExN2NkZmIxMDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngFqafXDuUMqMCZ7+e/5/W4uoi9l
Vel1q4haAMZ9EQABz0BAbuXZjAfZLt+vzrtybL6e2Wtmwn+DrcuDpztGMImLb3HD
QE6pS25/wyRLE4OdphxlNkhovq5+LZXgcHxc6T6tz7ot9O5Wk8FTRl8AhiHc8Sed
e4KeEWuPUD9WODfU6BD7VryVlMHmXVDMUeC9/0WgR1euiPFvSzXixQz0EZHQiGg7
fnW4AkedRcF/354tMg27sh3oJOyCGCBX7382997tIoy9s6XSvWNppSCjrxN/o290
at8Rzhtv6wUXCZjI9pmqMa6yRuG0NK4/G7WA9ySDOjB1FJyZOfXvBWIpyQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFHqSS45ckLqzCuWLNWTdqhfN+xCFMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU1LzdhOTI3
OS02OWY1LTRhMDktOGNhZS1lZGIzMGIwMmI1YmEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTUvN2E5Mjc5
LTY5ZjUtNGEwOS04Y2FlLWVkYjMwYjAyYjViYS8xL2VwSkxqbHlRdXJNSzVZczFa
TjJxRjgzN0VJVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW+bmMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMD5DANBgkqhkiG9w0BAQsFAAOCAQEAkAoN7qMatx3Pq3qimraiZDvMpO0bIXYo
bVTI9+nCIGxWkVboexn++xjU0DtjAYp5DkskCASdYPNZLv0W0YNeCjtjWlhnZpX8
22rWeHIJdtwpAYK7X9Gcw4IBXsCIkbhF0VHQYAlr1FtnhBHvvnh4wYT5uv7wYrAR
LAcmcpXlcS5sDRKhY0L1AO+YcH0DqV7YaAW4BFDg3Mrimk/+gwdv+KmVOhZERFEt
/vJPX5W5yXMtUZy4NauqDACcNocvQ7nIh5w26nMDuJJTGABTpKGD0a85ZWJVHI56
htHYNp250G/O4JhbmR5Ntap7lqK/ZPSX/5RojuPLlbZ7MvxrOfOP7A==
-----END CERTIFICATE-----