Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/evGnv3QoXbLoIJH79GOi7vbjpXg.cer
File:                     evGnv3QoXbLoIJH79GOi7vbjpXg.cer (raw, json)
Hash identifier:          lAg0sxxvVTk7wrlQYo2FwakANZ+TAopRoGxivw9G68Y=
Subject key identifier:   7A:F1:A7:BF:74:28:5D:B2:E8:20:91:FB:F4:63:A2:EE:F6:E3:A5:78
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01920F2FBFC0464B3FA3D381A8AA5696ADF4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f3/058435-a1c6-4436-95a2-b7114b69f84c/1/evGnv3QoXbLoIJH79GOi7vbjpXg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f3/058435-a1c6-4436-95a2-b7114b69f84c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 20 Sep 2024 11:27:20 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.90.161.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:0f:2f:bf:c0:46:4b:3f:a3:d3:81:a8:aa:56:96:ad:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Sep 20 11:27:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7af1a7bf74285db2e82091fbf463a2eef6e3a578
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:bf:4c:2d:7c:ae:76:42:b8:e3:29:e3:8a:1a:
                    8b:e0:b2:29:d1:b2:06:61:77:5d:98:f0:fb:34:dc:
                    3d:56:06:ec:9c:ff:bd:29:a6:f8:1d:17:a2:9a:45:
                    69:44:8b:c4:31:8b:5f:45:3d:63:40:3b:dc:13:d0:
                    69:14:68:de:e0:77:d7:dd:b6:78:bb:c8:83:97:2c:
                    fa:4a:7d:c6:1a:d8:d5:8c:ef:ec:0c:e7:6c:1f:b7:
                    db:a2:30:94:a7:b5:38:e8:2d:d2:ab:c6:71:ce:c8:
                    8b:9b:fa:13:68:3c:ac:50:ee:82:3f:fe:1e:d1:62:
                    3f:6b:a3:29:f3:89:ec:36:06:d9:21:bf:b4:e1:ca:
                    12:04:d0:2a:42:21:a3:f8:13:12:c7:e2:e0:57:d1:
                    a0:2e:80:93:28:a0:34:4d:41:ea:e9:6e:fa:84:f4:
                    d7:48:41:3f:49:77:13:9f:c4:29:b9:53:ba:de:3c:
                    c8:f5:e6:70:d4:b6:35:c5:8d:83:f1:ca:ce:31:d1:
                    48:bb:4d:8c:6e:09:1f:f4:b7:6a:a0:e0:54:5c:46:
                    01:4b:bf:d0:ee:9f:b2:17:f1:c8:ba:7b:b3:0c:be:
                    75:48:26:6e:be:eb:a7:09:dc:01:29:64:81:40:c7:
                    f8:48:9f:ef:f9:5c:8d:a8:d6:b6:31:de:02:5a:14:
                    10:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:F1:A7:BF:74:28:5D:B2:E8:20:91:FB:F4:63:A2:EE:F6:E3:A5:78
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/058435-a1c6-4436-95a2-b7114b69f84c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/058435-a1c6-4436-95a2-b7114b69f84c/1/evGnv3QoXbLoIJH79GOi7vbjpXg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.90.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:c3:79:8e:a6:7b:6c:2a:f9:4d:9e:64:0a:ab:94:cb:b9:75:
         d5:88:29:f0:71:58:28:a3:4b:49:4e:5a:13:9d:c7:32:88:47:
         53:80:5f:dc:e2:77:27:87:a0:f4:a5:88:f5:c7:ca:90:94:b7:
         a1:b8:c8:26:73:0d:43:fc:8c:fd:07:26:34:95:e5:55:dc:d6:
         7c:0e:52:77:f6:95:2c:1f:3e:4d:17:70:4b:84:51:e3:80:b8:
         c9:09:73:53:8c:2a:bc:ff:b4:d0:6b:c4:fb:a6:fd:fb:55:7f:
         8d:87:b6:1c:8b:80:bf:6b:9a:d1:2d:c8:b8:c2:2d:b9:70:b2:
         44:af:fe:7c:d3:d6:19:fc:d1:72:72:1f:05:37:36:1a:22:fa:
         a3:cb:e8:ac:4d:d4:fc:33:b6:eb:5d:c7:b7:3a:37:d5:95:9f:
         6a:45:3d:98:a4:7f:7c:24:6b:12:0c:fa:8a:d2:02:2e:7b:e8:
         ac:bb:0f:d8:e5:03:24:5f:14:fa:4b:1d:b2:b5:d2:8b:4e:7f:
         68:44:c8:2c:bf:15:d7:1c:76:e8:66:51:9a:e3:a8:51:29:62:
         6a:8b:d3:6d:40:44:9d:ce:1e:bf:8d:20:e9:e3:65:58:9a:e2:
         1e:5e:fb:f7:67:47:2c:3b:9f:5b:09:61:a6:1a:a6:cd:f6:02:
         0a:d6:d2:bb
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZIPL7/ARks/o9OBqKpWlq30MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwOTIwMTEyNzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWYxYTdiZjc0Mjg1ZGIyZTgyMDkxZmJmNDYzYTJlZWY2ZTNhNTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmb9MLXyudkK44ynjihqL4LIp0bIG
YXddmPD7NNw9VgbsnP+9Kab4HReimkVpRIvEMYtfRT1jQDvcE9BpFGje4HfX3bZ4
u8iDlyz6Sn3GGtjVjO/sDOdsH7fbojCUp7U46C3Sq8ZxzsiLm/oTaDysUO6CP/4e
0WI/a6Mp84nsNgbZIb+04coSBNAqQiGj+BMSx+LgV9GgLoCTKKA0TUHq6W76hPTX
SEE/SXcTn8QpuVO63jzI9eZw1LY1xY2D8crOMdFIu02Mbgkf9LdqoOBUXEYBS7/Q
7p+yF/HIunuzDL51SCZuvuunCdwBKWSBQMf4SJ/v+VyNqNa2Md4CWhQQoQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFHrxp790KF2y6CCR+/Rjou7246V4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YzLzA1ODQz
NS1hMWM2LTQ0MzYtOTVhMi1iNzExNGI2OWY4NGMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjMvMDU4NDM1
LWExYzYtNDQzNi05NWEyLWI3MTE0YjY5Zjg0Yy8xL2V2R252M1FvWGJMb0lKSDc5
R09pN3ZianBYZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW1qhMA0GCSqGSIb3DQEBCwUAA4IBAQBrw3mO
pntsKvlNnmQKq5TLuXXViCnwcVgoo0tJTloTnccyiEdTgF/c4ncnh6D0pYj1x8qQ
lLehuMgmcw1D/Iz9ByY0leVV3NZ8DlJ39pUsHz5NF3BLhFHjgLjJCXNTjCq8/7TQ
a8T7pv37VX+Nh7Yci4C/a5rRLci4wi25cLJEr/5809YZ/NFych8FNzYaIvqjy+is
TdT8M7brXce3OjfVlZ9qRT2YpH98JGsSDPqK0gIue+isuw/Y5QMkXxT6Sx2ytdKL
Tn9oRMgsvxXXHHboZlGa46hRKWJqi9NtQESdzh6/jSDp42VYmuIeXvv3Z0csO59b
CWGmGqbN9gIK1tK7
-----END CERTIFICATE-----