Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/guaSFNb9VedQULqBG_fBJDkQn-4.cer
File:                     guaSFNb9VedQULqBG_fBJDkQn-4.cer (raw, json)
Hash identifier:          HgzPHU4Xjc27xAINAeh3Z+d8pWm3iCaWwmWZwRR3wqg=
Subject key identifier:   82:E6:92:14:D6:FD:55:E7:50:50:BA:81:1B:F7:C1:24:39:10:9F:EE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194228E044DDCD64044E11337FB94EBA6EB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/02/173fc5-343b-4976-b2a1-96bc6baa563b/1/guaSFNb9VedQULqBG_fBJDkQn-4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/02/173fc5-343b-4976-b2a1-96bc6baa563b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 15:48:40 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 48754
                          IP: 91.212.23.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:04:4d:dc:d6:40:44:e1:13:37:fb:94:eb:a6:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 15:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82e69214d6fd55e75050ba811bf7c12439109fee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:65:2f:af:3b:23:a0:78:4b:ca:56:90:ab:11:
                    35:76:e5:e0:a7:a9:09:54:07:2f:ba:6e:2e:0a:3e:
                    7d:42:be:32:da:f5:f3:e5:98:72:51:08:a7:28:50:
                    4a:ac:e6:9d:8d:c7:f1:07:98:56:73:4f:47:4a:56:
                    4f:e5:6d:a0:17:87:38:5a:b5:59:11:ea:3b:2d:93:
                    bd:3f:37:98:e9:2a:96:a6:68:e2:95:45:22:ac:37:
                    45:ae:1d:77:05:23:87:5f:8b:33:f4:7e:c8:72:fe:
                    08:0e:8d:c3:30:88:ad:83:3e:6d:d3:e7:24:47:a2:
                    ae:f6:79:7e:c4:8e:ad:1c:ee:88:d1:d2:27:40:73:
                    c6:cc:81:83:3b:11:ab:de:57:50:58:d1:df:c9:11:
                    02:26:d2:ca:92:a0:54:96:68:db:41:28:a4:ab:21:
                    d5:01:ba:79:9b:a0:b3:a6:7c:74:72:1f:f8:c8:de:
                    01:cc:82:01:c3:fe:d3:94:ff:86:27:62:d2:35:87:
                    72:79:49:6a:f5:41:0e:3e:f6:8e:7b:e4:a2:be:a5:
                    38:88:3b:9b:f5:78:ed:4f:98:93:b7:a6:d0:aa:4a:
                    41:1a:9a:2d:ea:34:85:1d:49:c5:0a:87:a5:63:74:
                    d9:f9:48:d1:ce:f8:4b:dc:8b:0f:e5:f1:6d:d4:6b:
                    80:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:E6:92:14:D6:FD:55:E7:50:50:BA:81:1B:F7:C1:24:39:10:9F:EE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/173fc5-343b-4976-b2a1-96bc6baa563b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/173fc5-343b-4976-b2a1-96bc6baa563b/1/guaSFNb9VedQULqBG_fBJDkQn-4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.23.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  48754

    Signature Algorithm: sha256WithRSAEncryption
         82:8f:03:2d:03:7e:14:8f:77:e6:26:41:e5:15:ca:df:66:15:
         2f:0a:3c:8b:b0:f0:39:bd:1e:f6:e3:f5:44:f4:17:fb:ca:68:
         34:21:48:b7:dc:be:cd:78:10:7a:3c:a9:19:74:44:f7:3e:e5:
         29:08:56:33:ee:2b:b9:27:3a:4c:c3:f9:5d:57:6c:e7:77:d1:
         34:2f:e0:dc:2e:23:7f:a7:d4:35:89:9d:69:bd:e0:91:4f:72:
         f1:a8:43:6d:61:9f:3e:08:c9:2e:63:7c:c7:2c:0b:62:6f:89:
         b2:c5:e3:66:df:e9:cb:80:37:f0:30:db:ca:77:d9:8c:fe:6d:
         20:32:b7:89:c8:09:ab:20:52:83:f7:b9:78:48:ae:5a:6a:7e:
         72:3a:94:da:be:b8:ff:fd:03:9a:2c:64:1f:a7:55:7d:2d:36:
         42:0b:1c:07:25:0a:a4:b2:a7:42:f9:d2:cc:7f:97:c8:aa:f1:
         5e:9b:de:6c:54:ee:70:1f:7b:05:a1:72:ef:c8:31:53:18:8c:
         dd:50:d1:96:de:ac:dd:87:3d:9c:a3:92:e1:44:3f:6a:c5:a7:
         15:29:7f:00:34:4e:27:3d:f1:b9:c2:0a:33:af:70:56:d0:0f:
         df:bc:ee:93:fc:3a:a3:89:e2:aa:ec:5f:18:2c:43:06:bc:42:
         d7:c1:33:09
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQijgRN3NZAROETN/uU66brMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTU0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmU2OTIxNGQ2ZmQ1NWU3NTA1MGJhODExYmY3YzEyNDM5MTA5ZmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2UvrzsjoHhLylaQqxE1duXgp6kJ
VAcvum4uCj59Qr4y2vXz5ZhyUQinKFBKrOadjcfxB5hWc09HSlZP5W2gF4c4WrVZ
Eeo7LZO9PzeY6SqWpmjilUUirDdFrh13BSOHX4sz9H7Icv4IDo3DMIitgz5t0+ck
R6Ku9nl+xI6tHO6I0dInQHPGzIGDOxGr3ldQWNHfyRECJtLKkqBUlmjbQSikqyHV
Abp5m6Czpnx0ch/4yN4BzIIBw/7TlP+GJ2LSNYdyeUlq9UEOPvaOe+SivqU4iDub
9XjtT5iTt6bQqkpBGpot6jSFHUnFCoelY3TZ+UjRzvhL3IsP5fFt1GuAsQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFILmkhTW/VXnUFC6gRv3wSQ5EJ/uMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzAyLzE3M2Zj
NS0zNDNiLTQ5NzYtYjJhMS05NmJjNmJhYTU2M2IvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDIvMTczZmM1
LTM0M2ItNDk3Ni1iMmExLTk2YmM2YmFhNTYzYi8xL2d1YVNGTmI5VmVkUVVMcUJH
X2ZCSkRrUW4tNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9QXMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwC+cjANBgkqhkiG9w0BAQsFAAOCAQEAgo8DLQN+FI935iZB5RXK32YVLwo8i7Dw
Ob0e9uP1RPQX+8poNCFIt9y+zXgQejypGXRE9z7lKQhWM+4ruSc6TMP5XVds53fR
NC/g3C4jf6fUNYmdab3gkU9y8ahDbWGfPgjJLmN8xywLYm+JssXjZt/py4A38DDb
ynfZjP5tIDK3icgJqyBSg/e5eEiuWmp+cjqU2r64//0DmixkH6dVfS02QgscByUK
pLKnQvnSzH+XyKrxXpvebFTucB97BaFy78gxUxiM3VDRlt6s3Yc9nKOS4UQ/asWn
FSl/ADROJz3xucIKM69wVtAP37zuk/w6o4niquxfGCxDBrxC18EzCQ==
-----END CERTIFICATE-----