Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/guaSFNb9VedQULqBG_fBJDkQn-4.cer
File:                     guaSFNb9VedQULqBG_fBJDkQn-4.cer (raw, json)
Hash identifier:          EEvFzvNIiUJWLoMWMTWF06a6AUUHRIiaE/6SqMWaZro=
Subject key identifier:   82:E6:92:14:D6:FD:55:E7:50:50:BA:81:1B:F7:C1:24:39:10:9F:EE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC50113F9108432AFC115BF7F0D6A52CE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/02/173fc5-343b-4976-b2a1-96bc6baa563b/1/guaSFNb9VedQULqBG_fBJDkQn-4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/02/173fc5-343b-4976-b2a1-96bc6baa563b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:30:31 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 48754
                          IP: 91.212.23.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:13:f9:10:84:32:af:c1:15:bf:7f:0d:6a:52:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82e69214d6fd55e75050ba811bf7c12439109fee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:65:2f:af:3b:23:a0:78:4b:ca:56:90:ab:11:
                    35:76:e5:e0:a7:a9:09:54:07:2f:ba:6e:2e:0a:3e:
                    7d:42:be:32:da:f5:f3:e5:98:72:51:08:a7:28:50:
                    4a:ac:e6:9d:8d:c7:f1:07:98:56:73:4f:47:4a:56:
                    4f:e5:6d:a0:17:87:38:5a:b5:59:11:ea:3b:2d:93:
                    bd:3f:37:98:e9:2a:96:a6:68:e2:95:45:22:ac:37:
                    45:ae:1d:77:05:23:87:5f:8b:33:f4:7e:c8:72:fe:
                    08:0e:8d:c3:30:88:ad:83:3e:6d:d3:e7:24:47:a2:
                    ae:f6:79:7e:c4:8e:ad:1c:ee:88:d1:d2:27:40:73:
                    c6:cc:81:83:3b:11:ab:de:57:50:58:d1:df:c9:11:
                    02:26:d2:ca:92:a0:54:96:68:db:41:28:a4:ab:21:
                    d5:01:ba:79:9b:a0:b3:a6:7c:74:72:1f:f8:c8:de:
                    01:cc:82:01:c3:fe:d3:94:ff:86:27:62:d2:35:87:
                    72:79:49:6a:f5:41:0e:3e:f6:8e:7b:e4:a2:be:a5:
                    38:88:3b:9b:f5:78:ed:4f:98:93:b7:a6:d0:aa:4a:
                    41:1a:9a:2d:ea:34:85:1d:49:c5:0a:87:a5:63:74:
                    d9:f9:48:d1:ce:f8:4b:dc:8b:0f:e5:f1:6d:d4:6b:
                    80:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:E6:92:14:D6:FD:55:E7:50:50:BA:81:1B:F7:C1:24:39:10:9F:EE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/173fc5-343b-4976-b2a1-96bc6baa563b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/173fc5-343b-4976-b2a1-96bc6baa563b/1/guaSFNb9VedQULqBG_fBJDkQn-4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.23.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  48754

    Signature Algorithm: sha256WithRSAEncryption
         33:12:4f:94:ca:84:41:bb:3e:ef:c9:28:73:ba:74:fc:0e:15:
         2e:a9:11:b4:72:ef:14:e4:7e:af:07:62:34:b2:6f:64:e8:e6:
         10:86:96:17:cd:48:dd:43:88:74:ed:9b:86:d0:77:4c:ad:f2:
         f6:a0:01:0d:1d:cc:4d:f5:65:cd:b1:c5:60:05:f4:c9:99:98:
         b3:de:2a:f4:20:6d:28:cd:89:94:e2:bf:5c:97:ea:43:c2:30:
         f4:07:69:b7:a3:1b:b2:a6:c7:2e:2d:e2:6f:7a:f2:6e:fb:43:
         c7:e9:07:bb:14:d5:ea:f1:fe:44:ba:a4:e2:b5:03:3e:84:a7:
         eb:90:e4:6f:13:33:d1:83:3e:e2:83:20:94:5f:59:18:55:ab:
         68:43:53:b7:4f:ed:45:cb:04:04:45:c3:c2:14:19:c9:22:9e:
         20:77:db:15:80:5f:de:2e:77:77:9c:1a:db:5d:8e:d9:b3:7e:
         cd:eb:2e:bf:28:0c:0c:03:24:0d:ac:43:f3:38:42:43:14:b9:
         90:41:d5:4c:0d:49:df:21:3e:6a:07:c8:94:71:4c:6e:b3:41:
         a3:b9:ca:08:39:a0:60:9c:75:b7:d9:ee:2f:f2:97:91:41:8c:
         dd:e6:71:96:37:55:e8:6d:bc:f7:2a:ff:48:ad:5a:40:1b:df:
         b1:f7:cc:05
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzFARP5EIQyr8EVv38NalLOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmU2OTIxNGQ2ZmQ1NWU3NTA1MGJhODExYmY3YzEyNDM5MTA5ZmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2UvrzsjoHhLylaQqxE1duXgp6kJ
VAcvum4uCj59Qr4y2vXz5ZhyUQinKFBKrOadjcfxB5hWc09HSlZP5W2gF4c4WrVZ
Eeo7LZO9PzeY6SqWpmjilUUirDdFrh13BSOHX4sz9H7Icv4IDo3DMIitgz5t0+ck
R6Ku9nl+xI6tHO6I0dInQHPGzIGDOxGr3ldQWNHfyRECJtLKkqBUlmjbQSikqyHV
Abp5m6Czpnx0ch/4yN4BzIIBw/7TlP+GJ2LSNYdyeUlq9UEOPvaOe+SivqU4iDub
9XjtT5iTt6bQqkpBGpot6jSFHUnFCoelY3TZ+UjRzvhL3IsP5fFt1GuAsQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFILmkhTW/VXnUFC6gRv3wSQ5EJ/uMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzAyLzE3M2Zj
NS0zNDNiLTQ5NzYtYjJhMS05NmJjNmJhYTU2M2IvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDIvMTczZmM1
LTM0M2ItNDk3Ni1iMmExLTk2YmM2YmFhNTYzYi8xL2d1YVNGTmI5VmVkUVVMcUJH
X2ZCSkRrUW4tNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9QXMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwC+cjANBgkqhkiG9w0BAQsFAAOCAQEAMxJPlMqEQbs+78koc7p0/A4VLqkRtHLv
FOR+rwdiNLJvZOjmEIaWF81I3UOIdO2bhtB3TK3y9qABDR3MTfVlzbHFYAX0yZmY
s94q9CBtKM2JlOK/XJfqQ8Iw9Adpt6MbsqbHLi3ib3rybvtDx+kHuxTV6vH+RLqk
4rUDPoSn65DkbxMz0YM+4oMglF9ZGFWraENTt0/tRcsEBEXDwhQZySKeIHfbFYBf
3i53d5wa212O2bN+zesuvygMDAMkDaxD8zhCQxS5kEHVTA1J3yE+agfIlHFMbrNB
o7nKCDmgYJx1t9nuL/KXkUGM3eZxljdV6G289yr/SK1aQBvfsffMBQ==
-----END CERTIFICATE-----