Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/hUkvKmkQQzxbzYJpxEDowceADWs.cer
File:                     hUkvKmkQQzxbzYJpxEDowceADWs.cer (raw, json)
Hash identifier:          j4QLBcte9ir2g3DY1Xgvqq/AXWGm6zV+RnwKZ3VivYk=
Subject key identifier:   85:49:2F:2A:69:10:43:3C:5B:CD:82:69:C4:40:E8:C1:C7:80:0D:6B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018D69F339C1067A82D90E1650113D92C17E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4f/b38228-0875-491c-9d4f-d6a9a28284cf/1/hUkvKmkQQzxbzYJpxEDowceADWs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4f/b38228-0875-491c-9d4f-d6a9a28284cf/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Feb 2024 13:12:44 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 198435
                          IP: 85.208.248.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:69:f3:39:c1:06:7a:82:d9:0e:16:50:11:3d:92:c1:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Feb  2 13:12:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85492f2a6910433c5bcd8269c440e8c1c7800d6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c3:b9:7d:e2:71:8f:45:c2:ea:05:7d:46:ca:
                    49:6c:60:46:f6:08:0e:7a:a4:d4:f0:99:78:8c:90:
                    1e:4e:20:3e:69:03:6d:86:03:5b:bc:df:ca:e3:d8:
                    3e:68:9d:b0:02:5d:1a:65:e9:3e:0b:cf:e5:54:e6:
                    fe:fe:4d:b2:ca:1a:de:dd:b3:3d:7f:21:7d:32:d3:
                    bf:bc:c5:cb:61:83:01:a4:7f:e8:50:0c:16:6b:26:
                    46:a3:b5:78:e6:65:cd:c3:f6:c0:7f:41:0e:f9:4c:
                    5f:76:e9:3a:c0:e8:72:6d:33:0a:f2:b7:32:42:a2:
                    e6:cd:81:e7:65:09:10:26:ec:00:55:1b:20:fd:22:
                    29:bd:70:a4:92:63:e9:96:93:39:8d:47:ff:29:7a:
                    bc:43:cf:e8:e6:75:1b:9c:d8:99:37:19:0a:55:d9:
                    00:d2:d8:b9:8a:5a:44:9c:5a:f2:45:d7:28:8c:5b:
                    19:12:4a:b9:df:ee:6c:14:11:f2:12:36:f1:bf:22:
                    10:01:7f:df:b8:9f:a3:77:ed:3a:56:ac:c8:21:9c:
                    4f:d4:89:54:5b:95:38:69:c6:f6:9b:a0:8b:27:bb:
                    05:d4:44:d4:21:2b:2d:c0:cd:22:7d:b8:0a:9f:7d:
                    ec:05:f7:cb:7d:ed:02:ab:de:bd:68:09:51:10:f8:
                    00:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:49:2F:2A:69:10:43:3C:5B:CD:82:69:C4:40:E8:C1:C7:80:0D:6B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/b38228-0875-491c-9d4f-d6a9a28284cf/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/b38228-0875-491c-9d4f-d6a9a28284cf/1/hUkvKmkQQzxbzYJpxEDowceADWs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.248.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198435

    Signature Algorithm: sha256WithRSAEncryption
         55:e3:4e:f2:e7:95:dc:7d:ac:37:20:60:6b:2d:3c:0e:8d:ef:
         64:b3:21:af:c3:d5:8c:af:41:c9:62:61:c8:28:87:99:5e:1d:
         44:01:cb:47:53:3f:75:2e:1d:88:8f:12:c8:db:75:41:71:20:
         ae:ac:3e:bd:16:f9:dd:2b:5f:00:51:f6:69:96:f0:75:0d:8c:
         1b:e3:73:1f:15:f5:bc:8a:64:d2:d8:ed:df:a0:01:90:5f:c8:
         4b:92:88:6d:0f:68:fa:1a:89:b5:9c:e9:e2:c5:8f:7e:b8:46:
         28:67:14:7a:79:4d:8f:c1:fb:04:42:d9:b0:b5:1a:05:4a:c3:
         51:e9:ea:0d:1f:ab:64:2e:74:d0:0e:e8:1d:9a:75:e3:b1:12:
         a7:43:b7:65:cf:b1:be:b3:6c:8b:98:48:ed:6f:6d:77:82:d9:
         e8:4f:93:d5:1a:b3:66:06:61:13:34:18:a1:17:b5:1d:f0:f3:
         8a:fe:04:4b:c7:67:9c:38:65:4d:64:b9:40:ea:01:3a:6c:e3:
         d9:39:40:90:d0:86:a3:f0:d0:30:d7:24:85:a2:9a:b7:b1:65:
         73:82:d3:16:16:63:e8:df:e9:c7:0f:d0:ef:2f:b6:5d:c5:30:
         a5:73:9e:6c:b6:80:ce:95:f4:d9:64:b8:6d:ee:05:07:d5:d8:
         d6:51:00:ad
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAY1p8znBBnqC2Q4WUBE9ksF+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMjAyMTMxMjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTQ5MmYyYTY5MTA0MzNjNWJjZDgyNjljNDQwZThjMWM3ODAwZDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMO5feJxj0XC6gV9RspJbGBG9ggO
eqTU8Jl4jJAeTiA+aQNthgNbvN/K49g+aJ2wAl0aZek+C8/lVOb+/k2yyhre3bM9
fyF9MtO/vMXLYYMBpH/oUAwWayZGo7V45mXNw/bAf0EO+Uxfduk6wOhybTMK8rcy
QqLmzYHnZQkQJuwAVRsg/SIpvXCkkmPplpM5jUf/KXq8Q8/o5nUbnNiZNxkKVdkA
0ti5ilpEnFryRdcojFsZEkq53+5sFBHyEjbxvyIQAX/fuJ+jd+06VqzIIZxP1IlU
W5U4acb2m6CLJ7sF1ETUISstwM0ifbgKn33sBffLfe0Cq969aAlREPgAbwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFIVJLyppEEM8W82CacRA6MHHgA1rMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRmL2IzODIy
OC0wODc1LTQ5MWMtOWQ0Zi1kNmE5YTI4Mjg0Y2YvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGYvYjM4MjI4
LTA4NzUtNDkxYy05ZDRmLWQ2YTlhMjgyODRjZi8xL2hVa3ZLbWtRUXp4YnpZSnB4
RURvd2NlQURXcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCVdD4MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMHIzANBgkqhkiG9w0BAQsFAAOCAQEAVeNO8ueV3H2sNyBgay08Do3vZLMhr8PV
jK9ByWJhyCiHmV4dRAHLR1M/dS4diI8SyNt1QXEgrqw+vRb53StfAFH2aZbwdQ2M
G+NzHxX1vIpk0tjt36ABkF/IS5KIbQ9o+hqJtZzp4sWPfrhGKGcUenlNj8H7BELZ
sLUaBUrDUenqDR+rZC500A7oHZp147ESp0O3Zc+xvrNsi5hI7W9td4LZ6E+T1Rqz
ZgZhEzQYoRe1HfDziv4ES8dnnDhlTWS5QOoBOmzj2TlAkNCGo/DQMNckhaKat7Fl
c4LTFhZj6N/pxw/Q7y+2XcUwpXOebLaAzpX02WS4be4FB9XY1lEArQ==
-----END CERTIFICATE-----