Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/kVVkGgex5FW3iSuS2A1gkSORsg0.cer
File:                     kVVkGgex5FW3iSuS2A1gkSORsg0.cer (raw, json)
Hash identifier:          QKULhAEaJHS7iQxYMHwBq7ELzm5dq3n8iPSFX6WYKZI=
Subject key identifier:   91:55:64:1A:07:B1:E4:55:B7:89:2B:92:D8:0D:60:91:23:91:B2:0D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DACAF169DA92BF21BA15065F2D97A6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/46/aa5d8b-3ec9-4176-83e1-bcbfb217bc8f/1/kVVkGgex5FW3iSuS2A1gkSORsg0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/46/aa5d8b-3ec9-4176-83e1-bcbfb217bc8f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:27 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 51146
                          IP: 91.203.156.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ca:f1:69:da:92:bf:21:ba:15:06:5f:2d:97:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9155641a07b1e455b7892b92d80d60912391b20d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:1b:17:f0:7f:c1:9d:d0:6c:7b:30:0b:ff:98:
                    80:c2:60:82:29:e7:a7:c3:4d:37:3f:53:06:54:e4:
                    66:ec:02:b1:de:e1:ff:eb:e7:f0:b7:d0:a1:07:83:
                    39:0b:28:f6:71:20:a0:9c:8e:aa:95:ef:9b:85:97:
                    7b:f0:e5:9d:d8:cf:8c:dd:8d:56:18:07:b6:07:6f:
                    0b:b4:04:ab:b1:20:24:88:50:2b:60:94:7a:d6:ac:
                    2b:1e:c8:b7:b6:e8:d9:2d:ed:5b:e7:d9:df:62:2d:
                    81:54:60:08:d2:ee:a7:1d:4e:6f:b2:1d:2f:13:70:
                    62:ef:8b:e4:c1:54:1d:17:9f:d5:30:53:5b:0d:06:
                    c1:3a:58:8f:77:14:63:c8:61:69:8e:cf:46:45:64:
                    a5:06:47:14:0c:ea:e4:e8:d5:8d:ce:fa:c6:5d:d4:
                    e8:34:59:43:67:2f:5d:85:6b:7a:5b:d0:35:53:4f:
                    fc:64:e8:b1:3c:29:1f:65:98:16:2a:b7:84:0e:69:
                    23:e0:33:9b:c2:5c:98:ea:b1:d7:4f:de:f5:83:67:
                    ec:fa:42:ae:9d:38:5c:bb:7a:c7:8e:de:dd:e2:ea:
                    3e:78:fe:a9:d0:47:45:93:dc:e5:b6:a3:68:ad:9c:
                    04:82:9f:ce:2e:57:ec:4e:fa:26:4e:cb:45:0b:36:
                    4c:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:55:64:1A:07:B1:E4:55:B7:89:2B:92:D8:0D:60:91:23:91:B2:0D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/aa5d8b-3ec9-4176-83e1-bcbfb217bc8f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/aa5d8b-3ec9-4176-83e1-bcbfb217bc8f/1/kVVkGgex5FW3iSuS2A1gkSORsg0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.203.156.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  51146

    Signature Algorithm: sha256WithRSAEncryption
         42:19:26:26:4f:5b:73:fe:fc:7c:2d:db:9c:a8:8a:b2:c6:6e:
         dd:66:3b:c9:e7:4b:6a:f2:17:eb:2b:df:d6:7a:78:03:39:f8:
         91:40:71:12:63:42:f8:dd:ed:90:cb:a4:a7:d8:1e:90:56:b2:
         f2:7c:1a:f6:31:d0:57:02:8f:37:d4:c5:68:81:7a:eb:78:cc:
         60:2f:17:bc:a5:98:d4:55:c4:c0:d1:8c:5a:3e:df:44:98:f0:
         19:8a:8d:73:d1:b1:24:12:66:06:67:7b:98:19:27:01:4b:3b:
         86:74:bb:ad:ce:10:48:cb:bd:35:73:f3:a7:15:16:3c:31:8f:
         f2:9d:72:e8:c4:1f:14:e6:5e:f0:46:5e:a9:bb:21:2d:9d:c8:
         60:b9:60:dc:4c:4c:aa:6b:ac:99:8f:38:39:80:b2:22:a0:9e:
         36:f1:0e:ed:b7:b4:a6:de:7c:c9:2d:f6:74:54:53:ca:2c:9d:
         a4:c1:e9:b2:82:82:f9:aa:ff:0e:a3:2a:30:b9:c4:ed:03:55:
         d2:d4:66:54:dc:e5:1a:97:b0:e8:41:8e:72:88:6e:bc:a2:c2:
         ae:1d:35:f6:90:f6:4e:89:4d:64:06:f8:f8:48:3f:bd:85:eb:
         c0:02:07:90:ef:30:2b:97:6a:57:de:a4:ac:5f:e3:fa:ba:4a:
         f6:08:6b:8a
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzC2srxadqSvyG6FQZfLZemMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTU1NjQxYTA3YjFlNDU1Yjc4OTJiOTJkODBkNjA5MTIzOTFiMjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hsX8H/BndBsezAL/5iAwmCCKeen
w003P1MGVORm7AKx3uH/6+fwt9ChB4M5Cyj2cSCgnI6qle+bhZd78OWd2M+M3Y1W
GAe2B28LtASrsSAkiFArYJR61qwrHsi3tujZLe1b59nfYi2BVGAI0u6nHU5vsh0v
E3Bi74vkwVQdF5/VMFNbDQbBOliPdxRjyGFpjs9GRWSlBkcUDOrk6NWNzvrGXdTo
NFlDZy9dhWt6W9A1U0/8ZOixPCkfZZgWKreEDmkj4DObwlyY6rHXT971g2fs+kKu
nThcu3rHjt7d4uo+eP6p0EdFk9zltqNorZwEgp/OLlfsTvomTstFCzZM+wIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFJFVZBoHseRVt4krktgNYJEjkbINMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ2L2FhNWQ4
Yi0zZWM5LTQxNzYtODNlMS1iY2JmYjIxN2JjOGYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDYvYWE1ZDhi
LTNlYzktNDE3Ni04M2UxLWJjYmZiMjE3YmM4Zi8xL2tWVmtHZ2V4NUZXM2lTdVMy
QTFna1NPUnNnMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCW8ucMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDHyjANBgkqhkiG9w0BAQsFAAOCAQEAQhkmJk9bc/78fC3bnKiKssZu3WY7yedL
avIX6yvf1np4Azn4kUBxEmNC+N3tkMukp9gekFay8nwa9jHQVwKPN9TFaIF663jM
YC8XvKWY1FXEwNGMWj7fRJjwGYqNc9GxJBJmBmd7mBknAUs7hnS7rc4QSMu9NXPz
pxUWPDGP8p1y6MQfFOZe8EZeqbshLZ3IYLlg3ExMqmusmY84OYCyIqCeNvEO7be0
pt58yS32dFRTyiydpMHpsoKC+ar/DqMqMLnE7QNV0tRmVNzlGpew6EGOcohuvKLC
rh019pD2TolNZAb4+Eg/vYXrwAIHkO8wK5dqV96krF/j+rpK9ghrig==
-----END CERTIFICATE-----