Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/kkqX2RLXH4D9Nrc-_A_Hlpdi8zc.cer
File:                     kkqX2RLXH4D9Nrc-_A_Hlpdi8zc.cer (raw, json)
Hash identifier:          qQ7A4d0SJwQE+8iJuI775gXLRpEFm1JrxFPB5A7Op9Q=
Subject key identifier:   92:4A:97:D9:12:D7:1F:80:FD:36:B7:3E:FC:0F:C7:96:97:62:F3:37
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B6E5A36492A2F1C26F780618A7AF61
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/90/ad3586-a028-4746-b3da-814856e1b1f4/1/kkqX2RLXH4D9Nrc-_A_Hlpdi8zc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/90/ad3586-a028-4746-b3da-814856e1b1f4/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:29:52 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 33955
                          IP: 217.194.16.0/20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:e5:a3:64:92:a2:f1:c2:6f:78:06:18:a7:af:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=924a97d912d71f80fd36b73efc0fc7969762f337
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d7:39:45:82:7d:81:4e:cc:96:b8:50:86:38:
                    f6:e5:48:9c:8f:da:8e:e0:34:78:39:c2:46:cb:61:
                    bd:4d:7c:4b:67:9e:1d:a4:97:4c:d7:b1:2f:6c:7c:
                    56:a4:64:c0:c5:b4:a4:41:7c:f1:43:a5:07:20:e1:
                    b9:38:35:00:ea:d3:2b:8b:95:ce:4d:45:cd:5b:2f:
                    60:36:7c:bb:e1:8d:ca:44:48:a6:60:4f:1d:3e:6d:
                    f1:0e:97:f9:a5:4c:a9:64:e3:86:11:88:8a:59:ed:
                    74:3a:13:7a:0e:d8:cd:0b:e6:3c:dc:8d:6e:73:33:
                    af:86:d0:c5:fa:83:5e:c1:c9:14:49:2a:55:2f:20:
                    2f:d5:be:69:51:3e:ad:76:7f:fc:e4:a6:b6:14:05:
                    d7:33:9a:97:48:f2:10:63:bc:fe:8a:11:dd:f9:30:
                    99:04:ac:13:ff:4a:d3:af:ee:c9:cb:23:6e:c2:dd:
                    df:d8:b3:f4:ea:8c:10:40:ef:d3:51:72:0f:11:c2:
                    6e:b9:79:15:cd:66:6b:0a:8d:cb:7a:34:d9:e0:cc:
                    72:cd:3c:15:d9:ec:fb:59:ea:ad:37:d8:f3:2a:86:
                    e2:1c:14:ad:9a:b7:94:22:20:62:b1:8f:fd:03:64:
                    05:77:45:00:9f:42:bd:ec:d7:88:52:25:1d:60:da:
                    b6:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:4A:97:D9:12:D7:1F:80:FD:36:B7:3E:FC:0F:C7:96:97:62:F3:37
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/ad3586-a028-4746-b3da-814856e1b1f4/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/ad3586-a028-4746-b3da-814856e1b1f4/1/kkqX2RLXH4D9Nrc-_A_Hlpdi8zc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.194.16.0/20

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  33955

    Signature Algorithm: sha256WithRSAEncryption
         69:3f:50:f4:19:bc:ea:0c:4e:1c:73:15:93:18:01:ae:af:5c:
         f0:62:51:33:df:32:a5:1d:0f:6e:56:44:b6:1d:c4:66:92:e9:
         6d:3c:6a:ef:08:7d:fe:a1:b4:3a:e0:94:de:a5:8f:82:e7:ff:
         05:05:48:f6:b6:f0:9b:46:33:7b:a5:15:ae:32:3b:94:9e:d6:
         75:30:79:b0:55:62:ce:8d:15:6f:1f:5f:c9:38:39:a7:7c:1a:
         f8:ee:9f:ce:15:80:06:95:f0:69:a6:b7:11:e5:e9:bd:5f:41:
         20:0b:38:0e:e9:4c:28:ed:ec:b2:85:56:43:b1:5b:7b:7a:6e:
         18:22:b6:a9:52:a3:17:8d:5d:f8:cf:8b:af:39:f1:df:10:d9:
         1d:90:78:8e:f1:20:5c:e2:cd:e1:56:d2:93:86:e4:b5:1c:ca:
         b4:1b:2d:e2:df:1b:9d:b4:fe:67:fb:f0:25:db:7e:26:aa:0b:
         e0:54:e9:a8:0a:a5:b8:1b:9a:bb:3b:52:54:dd:77:5a:85:c9:
         bc:14:6e:7a:0d:e9:d9:a3:b2:2a:c0:7e:52:3a:80:57:1f:6a:
         39:42:b7:e8:79:ba:a3:0b:08:e6:b1:ba:77:bb:82:47:f2:9e:
         dd:15:27:50:c9:73:e5:74:0c:f7:8b:37:47:31:77:d9:ee:da:
         65:f6:56:b8
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzDtuWjZJKi8cJveAYYp69hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjRhOTdkOTEyZDcxZjgwZmQzNmI3M2VmYzBmYzc5Njk3NjJmMzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdc5RYJ9gU7MlrhQhjj25Uicj9qO
4DR4OcJGy2G9TXxLZ54dpJdM17EvbHxWpGTAxbSkQXzxQ6UHIOG5ODUA6tMri5XO
TUXNWy9gNny74Y3KREimYE8dPm3xDpf5pUypZOOGEYiKWe10OhN6DtjNC+Y83I1u
czOvhtDF+oNewckUSSpVLyAv1b5pUT6tdn/85Ka2FAXXM5qXSPIQY7z+ihHd+TCZ
BKwT/0rTr+7JyyNuwt3f2LP06owQQO/TUXIPEcJuuXkVzWZrCo3LejTZ4MxyzTwV
2ez7WeqtN9jzKobiHBStmreUIiBisY/9A2QFd0UAn0K97NeIUiUdYNq20wIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFJJKl9kS1x+A/Ta3PvwPx5aXYvM3MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkwL2FkMzU4
Ni1hMDI4LTQ3NDYtYjNkYS04MTQ4NTZlMWIxZjQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTAvYWQzNTg2
LWEwMjgtNDc0Ni1iM2RhLTgxNDg1NmUxYjFmNC8xL2trcVgyUkxYSDREOU5yYy1f
QV9IbHBkaTh6Yy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQE2cIQMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCEozANBgkqhkiG9w0BAQsFAAOCAQEAaT9Q9Bm86gxOHHMVkxgBrq9c8GJRM98y
pR0PblZEth3EZpLpbTxq7wh9/qG0OuCU3qWPguf/BQVI9rbwm0Yze6UVrjI7lJ7W
dTB5sFVizo0Vbx9fyTg5p3wa+O6fzhWABpXwaaa3EeXpvV9BIAs4DulMKO3ssoVW
Q7Fbe3puGCK2qVKjF41d+M+Lrznx3xDZHZB4jvEgXOLN4VbSk4bktRzKtBst4t8b
nbT+Z/vwJdt+JqoL4FTpqAqluBuauztSVN13WoXJvBRueg3p2aOyKsB+UjqAVx9q
OUK36Hm6owsI5rG6d7uCR/Ke3RUnUMlz5XQM94s3RzF32e7aZfZWuA==
-----END CERTIFICATE-----