Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/lCKVhDGvU0e_2A41UD3bSOcc9NY.cer
File:                     lCKVhDGvU0e_2A41UD3bSOcc9NY.cer (raw, json)
Hash identifier:          i4/vI6ma+zRBM7+Jbj9BsXS9lWiGrBdql5Y7c8yMBw0=
Subject key identifier:   94:22:95:84:31:AF:53:47:BF:D8:0E:35:50:3D:DB:48:E7:1C:F4:D6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018E40D73B27FD378795F08D26D83D0EE209
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f2/755468-2acc-4e9b-a5ea-e8a083f56ace/1/lCKVhDGvU0e_2A41UD3bSOcc9NY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f2/755468-2acc-4e9b-a5ea-e8a083f56ace/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 15 Mar 2024 06:40:31 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 61206
                          IP: 193.169.213.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:40:d7:3b:27:fd:37:87:95:f0:8d:26:d8:3d:0e:e2:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar 15 06:40:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9422958431af5347bfd80e35503ddb48e71cf4d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:71:96:af:ec:48:8d:c3:fb:bc:fa:ea:96:77:
                    e6:04:e3:d7:84:af:42:f6:dd:b8:00:95:c4:73:c3:
                    1f:ef:37:9a:4b:f4:d2:dc:54:44:5d:89:ef:ea:06:
                    78:7f:2f:5a:a1:81:80:13:bb:3e:d6:33:74:37:75:
                    09:ed:77:29:11:15:a8:65:64:cd:7e:38:4d:e4:9d:
                    f5:40:91:29:a4:71:1a:86:76:18:ed:9a:e2:7b:dc:
                    b4:69:18:b5:6f:c2:18:1b:dd:2e:17:41:5e:b3:d4:
                    b8:4f:72:92:7b:4a:69:53:ec:a5:1a:dd:cd:10:16:
                    ad:8c:83:79:d3:5e:63:5e:92:c7:70:15:be:bc:2e:
                    36:d0:09:40:75:d5:23:8b:0c:9f:06:20:a4:b2:4b:
                    c0:17:30:bf:38:09:bb:bf:3f:8a:64:6e:dd:3d:d8:
                    59:bd:56:ad:ce:aa:f0:d0:79:e0:b9:a3:2b:2c:a5:
                    7d:86:fa:d4:54:ed:0b:11:a2:55:98:23:a4:74:2e:
                    17:67:c1:76:fa:61:a2:de:f6:d9:21:09:65:48:37:
                    12:e2:e5:7d:ba:4f:88:3c:28:a0:a7:f0:9e:a8:d1:
                    0b:66:96:21:c5:0a:23:a3:e3:fe:a2:b3:e1:d6:e3:
                    02:81:68:b0:20:13:27:c7:d9:e9:ee:e9:5e:b6:cd:
                    36:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:22:95:84:31:AF:53:47:BF:D8:0E:35:50:3D:DB:48:E7:1C:F4:D6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/755468-2acc-4e9b-a5ea-e8a083f56ace/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/755468-2acc-4e9b-a5ea-e8a083f56ace/1/lCKVhDGvU0e_2A41UD3bSOcc9NY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.169.213.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  61206

    Signature Algorithm: sha256WithRSAEncryption
         2d:3a:91:b8:10:c1:1c:ea:d7:a8:ca:95:71:0b:99:46:e8:59:
         63:36:29:67:d5:d9:83:12:46:6d:04:ff:02:8e:40:eb:2c:93:
         9a:27:72:b0:4d:42:54:d3:8e:3d:3e:54:83:1a:3d:fb:b0:d0:
         18:46:cc:04:e0:82:cf:64:a9:a1:71:c6:88:38:58:a5:00:6c:
         7a:92:16:6e:51:8e:03:cc:4b:a8:f9:9d:b6:e2:ed:bf:80:6c:
         f9:fb:63:b2:7f:c5:15:b6:88:11:f9:78:b7:51:10:d2:01:ab:
         8e:ed:77:1e:ec:55:61:50:2d:7e:39:c3:c2:d2:9c:5a:a7:a5:
         46:ac:dd:a8:7d:cd:f1:d0:0a:7e:b9:3b:6c:65:2b:90:48:7c:
         42:b3:0e:f9:e8:3d:82:4b:9b:ba:e7:37:0a:8e:b5:ca:ad:ef:
         5c:6b:d8:19:65:4d:9f:54:7c:dd:47:19:27:a0:39:6f:e7:d1:
         aa:c7:f3:5b:49:18:f5:d3:6c:af:17:41:cb:26:a8:5c:44:01:
         c1:c2:6e:8b:24:eb:e8:50:70:fc:ba:5c:4c:92:6c:86:02:0c:
         29:95:1c:ab:f2:61:15:eb:65:fa:68:a1:b0:ae:84:04:2e:e6:
         5c:23:c2:88:c4:3e:3b:bf:4d:5d:ab:e4:e1:1a:29:57:5e:bc:
         b2:18:90:d9
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAY5A1zsn/TeHlfCNJtg9DuIJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMzE1MDY0MDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDIyOTU4NDMxYWY1MzQ3YmZkODBlMzU1MDNkZGI0OGU3MWNmNGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXGWr+xIjcP7vPrqlnfmBOPXhK9C
9t24AJXEc8Mf7zeaS/TS3FREXYnv6gZ4fy9aoYGAE7s+1jN0N3UJ7XcpERWoZWTN
fjhN5J31QJEppHEahnYY7Zrie9y0aRi1b8IYG90uF0Fes9S4T3KSe0ppU+ylGt3N
EBatjIN5015jXpLHcBW+vC420AlAddUjiwyfBiCkskvAFzC/OAm7vz+KZG7dPdhZ
vVatzqrw0HnguaMrLKV9hvrUVO0LEaJVmCOkdC4XZ8F2+mGi3vbZIQllSDcS4uV9
uk+IPCigp/CeqNELZpYhxQojo+P+orPh1uMCgWiwIBMnx9np7ulets02OwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFJQilYQxr1NHv9gONVA920jnHPTWMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YyLzc1NTQ2
OC0yYWNjLTRlOWItYTVlYS1lOGEwODNmNTZhY2UvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjIvNzU1NDY4
LTJhY2MtNGU5Yi1hNWVhLWU4YTA4M2Y1NmFjZS8xL2xDS1ZoREd2VTBlXzJBNDFV
RDNiU09jYzlOWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwanVMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDvFjANBgkqhkiG9w0BAQsFAAOCAQEALTqRuBDBHOrXqMqVcQuZRuhZYzYpZ9XZ
gxJGbQT/Ao5A6yyTmidysE1CVNOOPT5Ugxo9+7DQGEbMBOCCz2SpoXHGiDhYpQBs
epIWblGOA8xLqPmdtuLtv4Bs+ftjsn/FFbaIEfl4t1EQ0gGrju13HuxVYVAtfjnD
wtKcWqelRqzdqH3N8dAKfrk7bGUrkEh8QrMO+eg9gkubuuc3Co61yq3vXGvYGWVN
n1R83UcZJ6A5b+fRqsfzW0kY9dNsrxdByyaoXEQBwcJuiyTr6FBw/LpcTJJshgIM
KZUcq/JhFetl+mihsK6EBC7mXCPCiMQ+O79NXavk4RopV168shiQ2Q==
-----END CERTIFICATE-----