Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/lCbTCdDbAt8dfgS7s5MTvR3xM1g.cer
File:                     lCbTCdDbAt8dfgS7s5MTvR3xM1g.cer (raw, json)
Hash identifier:          0111M1rejPW6tjyamP4YYYyyMbXyd6jmDUIR2JJXwsI=
Subject key identifier:   94:26:D3:09:D0:DB:02:DF:1D:7E:04:BB:B3:93:13:BD:1D:F1:33:58
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56DDDD1DDFBDACB6844B7F4DB7DCC85
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8f/91431a-b50d-4d50-a6d6-f17f095dd3af/1/lCbTCdDbAt8dfgS7s5MTvR3xM1g.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8f/91431a-b50d-4d50-a6d6-f17f095dd3af/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:29:20 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 42934
                          IP: 91.209.255.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:dd:d1:dd:fb:da:cb:68:44:b7:f4:db:7d:cc:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9426d309d0db02df1d7e04bbb39313bd1df13358
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:17:c3:ef:6e:4d:ce:41:50:f6:0c:b4:7e:bb:
                    cf:72:f3:93:86:3c:05:73:bf:b1:02:a8:26:c9:45:
                    21:f6:91:5d:24:3b:66:03:57:a3:07:0b:fc:0b:75:
                    07:e7:97:20:c5:49:ce:f5:4c:f3:ea:b9:93:fd:9c:
                    94:de:39:14:49:ce:45:e2:14:d3:76:d4:f3:2d:ba:
                    44:b4:a9:02:d1:01:b7:8b:a1:53:11:7d:27:2a:0d:
                    e5:23:8b:35:ab:db:a1:4d:f4:45:09:68:ea:4b:b6:
                    d8:08:c7:dd:57:9a:2d:82:3a:8c:17:d2:8c:46:84:
                    a5:c4:55:66:9e:e9:45:0f:58:8c:96:27:fc:b9:48:
                    08:02:21:29:c5:2b:bc:d5:5b:8e:92:65:38:12:5e:
                    5f:2d:a7:6c:40:f6:ba:27:c6:1a:02:35:4e:60:06:
                    3c:9b:45:8f:8e:09:01:da:04:5e:46:8d:ca:29:cc:
                    66:2b:71:b3:f6:ae:1e:0f:73:4b:98:5a:59:12:42:
                    06:56:0c:1a:ed:b4:44:4f:c1:74:2d:8f:a9:d7:83:
                    10:90:ca:cf:b3:19:2e:36:ec:a3:06:ca:5b:d2:17:
                    3d:e3:78:95:61:83:f6:96:34:a0:a8:0d:c8:0c:34:
                    fa:83:80:ba:79:8b:c6:73:ef:bf:bc:d4:ce:d1:16:
                    af:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:26:D3:09:D0:DB:02:DF:1D:7E:04:BB:B3:93:13:BD:1D:F1:33:58
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/91431a-b50d-4d50-a6d6-f17f095dd3af/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/91431a-b50d-4d50-a6d6-f17f095dd3af/1/lCbTCdDbAt8dfgS7s5MTvR3xM1g.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.255.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  42934

    Signature Algorithm: sha256WithRSAEncryption
         af:3a:8f:4b:7c:22:5c:99:4c:11:54:24:90:58:4a:e0:1c:44:
         16:e5:e3:88:5c:6a:d4:4c:0b:24:b3:d5:30:36:c7:37:ec:30:
         7d:33:f4:6d:f9:42:1f:c7:58:f1:e2:c4:97:a5:3f:50:23:a4:
         ea:75:ce:5e:8b:84:70:95:88:cd:98:56:d4:a7:4a:88:2e:f3:
         48:b3:79:9e:a6:5b:06:1c:89:22:8d:ad:8f:fe:22:d8:24:2b:
         c9:ca:b7:40:05:05:3a:0f:65:ad:ed:79:80:36:54:e8:d2:b9:
         96:ce:df:4a:b5:91:f0:cb:3f:7a:67:f8:87:cc:ca:e4:97:a7:
         43:ea:82:f1:8d:37:d3:42:9d:91:2c:8c:df:8a:db:be:18:7e:
         5f:24:35:22:b6:c5:91:a6:84:e9:45:f7:1b:fc:82:39:0b:40:
         d5:f7:eb:6f:27:7b:17:db:8f:02:b4:88:7d:2d:e7:e9:65:1e:
         f8:13:61:63:6b:33:56:67:40:ce:31:bd:c9:ed:29:5b:e4:52:
         1b:ed:33:1e:31:64:1e:22:52:33:f8:45:a9:2b:ce:e3:4c:7d:
         79:b9:64:74:12:70:1a:01:ed:d6:bd:a0:bc:a8:f0:32:42:ae:
         76:e2:5d:7d:08:61:6b:b2:78:da:15:0a:6c:36:5a:9b:7c:c0:
         ee:d0:e7:52
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzFbd3R3fvay2hEt/TbfcyFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDI2ZDMwOWQwZGIwMmRmMWQ3ZTA0YmJiMzkzMTNiZDFkZjEzMzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRfD725NzkFQ9gy0frvPcvOThjwF
c7+xAqgmyUUh9pFdJDtmA1ejBwv8C3UH55cgxUnO9Uzz6rmT/ZyU3jkUSc5F4hTT
dtTzLbpEtKkC0QG3i6FTEX0nKg3lI4s1q9uhTfRFCWjqS7bYCMfdV5otgjqMF9KM
RoSlxFVmnulFD1iMlif8uUgIAiEpxSu81VuOkmU4El5fLadsQPa6J8YaAjVOYAY8
m0WPjgkB2gReRo3KKcxmK3Gz9q4eD3NLmFpZEkIGVgwa7bRET8F0LY+p14MQkMrP
sxkuNuyjBspb0hc943iVYYP2ljSgqA3IDDT6g4C6eYvGc++/vNTO0RavTQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFJQm0wnQ2wLfHX4Eu7OTE70d8TNYMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhmLzkxNDMx
YS1iNTBkLTRkNTAtYTZkNi1mMTdmMDk1ZGQzYWYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGYvOTE0MzFh
LWI1MGQtNGQ1MC1hNmQ2LWYxN2YwOTVkZDNhZi8xL2xDYlRDZERiQXQ4ZGZnUzdz
NU1UdlIzeE0xZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9H/MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCntjANBgkqhkiG9w0BAQsFAAOCAQEArzqPS3wiXJlMEVQkkFhK4BxEFuXjiFxq
1EwLJLPVMDbHN+wwfTP0bflCH8dY8eLEl6U/UCOk6nXOXouEcJWIzZhW1KdKiC7z
SLN5nqZbBhyJIo2tj/4i2CQrycq3QAUFOg9lre15gDZU6NK5ls7fSrWR8Ms/emf4
h8zK5JenQ+qC8Y0300KdkSyM34rbvhh+XyQ1IrbFkaaE6UX3G/yCOQtA1ffrbyd7
F9uPArSIfS3n6WUe+BNhY2szVmdAzjG9ye0pW+RSG+0zHjFkHiJSM/hFqSvO40x9
eblkdBJwGgHt1r2gvKjwMkKuduJdfQhha7J42hUKbDZam3zA7tDnUg==
-----END CERTIFICATE-----