Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/p6cGJ7tFzWxx8iAZImpqGJUiLwc.cer
File:                     p6cGJ7tFzWxx8iAZImpqGJUiLwc.cer (raw, json)
Hash identifier:          FFdwZ9yZxTukRKOkaGdPQkzQ23flz0NMP1/6+7syqJ4=
Subject key identifier:   A7:A7:06:27:BB:45:CD:6C:71:F2:20:19:22:6A:6A:18:95:22:2F:07
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018DD563E9ABDFAD9ABFAF64CA31E04C7D76
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/25/5d074a-4e12-4e9c-b354-bdd79f8632e9/1/p6cGJ7tFzWxx8iAZImpqGJUiLwc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/25/5d074a-4e12-4e9c-b354-bdd79f8632e9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 23 Feb 2024 09:55:11 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 51493
                          IP: 91.217.157.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d5:63:e9:ab:df:ad:9a:bf:af:64:ca:31:e0:4c:7d:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Feb 23 09:55:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7a70627bb45cd6c71f22019226a6a1895222f07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:9b:a1:0c:28:c0:15:c1:29:e0:2a:4e:cd:14:
                    5c:47:4c:a0:32:64:b8:9a:4a:03:d3:3c:5b:8f:72:
                    e6:cf:a0:cf:c3:44:93:c7:aa:af:c8:c9:56:b1:13:
                    1e:64:b2:e8:33:7f:19:8c:c7:37:8e:2f:3f:06:34:
                    7e:c6:2c:6b:14:5e:75:82:e8:0b:09:7d:3f:ed:c4:
                    64:ec:c5:16:2b:50:65:66:80:62:ee:16:19:11:da:
                    fa:f5:f3:5d:75:c4:57:5f:30:ff:17:f7:19:20:9c:
                    fd:b6:58:88:12:47:f5:bb:45:89:48:77:fc:6c:77:
                    e3:1c:4a:b5:6a:ad:80:1b:30:6d:e7:d4:1f:8f:c3:
                    56:29:af:cd:d6:65:7b:e7:0b:85:21:27:10:af:1d:
                    48:f2:be:bd:53:81:54:6b:ca:73:0b:56:62:ae:a0:
                    04:15:b4:05:07:3e:0e:82:f0:94:83:29:da:06:6e:
                    4e:62:b1:04:6c:c0:63:db:f6:73:6a:47:75:bc:1e:
                    05:d0:40:47:97:99:c5:f2:06:77:03:e9:31:98:43:
                    fc:dc:65:ad:e1:e7:70:bf:c3:78:64:95:55:69:9d:
                    a3:9e:29:07:4d:18:83:41:d9:86:01:5c:02:13:e6:
                    e7:90:37:ef:9f:60:0a:80:82:35:c8:49:26:7f:33:
                    7d:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:A7:06:27:BB:45:CD:6C:71:F2:20:19:22:6A:6A:18:95:22:2F:07
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/5d074a-4e12-4e9c-b354-bdd79f8632e9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/5d074a-4e12-4e9c-b354-bdd79f8632e9/1/p6cGJ7tFzWxx8iAZImpqGJUiLwc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.157.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  51493

    Signature Algorithm: sha256WithRSAEncryption
         17:f5:b4:b7:bc:2f:f7:e6:3b:2b:42:04:23:9c:c4:1a:f2:ec:
         d0:1e:77:4a:5e:16:29:ff:ba:6d:5c:3d:03:d0:5e:0d:2d:f9:
         f4:28:60:00:5d:f4:fd:3e:6d:c7:29:7a:35:a3:7f:c5:a8:e2:
         63:f5:ae:15:61:15:7b:f5:8f:1a:fb:6b:23:3b:aa:9d:db:43:
         56:03:48:97:a1:dc:69:92:f5:ac:b1:ec:57:3d:0a:a9:38:3d:
         64:e7:14:d8:96:6b:6b:cd:25:fb:98:ed:c3:46:e0:b6:5a:06:
         24:3e:3f:6b:9f:5e:7e:53:9f:30:78:1c:da:1c:94:50:e0:24:
         e2:cb:5f:b4:88:7f:e6:46:09:6c:7f:b5:37:c3:cf:6e:09:f6:
         37:26:d0:0f:ec:07:09:24:0e:00:7a:f6:b9:59:3d:1e:1f:bd:
         4f:3f:16:41:68:24:27:1d:7e:36:76:af:e6:fd:35:61:1e:06:
         5d:fd:c6:6d:41:43:b1:2c:80:43:f9:b7:00:ab:29:fa:59:11:
         2b:6f:35:da:b9:d0:10:12:e6:f8:66:9c:2f:f2:2a:a0:4e:65:
         ee:78:6b:c8:a8:c7:ad:d0:22:1c:dc:d7:35:3a:c2:fe:5e:09:
         e1:45:9b:20:77:57:57:89:72:f1:a8:b3:1f:e5:ac:7e:2c:d7:
         6f:0f:d0:8a
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAY3VY+mr362av69kyjHgTH12MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMjIzMDk1NTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2E3MDYyN2JiNDVjZDZjNzFmMjIwMTkyMjZhNmExODk1MjIyZjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpuhDCjAFcEp4CpOzRRcR0ygMmS4
mkoD0zxbj3Lmz6DPw0STx6qvyMlWsRMeZLLoM38ZjMc3ji8/BjR+xixrFF51gugL
CX0/7cRk7MUWK1BlZoBi7hYZEdr69fNddcRXXzD/F/cZIJz9tliIEkf1u0WJSHf8
bHfjHEq1aq2AGzBt59Qfj8NWKa/N1mV75wuFIScQrx1I8r69U4FUa8pzC1ZirqAE
FbQFBz4OgvCUgynaBm5OYrEEbMBj2/Zzakd1vB4F0EBHl5nF8gZ3A+kxmEP83GWt
4edwv8N4ZJVVaZ2jnikHTRiDQdmGAVwCE+bnkDfvn2AKgII1yEkmfzN9vwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFKenBie7Rc1scfIgGSJqahiVIi8HMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzI1LzVkMDc0
YS00ZTEyLTRlOWMtYjM1NC1iZGQ3OWY4NjMyZTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjUvNWQwNzRh
LTRlMTItNGU5Yy1iMzU0LWJkZDc5Zjg2MzJlOS8xL3A2Y0dKN3RGeld4eDhpQVpJ
bXBxR0pVaUx3Yy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9mdMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDJJTANBgkqhkiG9w0BAQsFAAOCAQEAF/W0t7wv9+Y7K0IEI5zEGvLs0B53Sl4W
Kf+6bVw9A9BeDS359ChgAF30/T5txyl6NaN/xajiY/WuFWEVe/WPGvtrIzuqndtD
VgNIl6HcaZL1rLHsVz0KqTg9ZOcU2JZra80l+5jtw0bgtloGJD4/a59eflOfMHgc
2hyUUOAk4stftIh/5kYJbH+1N8PPbgn2NybQD+wHCSQOAHr2uVk9Hh+9Tz8WQWgk
Jx1+Nnav5v01YR4GXf3GbUFDsSyAQ/m3AKsp+lkRK2812rnQEBLm+GacL/IqoE5l
7nhryKjHrdAiHNzXNTrC/l4J4UWbIHdXV4ly8aizH+WsfizXbw/Qig==
-----END CERTIFICATE-----