Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/pz1kDZC_PWfySYE4zDcfZUZH3a0.cer
File:                     pz1kDZC_PWfySYE4zDcfZUZH3a0.cer (raw, json)
Hash identifier:          NKVzf4sqRGok3K2QT3WyduiFeEaFm69edqhC+Tma1+I=
Subject key identifier:   A7:3D:64:0D:90:BF:3D:67:F2:49:81:38:CC:37:1F:65:46:47:DD:AD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC26D583BEF068EE296FCA185DEA7FDDF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/98/72892a-3bc0-4f57-bc5b-75039750bd68/1/pz1kDZC_PWfySYE4zDcfZUZH3a0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/98/72892a-3bc0-4f57-bc5b-75039750bd68/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 00:29:55 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 41970
                          IP: 194.60.74.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:58:3b:ef:06:8e:e2:96:fc:a1:85:de:a7:fd:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a73d640d90bf3d67f2498138cc371f654647ddad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:9f:24:3e:16:63:c1:0a:fb:bb:67:49:07:d3:
                    76:92:fb:92:ce:fb:c1:0d:dc:36:71:54:48:93:f4:
                    9a:a5:45:b4:63:05:1f:a7:d2:df:1a:41:d8:56:8e:
                    18:b9:03:17:41:66:91:fa:3a:8d:55:49:40:61:13:
                    c9:08:a2:15:f0:a8:ea:08:47:67:5c:cc:46:11:88:
                    0c:84:db:19:0b:2f:2b:e5:33:97:e1:9a:8c:f5:4a:
                    2e:28:ab:23:5f:46:be:18:4d:a0:f9:ed:c8:ec:b4:
                    dd:ed:62:36:a6:6e:ca:ea:ca:fe:6f:08:be:b2:19:
                    97:cf:16:93:f7:69:50:3a:e6:db:4b:b2:e7:fa:d7:
                    4c:4e:47:61:7e:20:ac:ca:89:87:ed:27:77:a9:bf:
                    81:95:6f:5e:50:72:fb:3c:d0:13:ba:f3:e4:9d:79:
                    0a:41:90:5d:53:62:06:9f:fa:e0:d6:93:11:dc:d5:
                    77:d5:8b:97:89:02:52:cd:6a:3f:ba:93:52:f6:6b:
                    cb:22:2e:eb:8a:dc:93:78:09:fd:7c:e7:bb:fe:dd:
                    77:88:bf:07:8b:bb:0a:f3:46:5b:50:87:09:ce:4f:
                    1f:ee:97:b3:95:8e:07:a3:c6:11:0e:c8:b9:e9:7a:
                    c2:d8:49:77:62:66:21:1f:6a:ad:d6:51:cc:d3:7c:
                    81:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:3D:64:0D:90:BF:3D:67:F2:49:81:38:CC:37:1F:65:46:47:DD:AD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/72892a-3bc0-4f57-bc5b-75039750bd68/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/72892a-3bc0-4f57-bc5b-75039750bd68/1/pz1kDZC_PWfySYE4zDcfZUZH3a0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.60.74.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  41970

    Signature Algorithm: sha256WithRSAEncryption
         94:bc:e5:10:69:dc:e0:58:c0:6f:62:ab:e4:2b:55:78:6e:19:
         38:5e:9b:25:88:e3:35:da:cf:a1:ea:a6:4c:03:a9:55:27:36:
         36:65:ea:31:51:f9:5d:62:e5:31:58:bb:18:00:f9:36:ed:9c:
         a7:9f:97:2d:a6:fb:bf:5e:bb:73:57:64:8e:c5:bf:c3:c7:e3:
         91:fb:66:cc:35:e5:c5:cc:c1:f9:ef:25:11:83:92:3d:00:d8:
         ac:8c:eb:b8:ff:83:f5:d9:42:97:1f:3b:4b:73:cb:3c:90:01:
         1d:ac:f1:65:6d:15:db:d6:38:4e:39:af:49:c5:be:a6:e0:c2:
         3f:71:48:91:6b:29:09:ed:b4:52:0a:36:0f:e8:49:a4:fd:21:
         19:58:81:5c:a3:6b:0c:54:38:c2:8b:32:c7:54:6b:08:9d:1d:
         be:c6:35:14:c1:96:a1:4c:bf:a9:d4:c6:a1:ec:10:fe:97:f6:
         30:99:38:ec:07:19:83:b1:f2:8f:c9:16:d7:ec:f0:31:a8:0d:
         05:c0:cc:c6:57:b1:cf:37:ea:33:7c:33:38:50:39:f7:ec:a9:
         10:fc:b1:d3:d3:f8:04:f8:bd:fa:4c:7a:65:f8:60:ff:80:05:
         ea:21:52:83:83:73:39:ff:97:fe:50:8d:35:13:0b:ec:0e:38:
         f7:61:9b:b7
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzCbVg77waO4pb8oYXep/3fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzNkNjQwZDkwYmYzZDY3ZjI0OTgxMzhjYzM3MWY2NTQ2NDdkZGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJ8kPhZjwQr7u2dJB9N2kvuSzvvB
Ddw2cVRIk/SapUW0YwUfp9LfGkHYVo4YuQMXQWaR+jqNVUlAYRPJCKIV8KjqCEdn
XMxGEYgMhNsZCy8r5TOX4ZqM9UouKKsjX0a+GE2g+e3I7LTd7WI2pm7K6sr+bwi+
shmXzxaT92lQOubbS7Ln+tdMTkdhfiCsyomH7Sd3qb+BlW9eUHL7PNATuvPknXkK
QZBdU2IGn/rg1pMR3NV31YuXiQJSzWo/upNS9mvLIi7rityTeAn9fOe7/t13iL8H
i7sK80ZbUIcJzk8f7pezlY4Ho8YRDsi56XrC2El3YmYhH2qt1lHM03yBuwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFKc9ZA2Qvz1n8kmBOMw3H2VGR92tMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk4LzcyODky
YS0zYmMwLTRmNTctYmM1Yi03NTAzOTc1MGJkNjgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTgvNzI4OTJh
LTNiYzAtNGY1Ny1iYzViLTc1MDM5NzUwYmQ2OC8xL3B6MWtEWkNfUFdmeVNZRTR6
RGNmWlVaSDNhMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwjxKMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCj8jANBgkqhkiG9w0BAQsFAAOCAQEAlLzlEGnc4FjAb2Kr5CtVeG4ZOF6bJYjj
NdrPoeqmTAOpVSc2NmXqMVH5XWLlMVi7GAD5Nu2cp5+XLab7v167c1dkjsW/w8fj
kftmzDXlxczB+e8lEYOSPQDYrIzruP+D9dlClx87S3PLPJABHazxZW0V29Y4Tjmv
ScW+puDCP3FIkWspCe20Ugo2D+hJpP0hGViBXKNrDFQ4wosyx1RrCJ0dvsY1FMGW
oUy/qdTGoewQ/pf2MJk47AcZg7Hyj8kW1+zwMagNBcDMxlexzzfqM3wzOFA59+yp
EPyx09P4BPi9+kx6Zfhg/4AF6iFSg4NzOf+X/lCNNRML7A4492Gbtw==
-----END CERTIFICATE-----