Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/q1PsDpoFPLvg6aBxvK2eaKmcz6g.cer
File:                     q1PsDpoFPLvg6aBxvK2eaKmcz6g.cer (raw, json)
Hash identifier:          ydUwb/UqbeIDZ+ya3JjJbgwjEyPm4X6N/UvlHwS0qvU=
Subject key identifier:   AB:53:EC:0E:9A:05:3C:BB:E0:E9:A0:71:BC:AD:9E:68:A9:9C:CF:A8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942368EDD0AD024447C0771CA65C925EDC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d7/61f398-94f6-4468-85f3-63fcaac31ca3/1/q1PsDpoFPLvg6aBxvK2eaKmcz6g.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d7/61f398-94f6-4468-85f3-63fcaac31ca3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 19:47:46 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 34731
                          IP: 80.76.16.0/20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:ed:d0:ad:02:44:47:c0:77:1c:a6:5c:92:5e:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 19:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab53ec0e9a053cbbe0e9a071bcad9e68a99ccfa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:a0:e7:57:a6:03:2b:70:bc:c1:e7:14:4c:11:
                    55:e4:bc:4b:be:2f:a4:ed:6f:39:0f:62:5e:08:05:
                    62:76:d0:ca:37:ca:ad:29:40:1b:39:46:f9:ce:0d:
                    81:d1:a8:30:6e:34:6d:53:22:27:a1:28:15:57:40:
                    c0:7f:48:5b:84:0e:c0:2f:23:e5:58:78:e3:d0:56:
                    5b:85:06:cb:b7:a6:c6:84:d5:de:e7:1c:45:78:84:
                    65:40:94:91:08:c9:90:19:64:7a:62:ab:05:87:65:
                    10:fd:c8:c3:df:41:e0:80:dd:45:78:c6:60:d0:4f:
                    da:14:86:07:e1:32:41:b3:cf:c9:55:23:7f:b9:9f:
                    df:3f:66:51:5c:ec:b9:b7:b1:2d:d6:13:16:3e:25:
                    72:af:40:05:fd:22:f4:00:40:73:f3:d2:bb:51:74:
                    75:51:a1:af:0f:5f:64:c9:05:3b:86:c9:39:7b:25:
                    7b:e6:57:7b:52:9e:11:4e:e6:78:e0:5d:01:42:42:
                    34:cb:89:92:2f:49:38:1d:bc:53:c4:51:f6:c5:53:
                    08:d9:ea:6c:dc:08:64:fb:43:4b:b6:b5:1d:fe:c5:
                    8a:52:a8:f9:99:af:f6:cc:f3:ef:23:17:07:da:67:
                    eb:d9:0b:91:36:cf:a0:bf:ab:a2:c8:eb:90:88:20:
                    ff:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:53:EC:0E:9A:05:3C:BB:E0:E9:A0:71:BC:AD:9E:68:A9:9C:CF:A8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/61f398-94f6-4468-85f3-63fcaac31ca3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/61f398-94f6-4468-85f3-63fcaac31ca3/1/q1PsDpoFPLvg6aBxvK2eaKmcz6g.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.76.16.0/20

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  34731

    Signature Algorithm: sha256WithRSAEncryption
         9e:dd:c2:60:bb:cd:a6:de:67:d1:d6:e1:d0:0f:21:e5:dd:6f:
         2f:50:e5:31:a3:94:5c:9e:fc:7e:62:86:59:e1:e8:e6:aa:a8:
         dc:66:5e:48:81:72:0a:dc:b7:fc:cd:53:4d:c6:51:35:ad:a0:
         08:f9:1d:f9:76:31:d4:2e:c6:39:3b:46:d1:f1:2f:0b:63:03:
         3f:ba:51:f6:c8:ee:b8:50:14:53:02:7e:56:5c:ef:7b:cb:ec:
         d5:07:e8:3a:d3:29:9d:62:c9:87:82:e7:e6:95:e9:e0:32:4c:
         f8:93:e9:22:b0:4c:2d:e1:36:6f:0b:fc:06:ae:52:05:82:73:
         01:13:1c:7d:cb:00:ad:be:60:60:56:41:24:85:0a:2f:59:12:
         db:e6:a3:e7:49:20:92:01:28:d2:64:0f:7d:98:a5:8c:41:27:
         af:a4:63:ec:94:25:51:ca:cf:0d:76:af:65:ae:e8:1d:a8:9e:
         e8:5b:bc:89:3d:81:eb:7c:95:7d:0a:7e:c2:f9:1e:53:bc:6f:
         af:ca:74:f2:93:8b:2e:19:d3:eb:00:8b:55:a2:3b:33:de:80:
         14:43:df:91:34:80:e1:e3:7b:f5:df:6b:32:1a:35:49:16:a9:
         c2:81:8e:f8:46:15:31:34:07:c9:78:f3:54:25:62:56:7b:d3:
         1e:b4:d4:3c
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQjaO3QrQJER8B3HKZckl7cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTk0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjUzZWMwZTlhMDUzY2JiZTBlOWEwNzFiY2FkOWU2OGE5OWNjZmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzaDnV6YDK3C8wecUTBFV5LxLvi+k
7W85D2JeCAVidtDKN8qtKUAbOUb5zg2B0agwbjRtUyInoSgVV0DAf0hbhA7ALyPl
WHjj0FZbhQbLt6bGhNXe5xxFeIRlQJSRCMmQGWR6YqsFh2UQ/cjD30HggN1FeMZg
0E/aFIYH4TJBs8/JVSN/uZ/fP2ZRXOy5t7Et1hMWPiVyr0AF/SL0AEBz89K7UXR1
UaGvD19kyQU7hsk5eyV75ld7Up4RTuZ44F0BQkI0y4mSL0k4HbxTxFH2xVMI2eps
3Ahk+0NLtrUd/sWKUqj5ma/2zPPvIxcH2mfr2QuRNs+gv6uiyOuQiCD/nQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFKtT7A6aBTy74OmgcbytnmipnM+oMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q3LzYxZjM5
OC05NGY2LTQ0NjgtODVmMy02M2ZjYWFjMzFjYTMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDcvNjFmMzk4
LTk0ZjYtNDQ2OC04NWYzLTYzZmNhYWMzMWNhMy8xL3ExUHNEcG9GUEx2ZzZhQnh2
SzJlYUttY3o2Zy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQEUEwQMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCHqzANBgkqhkiG9w0BAQsFAAOCAQEAnt3CYLvNpt5n0dbh0A8h5d1vL1DlMaOU
XJ78fmKGWeHo5qqo3GZeSIFyCty3/M1TTcZRNa2gCPkd+XYx1C7GOTtG0fEvC2MD
P7pR9sjuuFAUUwJ+Vlzve8vs1QfoOtMpnWLJh4Ln5pXp4DJM+JPpIrBMLeE2bwv8
Bq5SBYJzARMcfcsArb5gYFZBJIUKL1kS2+aj50kgkgEo0mQPfZiljEEnr6Rj7JQl
UcrPDXavZa7oHaie6Fu8iT2B63yVfQp+wvkeU7xvr8p08pOLLhnT6wCLVaI7M96A
FEPfkTSA4eN79d9rMho1SRapwoGO+EYVMTQHyXjzVCViVnvTHrTUPA==
-----END CERTIFICATE-----