Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/q3dzqhxxoCJlFGujNszC5Y3q24g.cer
File:                     q3dzqhxxoCJlFGujNszC5Y3q24g.cer (raw, json)
Hash identifier:          JwXbN5tBAKbgyJe94xixogDsQRzm755QH/EILj905zQ=
Subject key identifier:   AB:77:73:AA:1C:71:A0:22:65:14:6B:A3:36:CC:C2:E5:8D:EA:DB:88
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019424B3C64359BF505BDD12C55416ACC7D0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/55/01f997-f027-4a3a-8552-e6dfba1df230/1/q3dzqhxxoCJlFGujNszC5Y3q24g.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/55/01f997-f027-4a3a-8552-e6dfba1df230/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 01:49:09 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 202928
                          IP: 2001:678:18c::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:c6:43:59:bf:50:5b:dd:12:c5:54:16:ac:c7:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 01:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab7773aa1c71a02265146ba336ccc2e58deadb88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:0c:e2:c8:df:9b:b1:97:ed:b9:93:d1:38:66:
                    c1:f8:16:27:80:c0:44:78:08:5f:be:34:41:42:7b:
                    89:3b:d1:03:f7:6b:0f:5f:e9:cd:ec:5f:a4:1a:ce:
                    cb:e4:0c:37:11:11:d1:e4:58:a7:e1:80:43:d7:01:
                    fd:2e:82:39:16:cc:cb:83:63:ba:d8:d5:ec:8c:b7:
                    5d:6f:09:72:70:09:60:f3:06:d5:c2:31:51:51:71:
                    c8:e7:1d:49:25:15:c4:13:80:27:87:c2:2f:04:60:
                    0a:48:97:9d:c3:2b:6b:3e:59:2d:7b:ac:93:dc:58:
                    e0:bf:ab:56:aa:88:30:95:8a:bb:52:62:08:eb:ea:
                    5e:fd:99:c0:02:ad:db:3b:9f:71:f4:4d:16:b4:20:
                    ff:fd:49:7c:6f:4e:49:a6:f0:33:49:0d:d4:26:a9:
                    1a:8a:04:33:b1:f0:4a:32:f5:55:c3:f9:59:68:91:
                    15:4c:9b:d2:ae:65:17:52:e0:01:c6:c7:b1:cf:5e:
                    d0:81:d3:c7:ef:99:a2:91:54:10:8e:d8:f4:43:e9:
                    c1:a4:ce:3e:9d:9a:a7:79:d5:ec:fb:e8:e1:5b:e0:
                    c0:04:c0:76:07:d7:cf:15:df:02:80:34:9a:0f:41:
                    a0:af:cc:94:20:01:60:44:9d:2b:47:35:12:95:f3:
                    58:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:77:73:AA:1C:71:A0:22:65:14:6B:A3:36:CC:C2:E5:8D:EA:DB:88
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/01f997-f027-4a3a-8552-e6dfba1df230/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/01f997-f027-4a3a-8552-e6dfba1df230/1/q3dzqhxxoCJlFGujNszC5Y3q24g.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:18c::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  202928

    Signature Algorithm: sha256WithRSAEncryption
         47:66:b5:db:55:21:4e:38:d8:dc:69:b7:b9:d8:7c:f8:b9:11:
         42:21:9b:24:3b:8a:7f:7f:7b:84:2e:39:32:bf:28:80:57:0b:
         17:1e:52:56:f2:91:81:15:1d:a6:10:2c:0c:c4:46:b9:bb:c8:
         52:f5:f0:2a:61:88:99:3d:65:cd:ad:c6:68:0a:7e:a6:6a:1e:
         9b:62:ee:49:c6:e9:bd:ac:ed:b5:e7:20:3e:77:31:bd:5e:01:
         95:03:b2:18:0d:86:55:65:44:fc:1c:42:bf:be:29:1b:bf:90:
         a7:1a:2e:dc:bb:c4:8a:b4:6b:26:1b:66:dd:6b:9d:bc:cd:ba:
         c8:06:ae:08:b9:e4:23:10:a7:64:e9:fd:7d:37:e0:9c:ef:f5:
         2f:b5:11:88:ee:d5:80:86:78:26:84:37:8a:48:88:f5:40:e3:
         5c:32:0e:7d:99:99:0b:f6:a4:8a:2e:85:b7:c7:0c:d5:c1:60:
         36:37:25:eb:27:06:b5:35:16:87:21:0f:9b:3e:2d:5b:97:b0:
         39:fd:d9:a6:0b:9c:e0:2e:b3:88:97:82:d0:4c:84:6d:55:e7:
         e0:fc:61:63:f2:07:d7:9c:dd:17:7b:e5:a7:07:de:3e:02:35:
         37:57:cb:f8:5f:85:b4:97:b6:b3:c7:a7:48:52:3b:89:c4:4c:
         f3:50:ff:23
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZQks8ZDWb9QW90SxVQWrMfQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDE0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjc3NzNhYTFjNzFhMDIyNjUxNDZiYTMzNmNjYzJlNThkZWFkYjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAywziyN+bsZftuZPROGbB+BYngMBE
eAhfvjRBQnuJO9ED92sPX+nN7F+kGs7L5Aw3ERHR5Fin4YBD1wH9LoI5FszLg2O6
2NXsjLddbwlycAlg8wbVwjFRUXHI5x1JJRXEE4Anh8IvBGAKSJedwytrPlkte6yT
3Fjgv6tWqogwlYq7UmII6+pe/ZnAAq3bO59x9E0WtCD//Ul8b05JpvAzSQ3UJqka
igQzsfBKMvVVw/lZaJEVTJvSrmUXUuABxsexz17QgdPH75mikVQQjtj0Q+nBpM4+
nZqnedXs++jhW+DABMB2B9fPFd8CgDSaD0Ggr8yUIAFgRJ0rRzUSlfNYzQIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFKt3c6occaAiZRRrozbMwuWN6tuIMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU1LzAxZjk5
Ny1mMDI3LTRhM2EtODU1Mi1lNmRmYmExZGYyMzAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTUvMDFmOTk3
LWYwMjctNGEzYS04NTUyLWU2ZGZiYTFkZjIzMC8xL3EzZHpxaHh4b0NKbEZHdWpO
c3pDNVkzcTI0Zy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAGMMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwMYsDANBgkqhkiG9w0BAQsFAAOCAQEAR2a121UhTjjY3Gm3udh8+LkRQiGb
JDuKf397hC45Mr8ogFcLFx5SVvKRgRUdphAsDMRGubvIUvXwKmGImT1lza3GaAp+
pmoem2LuScbpvazttecgPncxvV4BlQOyGA2GVWVE/BxCv74pG7+Qpxou3LvEirRr
Jhtm3WudvM26yAauCLnkIxCnZOn9fTfgnO/1L7URiO7VgIZ4JoQ3ikiI9UDjXDIO
fZmZC/akii6Ft8cM1cFgNjcl6ycGtTUWhyEPmz4tW5ewOf3Zpguc4C6ziJeC0EyE
bVXn4PxhY/IH15zdF3vlpwfePgI1N1fL+F+FtJe2s8enSFI7icRM81D/Iw==
-----END CERTIFICATE-----