Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/q3rQAuSQheSApRIaeaJvztr_oZs.cer
File:                     q3rQAuSQheSApRIaeaJvztr_oZs.cer (raw, json)
Hash identifier:          6yAO0Y4yYaphW5bGxAgMBf+ByJVQa2W4YKr5E+MXRy0=
Subject key identifier:   AB:7A:D0:02:E4:90:85:E4:80:A5:12:1A:79:A2:6F:CE:DA:FF:A1:9B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019421B259B6AC9B815C5C3A45CB8A981371
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/22/24fbb6-86bc-46cb-88e5-b5873ba8fe47/1/q3rQAuSQheSApRIaeaJvztr_oZs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/22/24fbb6-86bc-46cb-88e5-b5873ba8fe47/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 11:48:44 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 56996
                          IP: 91.229.237.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:59:b6:ac:9b:81:5c:5c:3a:45:cb:8a:98:13:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 11:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab7ad002e49085e480a5121a79a26fcedaffa19b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:6d:f8:15:a0:18:49:e4:ba:23:cf:d5:7f:f8:
                    6c:1d:36:02:66:74:55:82:e2:7c:d8:5b:3d:38:e2:
                    e0:8e:75:3e:4d:e9:cd:88:a3:1a:d1:97:91:f5:74:
                    47:8a:92:4e:d2:fc:7d:21:07:8c:2c:01:1c:c3:ee:
                    54:53:8e:91:45:4c:f7:cb:9e:73:0a:95:9a:01:ff:
                    ea:7d:b3:24:ce:4b:31:4f:57:f9:a1:ab:18:e9:07:
                    d0:a3:e2:4c:5f:ce:eb:ef:f9:5a:f7:c9:a3:a8:23:
                    5e:16:b0:50:24:df:e1:e5:37:01:78:d7:fa:a5:22:
                    de:38:58:be:91:30:c5:81:a1:56:7c:b9:cc:de:78:
                    5b:91:48:6a:be:d4:30:fd:36:b8:23:0b:37:7a:30:
                    a5:f4:e8:91:7e:98:43:e3:0a:e6:57:02:dd:fe:0f:
                    c0:41:d3:51:08:42:a7:41:7a:1d:34:8a:c7:26:a0:
                    03:95:d7:1b:95:72:4a:35:63:e2:91:77:04:30:e5:
                    3d:e4:94:2c:8a:cb:07:29:eb:eb:26:77:03:e0:e4:
                    53:62:5e:9b:96:b1:42:7d:94:a3:cc:0b:ed:98:96:
                    dd:51:0a:bd:14:1c:2d:a6:c3:ae:3d:61:4d:a6:3b:
                    d6:2f:d5:22:70:cf:63:08:0a:f1:d5:49:6f:c5:60:
                    03:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:7A:D0:02:E4:90:85:E4:80:A5:12:1A:79:A2:6F:CE:DA:FF:A1:9B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/24fbb6-86bc-46cb-88e5-b5873ba8fe47/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/24fbb6-86bc-46cb-88e5-b5873ba8fe47/1/q3rQAuSQheSApRIaeaJvztr_oZs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.237.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  56996

    Signature Algorithm: sha256WithRSAEncryption
         30:50:0c:8f:f8:3f:7b:5c:98:cf:d2:e5:20:98:6e:0f:a5:77:
         07:be:58:04:a9:e7:fc:fb:cc:a7:78:31:3f:42:a8:76:ee:0f:
         7f:7d:7d:03:1b:2c:13:12:03:07:e2:dc:45:41:56:2b:a6:ba:
         ab:25:17:cb:72:36:2b:81:35:4f:a7:83:4f:ad:e4:76:a6:c9:
         4a:b5:6e:60:39:ec:24:c6:92:d2:f2:50:14:33:3b:64:e6:b1:
         aa:12:9e:2a:6a:f1:1d:c1:11:94:5c:ac:a1:cc:01:b0:dc:7b:
         15:8e:45:f0:65:fc:91:55:93:2e:36:0b:5f:dc:ff:ba:88:44:
         36:4c:da:67:e4:44:34:c1:c8:39:c3:2d:f7:93:5f:b3:1b:34:
         cb:f1:7d:26:02:e6:13:18:7d:6e:1b:0e:10:9d:30:e2:d4:79:
         a6:15:cb:7d:b0:3a:a4:b5:13:29:86:e5:30:56:f6:04:25:96:
         a4:8a:e2:83:1d:96:91:5b:da:de:e5:23:59:1f:30:28:9f:ca:
         b3:e0:22:aa:d3:82:8f:2e:2f:42:bd:42:08:00:c8:53:e4:df:
         1a:8e:20:e4:9c:93:bb:86:af:a1:14:e5:a0:ed:92:08:92:ef:
         4d:59:fb:cf:07:81:82:2a:3f:30:38:90:4e:ec:67:36:1f:6e:
         54:9f:c5:56
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQhslm2rJuBXFw6RcuKmBNxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTE0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjdhZDAwMmU0OTA4NWU0ODBhNTEyMWE3OWEyNmZjZWRhZmZhMTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkW34FaAYSeS6I8/Vf/hsHTYCZnRV
guJ82Fs9OOLgjnU+TenNiKMa0ZeR9XRHipJO0vx9IQeMLAEcw+5UU46RRUz3y55z
CpWaAf/qfbMkzksxT1f5oasY6QfQo+JMX87r7/la98mjqCNeFrBQJN/h5TcBeNf6
pSLeOFi+kTDFgaFWfLnM3nhbkUhqvtQw/Ta4Iws3ejCl9OiRfphD4wrmVwLd/g/A
QdNRCEKnQXodNIrHJqADldcblXJKNWPikXcEMOU95JQsissHKevrJncD4ORTYl6b
lrFCfZSjzAvtmJbdUQq9FBwtpsOuPWFNpjvWL9UicM9jCArx1UlvxWADHQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFKt60ALkkIXkgKUSGnmib87a/6GbMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzIyLzI0ZmJi
Ni04NmJjLTQ2Y2ItODhlNS1iNTg3M2JhOGZlNDcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjIvMjRmYmI2
LTg2YmMtNDZjYi04OGU1LWI1ODczYmE4ZmU0Ny8xL3EzclFBdVNRaGVTQXBSSWFl
YUp2enRyX29acy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW+XtMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDepDANBgkqhkiG9w0BAQsFAAOCAQEAMFAMj/g/e1yYz9LlIJhuD6V3B75YBKnn
/PvMp3gxP0Kodu4Pf319AxssExIDB+LcRUFWK6a6qyUXy3I2K4E1T6eDT63kdqbJ
SrVuYDnsJMaS0vJQFDM7ZOaxqhKeKmrxHcERlFysocwBsNx7FY5F8GX8kVWTLjYL
X9z/uohENkzaZ+RENMHIOcMt95Nfsxs0y/F9JgLmExh9bhsOEJ0w4tR5phXLfbA6
pLUTKYblMFb2BCWWpIrigx2WkVva3uUjWR8wKJ/Ks+AiqtOCjy4vQr1CCADIU+Tf
Go4g5JyTu4avoRTloO2SCJLvTVn7zweBgio/MDiQTuxnNh9uVJ/FVg==
-----END CERTIFICATE-----