Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer
File:                     qB6zpes99jRVGpByK8Y61-AiysQ.cer (raw, json)
Hash identifier:          k2Tj5RPZGse+F8q9eurDedGUJvp25bUmv2FU35OjNts=
Subject key identifier:   A8:1E:B3:A5:EB:3D:F6:34:55:1A:90:72:2B:C6:3A:D7:E0:22:CA:C4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC492866C4A5E9D49D7EB4A380965C234
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.mft
caRepository:             rsync://rsync.krill.cloud/repo/nlnetlabs/1/
Notify URL:               https://rrdp.krill.cloud/notification.xml
Certificate not before:   Mon 01 Jan 2024 10:29:46 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 204325
                          AS: 211321
                          IP: 185.49.140.0/22
                          IP: 2a04:b900::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:86:6c:4a:5e:9d:49:d7:eb:4a:38:09:65:c2:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 10:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a81eb3a5eb3df634551a90722bc63ad7e022cac4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:5b:bb:49:6f:4c:91:32:52:93:01:0b:52:78:
                    0d:d0:89:c6:f6:da:04:77:63:78:c8:c4:66:f9:be:
                    4e:67:a6:cf:0c:a2:e1:c1:ea:ce:09:b3:32:12:0e:
                    ab:78:ec:85:dc:3b:c0:f0:a2:5c:f1:85:6a:97:55:
                    32:b0:5b:06:bd:88:72:2e:ca:b4:5b:d9:13:58:61:
                    17:96:b7:54:e0:2d:a8:38:e8:8d:c4:1e:8c:aa:99:
                    60:79:d2:9a:33:90:5f:b0:96:e4:9e:29:3f:4f:ce:
                    fe:2f:6c:12:e5:9c:04:45:0d:eb:c7:69:e5:be:7a:
                    c4:5c:54:b3:df:8c:97:33:b3:1b:87:86:90:92:1a:
                    66:f1:a2:ef:6f:84:f3:48:75:4c:6b:b8:ae:fc:c7:
                    07:44:0d:08:82:3a:8c:fd:f5:f3:a4:33:5f:d1:e5:
                    3a:33:29:8d:8d:30:1f:f6:fa:2f:67:cf:e4:27:d1:
                    66:0b:d6:31:37:3d:de:d8:a5:1b:b7:84:de:1b:ed:
                    22:3e:82:db:5a:51:f0:81:2d:5c:97:23:da:46:88:
                    40:67:ce:b1:b3:58:5e:48:57:94:5f:fe:5b:83:8c:
                    ff:9e:c1:17:dd:9d:d3:3a:4d:b0:55:a4:3e:88:2a:
                    45:f5:86:57:93:97:e6:5c:0e:47:b0:74:27:71:46:
                    19:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:1E:B3:A5:EB:3D:F6:34:55:1A:90:72:2B:C6:3A:D7:E0:22:CA:C4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.krill.cloud/repo/nlnetlabs/1/
                RPKI Manifest - URI:rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.mft
                RPKI Notify - URI:https://rrdp.krill.cloud/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.140.0/22
                IPv6:
                  2a04:b900::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  204325
                  211321

    Signature Algorithm: sha256WithRSAEncryption
         3c:e5:36:18:cc:e8:4c:bc:bc:cd:5f:a7:eb:a6:7e:2c:b6:cf:
         3e:1e:59:29:42:3b:dd:b8:29:d9:ba:97:3d:f2:8d:e3:f9:44:
         8e:4f:0f:14:ea:07:b0:20:d3:d0:69:f4:49:46:50:f1:a5:c5:
         96:5e:3e:f2:21:f1:b2:5d:04:58:32:00:ac:5a:28:e6:08:fa:
         e1:3f:dd:1a:6f:61:6b:61:cb:04:4d:5a:a7:fd:e6:eb:14:3a:
         26:70:81:39:e2:2a:d9:14:ff:a8:2c:06:e9:67:3e:5e:86:ac:
         8b:11:70:f6:cd:df:c3:f8:33:db:36:b4:b7:67:9d:f7:7a:6d:
         ef:39:b3:b2:92:86:0c:8f:ff:0d:74:c2:60:ed:13:bc:3b:64:
         01:90:17:1e:6a:ad:7f:97:86:ee:57:e8:46:61:ab:df:87:7b:
         4e:c4:d5:29:46:f5:39:d7:8c:ca:b9:33:fa:f8:d9:4f:7b:3c:
         d6:9d:f9:e5:a7:3d:97:19:6c:11:68:76:b9:6e:2d:81:af:d1:
         b1:19:14:ea:10:d7:64:e0:85:a8:72:94:22:a2:ea:24:35:12:
         92:82:79:83:20:ab:03:bf:1a:5c:9b:43:ed:d2:21:9b:41:f4:
         ac:96:ce:b1:cc:11:33:f8:de:a1:a2:8a:05:13:9d:6c:7d:11:
         27:cd:c5:5b
-----BEGIN CERTIFICATE-----
MIIFaTCCBFGgAwIBAgISAYzEkoZsSl6dSdfrSjgJZcI0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODFlYjNhNWViM2RmNjM0NTUxYTkwNzIyYmM2M2FkN2UwMjJjYWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFu7SW9MkTJSkwELUngN0InG9toE
d2N4yMRm+b5OZ6bPDKLhwerOCbMyEg6reOyF3DvA8KJc8YVql1UysFsGvYhyLsq0
W9kTWGEXlrdU4C2oOOiNxB6MqplgedKaM5BfsJbknik/T87+L2wS5ZwERQ3rx2nl
vnrEXFSz34yXM7Mbh4aQkhpm8aLvb4TzSHVMa7iu/McHRA0IgjqM/fXzpDNf0eU6
MymNjTAf9vovZ8/kJ9FmC9YxNz3e2KUbt4TeG+0iPoLbWlHwgS1clyPaRohAZ86x
s1heSFeUX/5bg4z/nsEX3Z3TOk2wVaQ+iCpF9YZXk5fmXA5HsHQncUYZCQIDAQAB
o4ICdTCCAnEwHQYDVR0OBBYEFKges6XrPfY0VRqQcivGOtfgIsrEMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwgeUGCCsGAQUFBwELBIHYMIHVMDcGCCsGAQUFBzAFhityc3lu
YzovL3JzeW5jLmtyaWxsLmNsb3VkL3JlcG8vbmxuZXRsYWJzLzEvMGMGCCsGAQUF
BzAKhldyc3luYzovL3JzeW5jLmtyaWxsLmNsb3VkL3JlcG8vbmxuZXRsYWJzLzEv
QTgxRUIzQTVFQjNERjYzNDU1MUE5MDcyMkJDNjNBRDdFMDIyQ0FDNC5tZnQwNQYI
KwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5rcmlsbC5jbG91ZC9ub3RpZmljYXRpb24u
eG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNybDAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIA
ATAGAwQCuTGMMA0EAgACMAcDBQMqBLkAMB8GCCsGAQUFBwEIAQH/BBAwDqAMMAoC
AwMeJQIDAzl5MA0GCSqGSIb3DQEBCwUAA4IBAQA85TYYzOhMvLzNX6frpn4sts8+
HlkpQjvduCnZupc98o3j+USOTw8U6gewINPQafRJRlDxpcWWXj7yIfGyXQRYMgCs
WijmCPrhP90ab2FrYcsETVqn/ebrFDomcIE54irZFP+oLAbpZz5ehqyLEXD2zd/D
+DPbNrS3Z533em3vObOykoYMj/8NdMJg7RO8O2QBkBceaq1/l4buV+hGYavfh3tO
xNUpRvU514zKuTP6+NlPezzWnfnlpz2XGWwRaHa5bi2Br9GxGRTqENdk4IWocpQi
ouokNRKSgnmDIKsDvxpcm0Pt0iGbQfSsls6xzBEz+N6hoooFE51sfREnzcVb
-----END CERTIFICATE-----