Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/qBVYhT_rx52BPrLAzly3NvtzwN8.cer
File:                     qBVYhT_rx52BPrLAzly3NvtzwN8.cer (raw, json)
Hash identifier:          Mi4i33tGE01ZGN6Ux/CJp7djGrIEMP9FdVnfii6ZAz4=
Subject key identifier:   A8:15:58:85:3F:EB:C7:9D:81:3E:B2:C0:CE:5C:B7:36:FB:73:C0:DF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B6E4E9F9A47B431693F5D62E99B2EA
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4e/5ca48b-c966-4e63-868d-a85c1b2ec1ce/1/qBVYhT_rx52BPrLAzly3NvtzwN8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4e/5ca48b-c966-4e63-868d-a85c1b2ec1ce/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:29:52 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 200534
                          IP: 185.221.108.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:e4:e9:f9:a4:7b:43:16:93:f5:d6:2e:99:b2:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a81558853febc79d813eb2c0ce5cb736fb73c0df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ba:43:a8:93:22:63:65:7c:c2:f5:05:a4:ab:
                    df:c5:c6:e5:62:47:30:d8:18:05:d5:7c:d8:a7:e1:
                    ed:89:78:9c:13:a5:ba:75:f0:64:13:32:ef:b3:ba:
                    4b:df:a1:1e:6d:a7:b6:a9:68:ce:6b:77:92:7c:9c:
                    4c:72:a0:de:98:0d:53:f3:23:7c:72:52:c2:2f:3a:
                    86:7d:4f:a1:52:9b:0c:85:5d:8a:ff:f2:44:e6:7b:
                    1e:5d:c5:56:c2:33:75:f1:83:68:4e:72:9e:13:97:
                    4b:97:2c:89:6a:b2:6f:d5:78:c3:ca:4e:0d:26:db:
                    77:4a:1a:fd:43:85:00:36:d5:31:80:95:d7:52:94:
                    13:c0:77:0b:3f:86:9d:ff:1a:80:96:b1:45:ab:ff:
                    20:6f:57:46:4d:71:1f:9b:b9:b8:09:fc:17:eb:eb:
                    26:30:56:c8:ba:69:f7:e6:a4:8a:d7:0f:da:44:de:
                    8d:2d:10:58:d3:ee:21:14:77:8c:3b:77:e0:79:5f:
                    c0:b5:28:ef:b1:0e:f1:e1:f4:c3:65:c3:3d:d4:4d:
                    c1:8b:c4:4f:d9:89:d1:f1:4a:02:e8:c4:7f:42:50:
                    da:6f:84:c8:80:80:fc:0f:39:55:42:89:00:51:74:
                    73:37:8e:26:7e:47:75:ab:1f:71:de:e1:cf:16:1e:
                    30:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:15:58:85:3F:EB:C7:9D:81:3E:B2:C0:CE:5C:B7:36:FB:73:C0:DF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/5ca48b-c966-4e63-868d-a85c1b2ec1ce/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/5ca48b-c966-4e63-868d-a85c1b2ec1ce/1/qBVYhT_rx52BPrLAzly3NvtzwN8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.108.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  200534

    Signature Algorithm: sha256WithRSAEncryption
         95:5b:69:f5:d1:da:2d:30:7b:2c:fd:c6:ec:bb:c9:49:ed:b0:
         9b:39:37:69:7e:32:89:69:bd:e4:90:ce:25:b9:80:fc:b8:87:
         b0:ef:3b:27:61:dc:bd:17:7b:77:e7:3e:3a:91:83:79:80:97:
         53:89:b5:02:9e:b4:b7:36:71:9c:cf:08:32:cf:dd:29:05:de:
         56:fa:21:48:f0:b1:37:73:cf:5b:0d:16:28:4f:d6:e1:52:60:
         3d:fa:28:90:eb:1a:e3:3a:98:50:5e:fa:3f:fc:e3:df:34:05:
         39:2d:69:a3:e1:95:53:fe:f0:67:61:fa:83:a3:1a:e2:c6:91:
         9c:3e:8e:40:d4:1d:ba:db:f7:9a:3c:ae:c5:7c:a7:33:de:01:
         26:2b:af:b3:a5:6d:e8:ef:0a:cc:35:40:85:f5:06:c9:a9:49:
         7d:03:06:3d:8c:d4:38:35:9b:33:2d:10:7f:9c:fa:d6:da:de:
         4a:99:ab:11:0d:8b:04:4c:ed:27:d3:47:ba:74:ea:0b:b7:86:
         c3:85:f0:c1:63:07:ff:c5:cb:08:e6:ba:2b:4d:0f:78:86:89:
         b2:b2:23:13:b9:c9:ad:e0:b1:c3:88:3b:63:7d:88:4e:e2:f2:
         5f:60:8d:6d:ab:fc:1f:75:17:76:e7:de:c5:9f:ed:ed:e0:30:
         0c:fe:1c:ce
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzDtuTp+aR7QxaT9dYumbLqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODE1NTg4NTNmZWJjNzlkODEzZWIyYzBjZTVjYjczNmZiNzNjMGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7pDqJMiY2V8wvUFpKvfxcblYkcw
2BgF1XzYp+HtiXicE6W6dfBkEzLvs7pL36Eebae2qWjOa3eSfJxMcqDemA1T8yN8
clLCLzqGfU+hUpsMhV2K//JE5nseXcVWwjN18YNoTnKeE5dLlyyJarJv1XjDyk4N
Jtt3Shr9Q4UANtUxgJXXUpQTwHcLP4ad/xqAlrFFq/8gb1dGTXEfm7m4CfwX6+sm
MFbIumn35qSK1w/aRN6NLRBY0+4hFHeMO3fgeV/AtSjvsQ7x4fTDZcM91E3Bi8RP
2YnR8UoC6MR/QlDab4TIgID8DzlVQokAUXRzN44mfkd1qx9x3uHPFh4wwQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFKgVWIU/68edgT6ywM5ctzb7c8DfMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRlLzVjYTQ4
Yi1jOTY2LTRlNjMtODY4ZC1hODVjMWIyZWMxY2UvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvNWNhNDhi
LWM5NjYtNGU2My04NjhkLWE4NWMxYjJlYzFjZS8xL3FCVlloVF9yeDUyQlByTEF6
bHkzTnZ0endOOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCud1sMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMPVjANBgkqhkiG9w0BAQsFAAOCAQEAlVtp9dHaLTB7LP3G7LvJSe2wmzk3aX4y
iWm95JDOJbmA/LiHsO87J2HcvRd7d+c+OpGDeYCXU4m1Ap60tzZxnM8IMs/dKQXe
VvohSPCxN3PPWw0WKE/W4VJgPfookOsa4zqYUF76P/zj3zQFOS1po+GVU/7wZ2H6
g6Ma4saRnD6OQNQdutv3mjyuxXynM94BJiuvs6Vt6O8KzDVAhfUGyalJfQMGPYzU
ODWbMy0Qf5z61treSpmrEQ2LBEztJ9NHunTqC7eGw4XwwWMH/8XLCOa6K00PeIaJ
srIjE7nJreCxw4g7Y32ITuLyX2CNbav8H3UXdufexZ/t7eAwDP4czg==
-----END CERTIFICATE-----