Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/qVHmOKLLlcaLvFSicoYFsn9XBoE.cer
File:                     qVHmOKLLlcaLvFSicoYFsn9XBoE.cer (raw, json)
Hash identifier:          qo87kaKeAaYSji2F0RKDVZkl9d+ex8ulkKEjm2WMze0=
Subject key identifier:   A9:51:E6:38:A2:CB:95:C6:8B:BC:54:A2:72:86:05:B2:7F:57:06:81
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194221F99DC7C3978842549232F7D168F17
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f3/f06e79-ed2b-43d5-b4c1-abdf906c5ade/1/qVHmOKLLlcaLvFSicoYFsn9XBoE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f3/f06e79-ed2b-43d5-b4c1-abdf906c5ade/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 13:48:03 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 51885
                          IP: 91.223.156.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:99:dc:7c:39:78:84:25:49:23:2f:7d:16:8f:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 13:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a951e638a2cb95c68bbc54a2728605b27f570681
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:b0:f6:66:5c:bf:51:2c:76:bc:b0:70:67:f9:
                    98:8d:57:bc:df:e7:f5:eb:3c:d4:41:17:27:cc:40:
                    81:06:c9:f9:ed:f1:49:11:fa:ef:5d:6b:cd:03:0b:
                    e2:6d:fe:48:78:81:4f:d0:ae:7e:bd:31:7a:c5:da:
                    2f:bc:1e:20:48:3a:88:39:c3:0f:19:b8:15:87:22:
                    c2:96:14:11:9a:ef:f5:a8:5a:a3:22:b5:6d:2a:15:
                    b1:ea:c2:13:12:19:e0:70:9f:fe:c4:0b:9d:a9:63:
                    e5:6e:8e:51:b9:45:00:e5:6f:9d:81:9a:cf:03:36:
                    10:4d:9a:d2:24:87:14:bf:d6:a3:39:e4:9a:a8:6f:
                    01:48:c7:84:d0:bb:81:bb:9d:eb:f4:11:72:5e:ca:
                    18:89:ce:06:21:67:1c:fc:d0:e8:78:d4:87:37:b9:
                    c1:08:9c:c7:95:e9:18:1b:e3:f8:70:aa:50:96:39:
                    24:db:8b:e5:60:61:b7:9d:89:cd:73:9d:19:5a:9b:
                    64:43:88:0a:6e:85:1d:e2:ae:26:b8:d6:26:fe:bd:
                    7e:13:42:c3:bc:4d:e9:82:42:84:b8:07:d0:b4:5a:
                    f7:fe:c6:06:f0:43:ef:a5:2b:59:66:2d:9e:aa:9e:
                    68:e7:f3:12:ea:3a:ad:27:fd:d6:72:d6:f9:9d:1f:
                    4e:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:51:E6:38:A2:CB:95:C6:8B:BC:54:A2:72:86:05:B2:7F:57:06:81
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/f06e79-ed2b-43d5-b4c1-abdf906c5ade/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/f06e79-ed2b-43d5-b4c1-abdf906c5ade/1/qVHmOKLLlcaLvFSicoYFsn9XBoE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.156.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  51885

    Signature Algorithm: sha256WithRSAEncryption
         37:5e:f2:63:8c:5d:50:7f:72:2f:7c:02:50:fe:40:e5:94:6e:
         5e:3f:71:66:41:f8:90:60:c6:bc:ea:12:9d:c3:b1:55:dd:7c:
         5f:24:a0:52:9b:d5:7d:10:4c:73:eb:65:a0:f5:62:c6:9e:36:
         3b:97:6c:06:ae:b0:46:de:dc:71:51:50:8d:e1:49:d3:9d:02:
         ed:3a:9b:36:66:ca:db:37:f4:08:c4:61:25:47:53:7a:03:e4:
         6c:2e:31:67:03:b7:ff:dc:cf:02:7a:bc:20:b4:fa:78:6e:cd:
         16:82:76:e4:73:46:14:c5:d1:19:bf:57:d1:60:28:cb:d5:6b:
         16:c6:23:a3:aa:4b:cd:06:a8:c4:01:fc:06:6b:34:8a:ae:6b:
         4c:16:cf:3d:32:ca:09:26:58:b5:a1:f6:fe:28:5b:4e:cb:68:
         36:9b:f7:95:f7:eb:62:1e:0f:ef:a7:03:11:fe:12:9c:cd:cd:
         54:ea:ad:cd:cf:bc:6e:61:c5:0f:c2:8f:ba:15:80:7b:5a:dd:
         68:53:95:5e:6c:3a:da:4c:7f:f0:9b:c6:d7:ea:d2:cc:89:a6:
         d6:1d:ff:40:13:82:5a:af:9c:fb:27:88:e9:3e:18:a1:52:43:
         8f:b4:3c:00:6c:6f:9e:7e:5a:5f:16:22:70:f9:64:e9:5e:d5:
         c5:55:b8:88
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQiH5ncfDl4hCVJIy99Fo8XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTM0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTUxZTYzOGEyY2I5NWM2OGJiYzU0YTI3Mjg2MDViMjdmNTcwNjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprD2Zly/USx2vLBwZ/mYjVe83+f1
6zzUQRcnzECBBsn57fFJEfrvXWvNAwvibf5IeIFP0K5+vTF6xdovvB4gSDqIOcMP
GbgVhyLClhQRmu/1qFqjIrVtKhWx6sITEhngcJ/+xAudqWPlbo5RuUUA5W+dgZrP
AzYQTZrSJIcUv9ajOeSaqG8BSMeE0LuBu53r9BFyXsoYic4GIWcc/NDoeNSHN7nB
CJzHlekYG+P4cKpQljkk24vlYGG3nYnNc50ZWptkQ4gKboUd4q4muNYm/r1+E0LD
vE3pgkKEuAfQtFr3/sYG8EPvpStZZi2eqp5o5/MS6jqtJ/3Wctb5nR9O5wIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFKlR5jiiy5XGi7xUonKGBbJ/VwaBMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YzL2YwNmU3
OS1lZDJiLTQzZDUtYjRjMS1hYmRmOTA2YzVhZGUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjMvZjA2ZTc5
LWVkMmItNDNkNS1iNGMxLWFiZGY5MDZjNWFkZS8xL3FWSG1PS0xMbGNhTHZGU2lj
b1lGc245WEJvRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9+cMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDKrTANBgkqhkiG9w0BAQsFAAOCAQEAN17yY4xdUH9yL3wCUP5A5ZRuXj9xZkH4
kGDGvOoSncOxVd18XySgUpvVfRBMc+tloPVixp42O5dsBq6wRt7ccVFQjeFJ050C
7TqbNmbK2zf0CMRhJUdTegPkbC4xZwO3/9zPAnq8ILT6eG7NFoJ25HNGFMXRGb9X
0WAoy9VrFsYjo6pLzQaoxAH8Bms0iq5rTBbPPTLKCSZYtaH2/ihbTstoNpv3lffr
Yh4P76cDEf4SnM3NVOqtzc+8bmHFD8KPuhWAe1rdaFOVXmw62kx/8JvG1+rSzImm
1h3/QBOCWq+c+yeI6T4YoVJDj7Q8AGxvnn5aXxYicPlk6V7VxVW4iA==
-----END CERTIFICATE-----