Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/qY7r7ZdT9YC-p1s1LnBjJaGNFEc.cer
File:                     qY7r7ZdT9YC-p1s1LnBjJaGNFEc.cer (raw, json)
Hash identifier:          SKdl49vLOXDIK1mFkSGul8ZFHWiD4R4FbcBQ79ammpY=
Subject key identifier:   A9:8E:EB:ED:97:53:F5:80:BE:A7:5B:35:2E:70:63:25:A1:8D:14:47
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC4934CDDF9C2C0115244A8430C0C1FF2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ba/a74744-ed48-4707-a63e-52f6919139c4/1/qY7r7ZdT9YC-p1s1LnBjJaGNFEc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ba/a74744-ed48-4707-a63e-52f6919139c4/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 10:30:37 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.57.136.0/22
                          IP: 2a04:ddc0::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:4c:dd:f9:c2:c0:11:52:44:a8:43:0c:0c:1f:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 10:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a98eebed9753f580bea75b352e706325a18d1447
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:62:65:1e:ad:d7:50:92:da:52:dc:ce:4e:12:
                    72:b8:f7:17:75:46:75:8a:58:08:b6:eb:cf:6c:1b:
                    e3:6b:82:7c:f1:e8:ed:a1:c2:5e:cd:4f:73:74:e4:
                    af:09:8e:bf:e0:e1:3f:da:36:c6:d7:0c:43:00:ba:
                    24:78:8b:ae:60:e2:17:b0:be:e3:da:66:3e:64:8c:
                    ad:0c:f4:91:c1:8e:3f:30:da:d3:73:69:2e:35:68:
                    b1:f8:20:43:2e:7e:b9:c7:ca:f1:e0:ba:9e:95:59:
                    ab:e9:b1:b0:d9:6e:a9:17:ae:50:c6:9d:d3:1f:08:
                    39:a5:0c:97:32:e4:27:8a:d5:b2:fa:0e:36:30:62:
                    1b:1c:c9:64:5c:6b:57:f2:87:7d:d7:f2:0e:8e:43:
                    1e:19:de:55:c5:44:3e:4b:02:7b:49:4a:de:62:6a:
                    73:30:9c:ed:92:ce:13:b2:02:ff:76:37:5d:45:45:
                    0c:b1:c4:5c:d8:a6:97:0c:3a:b4:e2:ef:d8:06:70:
                    97:02:9b:56:2b:4c:4b:1f:90:78:8b:2a:82:23:81:
                    d8:94:c1:f7:06:f4:ef:7e:0d:e6:76:c9:5c:80:cc:
                    e4:33:90:d8:da:f2:ab:ab:87:cf:8b:49:5a:d3:d5:
                    8c:25:36:6e:dd:da:fc:e8:a4:a9:7b:e2:98:ee:4b:
                    68:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:8E:EB:ED:97:53:F5:80:BE:A7:5B:35:2E:70:63:25:A1:8D:14:47
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/a74744-ed48-4707-a63e-52f6919139c4/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/a74744-ed48-4707-a63e-52f6919139c4/1/qY7r7ZdT9YC-p1s1LnBjJaGNFEc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.136.0/22
                IPv6:
                  2a04:ddc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6c:31:2b:c1:53:70:11:c7:b6:86:86:2d:3b:80:aa:90:7d:6f:
         50:1e:c0:0f:96:04:cb:7c:cf:50:5b:30:ca:32:33:80:a5:6a:
         b1:4b:bb:99:b8:d4:97:01:f5:5f:db:c1:03:35:bf:a9:d6:8c:
         0c:b0:c9:7f:7b:d5:48:ad:67:28:fd:fb:28:12:db:05:e5:79:
         de:f9:30:95:5d:b3:be:1e:2e:0f:04:61:0e:c7:53:1f:c8:34:
         88:55:49:50:70:e7:a4:5d:58:aa:82:c1:fc:cf:40:17:fa:45:
         f3:34:dd:15:5d:ca:34:e0:da:18:2f:83:d5:58:8c:49:6f:9b:
         5b:6a:34:a1:a9:23:35:4c:9a:18:5e:92:1a:ea:37:3f:14:32:
         9b:18:71:7d:b6:63:3c:7b:bc:7a:4f:1b:28:ab:dc:c0:cc:96:
         25:3b:6e:72:d4:29:4c:c4:72:1a:7e:c5:e1:d1:14:5b:85:97:
         21:15:f5:ef:38:5d:f5:f8:4b:6d:9d:c1:dc:d7:4f:39:a8:dd:
         54:42:2e:bd:c8:79:17:73:53:9f:8e:a9:96:95:db:8a:12:42:
         d7:98:03:4a:f3:96:3a:4b:10:65:6f:15:e0:e9:6e:20:57:be:
         5d:95:64:98:86:9c:ec:1a:a6:11:bd:43:cb:e1:83:9a:b4:0a:
         79:e8:44:34
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzEk0zd+cLAEVJEqEMMDB/yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOThlZWJlZDk3NTNmNTgwYmVhNzViMzUyZTcwNjMyNWExOGQxNDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWJlHq3XUJLaUtzOThJyuPcXdUZ1
ilgItuvPbBvja4J88ejtocJezU9zdOSvCY6/4OE/2jbG1wxDALokeIuuYOIXsL7j
2mY+ZIytDPSRwY4/MNrTc2kuNWix+CBDLn65x8rx4LqelVmr6bGw2W6pF65Qxp3T
Hwg5pQyXMuQnitWy+g42MGIbHMlkXGtX8od91/IOjkMeGd5VxUQ+SwJ7SUreYmpz
MJztks4TsgL/djddRUUMscRc2KaXDDq04u/YBnCXAptWK0xLH5B4iyqCI4HYlMH3
BvTvfg3mdslcgMzkM5DY2vKrq4fPi0la09WMJTZu3dr86KSpe+KY7ktoxwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFKmO6+2XU/WAvqdbNS5wYyWhjRRHMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JhL2E3NDc0
NC1lZDQ4LTQ3MDctYTYzZS01MmY2OTE5MTM5YzQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmEvYTc0NzQ0
LWVkNDgtNDcwNy1hNjNlLTUyZjY5MTkxMzljNC8xL3FZN3I3WmRUOVlDLXAxczFM
bkJqSmFHTkZFYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuTmIMA0EAgACMAcDBQMqBN3AMA0GCSqGSIb3
DQEBCwUAA4IBAQBsMSvBU3ARx7aGhi07gKqQfW9QHsAPlgTLfM9QWzDKMjOApWqx
S7uZuNSXAfVf28EDNb+p1owMsMl/e9VIrWco/fsoEtsF5Xne+TCVXbO+Hi4PBGEO
x1MfyDSIVUlQcOekXViqgsH8z0AX+kXzNN0VXco04NoYL4PVWIxJb5tbajShqSM1
TJoYXpIa6jc/FDKbGHF9tmM8e7x6Txsoq9zAzJYlO25y1ClMxHIafsXh0RRbhZch
FfXvOF31+EttncHc1085qN1UQi69yHkXc1OfjqmWlduKEkLXmANK85Y6SxBlbxXg
6W4gV75dlWSYhpzsGqYRvUPL4YOatAp56EQ0
-----END CERTIFICATE-----