Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/rQ3BCLYPR7DZdygI5fzDgeqoHHg.cer
File:                     rQ3BCLYPR7DZdygI5fzDgeqoHHg.cer (raw, json)
Hash identifier:          XZJ5fKV2znoVpnCzlopLUmGscO2NbbnmI7XHBsAVPEY=
Subject key identifier:   AD:0D:C1:08:B6:0F:47:B0:D9:77:28:08:E5:FC:C3:81:EA:A8:1C:78
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942368E144FF862ECEF93C48CFC2452EE1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/70/0b5860-cd57-4183-b9ae-e84785894838/1/rQ3BCLYPR7DZdygI5fzDgeqoHHg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/70/0b5860-cd57-4183-b9ae-e84785894838/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 19:47:43 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 43365
                          IP: 193.228.154.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:e1:44:ff:86:2e:ce:f9:3c:48:cf:c2:45:2e:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 19:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad0dc108b60f47b0d9772808e5fcc381eaa81c78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:56:30:a1:3a:d4:06:e5:6b:ed:3b:b5:dd:0f:
                    70:d6:eb:0f:e1:d6:d2:17:20:b8:33:6c:fd:9d:ca:
                    3b:45:86:e8:97:df:03:f5:17:5f:27:c9:dd:cc:a7:
                    24:f8:45:fb:81:31:66:e9:9f:ac:d5:26:8e:3e:71:
                    5e:9e:1e:99:97:c5:1e:bd:1d:3f:87:58:50:a9:13:
                    26:28:15:9c:c3:41:12:e1:ea:de:0a:6a:e3:7e:3a:
                    99:8a:94:d0:8f:a7:f5:83:2b:8a:84:e2:6c:f3:ce:
                    01:32:ce:0d:b2:92:e3:3f:d7:31:08:95:ec:68:ff:
                    d3:88:de:9f:b7:ca:08:4f:ed:15:21:e4:4b:86:6d:
                    72:55:53:e5:a0:7a:4f:f7:a1:56:6d:60:43:5c:0a:
                    1f:cb:3d:ec:85:9f:32:1c:ec:e1:4e:78:43:32:20:
                    e4:ad:45:19:ea:88:c8:da:c3:10:a0:2c:39:9a:ba:
                    46:cb:4b:d2:51:d5:81:07:2f:76:f1:a6:56:79:b8:
                    fa:0b:28:62:a6:5d:d8:3b:3a:80:15:6b:fa:6e:d4:
                    bd:93:59:83:25:df:24:19:25:9f:15:58:4b:13:6e:
                    df:a4:ac:f6:7e:81:3a:3a:98:18:75:10:56:b4:7f:
                    e2:ec:13:18:9b:da:15:7b:a0:28:3d:44:3a:b5:2f:
                    9b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:0D:C1:08:B6:0F:47:B0:D9:77:28:08:E5:FC:C3:81:EA:A8:1C:78
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/0b5860-cd57-4183-b9ae-e84785894838/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/0b5860-cd57-4183-b9ae-e84785894838/1/rQ3BCLYPR7DZdygI5fzDgeqoHHg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.228.154.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  43365

    Signature Algorithm: sha256WithRSAEncryption
         60:b4:7c:ce:67:ff:b2:f9:9f:51:27:38:5f:33:e1:71:42:58:
         bf:ad:15:23:82:df:6f:9d:93:21:d3:78:ac:95:ea:8a:5c:43:
         18:cd:66:ed:d5:3f:da:a1:f3:24:76:42:54:cc:ed:59:6e:69:
         c9:28:a7:94:a9:12:b8:b6:ef:0f:27:c1:b7:7f:14:bf:e8:8e:
         4c:f6:ad:73:8e:93:87:b7:2f:06:2c:00:d7:c1:51:48:59:57:
         52:da:23:3b:ab:d5:81:53:09:fc:40:6d:fe:54:2d:93:d9:97:
         1a:ef:05:d2:64:4c:4f:f2:ae:c6:d8:7f:6d:d2:f4:81:56:1f:
         2c:16:74:87:cc:77:6b:26:f7:13:d4:55:1f:a5:23:c4:35:e8:
         c0:fb:58:7e:a1:12:0e:6b:90:04:75:a3:b7:33:b2:39:20:82:
         18:09:6d:a5:c4:9c:8f:a3:5d:5f:e8:bc:a9:c1:68:33:d0:34:
         80:19:3f:c7:08:63:a8:2c:6e:ff:92:a3:75:f9:09:93:91:9f:
         8e:8d:bc:5f:18:4f:6d:6b:9f:d2:3b:87:8e:c0:25:ff:34:c7:
         74:18:3a:7f:b3:68:55:b9:99:55:d2:5f:82:06:27:8b:c0:e4:
         d5:56:c8:13:ec:d1:64:2d:6b:f1:3c:ad:95:ee:26:f4:86:82:
         6b:3e:d2:ab
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQjaOFE/4Yuzvk8SM/CRS7hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTk0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDBkYzEwOGI2MGY0N2IwZDk3NzI4MDhlNWZjYzM4MWVhYTgxYzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFYwoTrUBuVr7Tu13Q9w1usP4dbS
FyC4M2z9nco7RYbol98D9RdfJ8ndzKck+EX7gTFm6Z+s1SaOPnFenh6Zl8UevR0/
h1hQqRMmKBWcw0ES4ereCmrjfjqZipTQj6f1gyuKhOJs884BMs4NspLjP9cxCJXs
aP/TiN6ft8oIT+0VIeRLhm1yVVPloHpP96FWbWBDXAofyz3shZ8yHOzhTnhDMiDk
rUUZ6ojI2sMQoCw5mrpGy0vSUdWBBy928aZWebj6Cyhipl3YOzqAFWv6btS9k1mD
Jd8kGSWfFVhLE27fpKz2foE6OpgYdRBWtH/i7BMYm9oVe6AoPUQ6tS+bLQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFK0NwQi2D0ew2XcoCOX8w4HqqBx4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzcwLzBiNTg2
MC1jZDU3LTQxODMtYjlhZS1lODQ3ODU4OTQ4MzgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzAvMGI1ODYw
LWNkNTctNDE4My1iOWFlLWU4NDc4NTg5NDgzOC8xL3JRM0JDTFlQUjdEWmR5Z0k1
ZnpEZ2Vxb0hIZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAweSaMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCpZTANBgkqhkiG9w0BAQsFAAOCAQEAYLR8zmf/svmfUSc4XzPhcUJYv60VI4Lf
b52TIdN4rJXqilxDGM1m7dU/2qHzJHZCVMztWW5pySinlKkSuLbvDyfBt38Uv+iO
TPatc46Th7cvBiwA18FRSFlXUtojO6vVgVMJ/EBt/lQtk9mXGu8F0mRMT/Kuxth/
bdL0gVYfLBZ0h8x3ayb3E9RVH6UjxDXowPtYfqESDmuQBHWjtzOyOSCCGAltpcSc
j6NdX+i8qcFoM9A0gBk/xwhjqCxu/5KjdfkJk5Gfjo28XxhPbWuf0juHjsAl/zTH
dBg6f7NoVbmZVdJfggYni8Dk1VbIE+zRZC1r8Tytle4m9IaCaz7Sqw==
-----END CERTIFICATE-----