Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/rQ3BCLYPR7DZdygI5fzDgeqoHHg.cer
File:                     rQ3BCLYPR7DZdygI5fzDgeqoHHg.cer (raw, json)
Hash identifier:          IE8YnC2EH+Uh07IlU6/pEFp35u/0je9E5PW9TCenwWw=
Subject key identifier:   AD:0D:C1:08:B6:0F:47:B0:D9:77:28:08:E5:FC:C3:81:EA:A8:1C:78
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC64A1BC9DB16C461456FFCE773B208F7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/70/0b5860-cd57-4183-b9ae-e84785894838/1/rQ3BCLYPR7DZdygI5fzDgeqoHHg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/70/0b5860-cd57-4183-b9ae-e84785894838/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:29:54 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 43365
                          IP: 193.228.154.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:1b:c9:db:16:c4:61:45:6f:fc:e7:73:b2:08:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad0dc108b60f47b0d9772808e5fcc381eaa81c78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:56:30:a1:3a:d4:06:e5:6b:ed:3b:b5:dd:0f:
                    70:d6:eb:0f:e1:d6:d2:17:20:b8:33:6c:fd:9d:ca:
                    3b:45:86:e8:97:df:03:f5:17:5f:27:c9:dd:cc:a7:
                    24:f8:45:fb:81:31:66:e9:9f:ac:d5:26:8e:3e:71:
                    5e:9e:1e:99:97:c5:1e:bd:1d:3f:87:58:50:a9:13:
                    26:28:15:9c:c3:41:12:e1:ea:de:0a:6a:e3:7e:3a:
                    99:8a:94:d0:8f:a7:f5:83:2b:8a:84:e2:6c:f3:ce:
                    01:32:ce:0d:b2:92:e3:3f:d7:31:08:95:ec:68:ff:
                    d3:88:de:9f:b7:ca:08:4f:ed:15:21:e4:4b:86:6d:
                    72:55:53:e5:a0:7a:4f:f7:a1:56:6d:60:43:5c:0a:
                    1f:cb:3d:ec:85:9f:32:1c:ec:e1:4e:78:43:32:20:
                    e4:ad:45:19:ea:88:c8:da:c3:10:a0:2c:39:9a:ba:
                    46:cb:4b:d2:51:d5:81:07:2f:76:f1:a6:56:79:b8:
                    fa:0b:28:62:a6:5d:d8:3b:3a:80:15:6b:fa:6e:d4:
                    bd:93:59:83:25:df:24:19:25:9f:15:58:4b:13:6e:
                    df:a4:ac:f6:7e:81:3a:3a:98:18:75:10:56:b4:7f:
                    e2:ec:13:18:9b:da:15:7b:a0:28:3d:44:3a:b5:2f:
                    9b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:0D:C1:08:B6:0F:47:B0:D9:77:28:08:E5:FC:C3:81:EA:A8:1C:78
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/0b5860-cd57-4183-b9ae-e84785894838/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/0b5860-cd57-4183-b9ae-e84785894838/1/rQ3BCLYPR7DZdygI5fzDgeqoHHg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.228.154.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  43365

    Signature Algorithm: sha256WithRSAEncryption
         14:6b:60:39:5a:d8:32:9b:b3:6a:28:ed:c8:d0:58:8f:ed:2e:
         fd:b1:e1:9d:bf:fa:e9:8e:24:77:2e:2f:cd:82:a1:6c:8d:10:
         bc:58:e9:99:36:9d:44:89:cd:0b:2a:43:9c:d2:01:76:c5:68:
         4e:cf:b9:f8:04:cc:5d:5c:c6:52:1e:c1:7b:cf:ac:2d:08:1a:
         c3:65:6a:72:a7:30:49:fc:c0:dc:f4:1f:d2:ac:c7:f0:40:98:
         65:0b:c7:11:81:ef:10:fd:38:8e:f8:d9:ce:16:af:d2:b1:71:
         2c:30:21:09:85:27:83:8c:ef:b9:ca:d4:fc:8d:85:a5:e7:62:
         30:7d:4c:4c:7d:44:81:a5:63:75:e2:3a:09:49:07:9e:2f:eb:
         36:0e:44:91:ca:46:1a:e1:ce:6d:a5:ae:01:07:ac:e1:08:2a:
         a9:01:ee:2f:d4:a3:10:16:47:6b:58:ff:3f:29:96:b6:4c:13:
         93:02:62:9f:e0:56:c7:6b:d1:38:03:dd:14:22:7c:5b:45:67:
         18:61:e4:41:6a:76:a9:08:af:e5:3d:31:4b:cd:ff:33:0e:4f:
         dc:83:ba:5d:79:64:de:e5:60:25:76:6a:81:96:53:c2:a1:d4:
         38:40:06:e7:d2:1f:84:f7:5b:e6:6a:06:95:af:89:8a:d7:62:
         49:bb:33:79
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzGShvJ2xbEYUVv/Odzsgj3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDBkYzEwOGI2MGY0N2IwZDk3NzI4MDhlNWZjYzM4MWVhYTgxYzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFYwoTrUBuVr7Tu13Q9w1usP4dbS
FyC4M2z9nco7RYbol98D9RdfJ8ndzKck+EX7gTFm6Z+s1SaOPnFenh6Zl8UevR0/
h1hQqRMmKBWcw0ES4ereCmrjfjqZipTQj6f1gyuKhOJs884BMs4NspLjP9cxCJXs
aP/TiN6ft8oIT+0VIeRLhm1yVVPloHpP96FWbWBDXAofyz3shZ8yHOzhTnhDMiDk
rUUZ6ojI2sMQoCw5mrpGy0vSUdWBBy928aZWebj6Cyhipl3YOzqAFWv6btS9k1mD
Jd8kGSWfFVhLE27fpKz2foE6OpgYdRBWtH/i7BMYm9oVe6AoPUQ6tS+bLQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFK0NwQi2D0ew2XcoCOX8w4HqqBx4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzcwLzBiNTg2
MC1jZDU3LTQxODMtYjlhZS1lODQ3ODU4OTQ4MzgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzAvMGI1ODYw
LWNkNTctNDE4My1iOWFlLWU4NDc4NTg5NDgzOC8xL3JRM0JDTFlQUjdEWmR5Z0k1
ZnpEZ2Vxb0hIZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAweSaMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCpZTANBgkqhkiG9w0BAQsFAAOCAQEAFGtgOVrYMpuzaijtyNBYj+0u/bHhnb/6
6Y4kdy4vzYKhbI0QvFjpmTadRInNCypDnNIBdsVoTs+5+ATMXVzGUh7Be8+sLQga
w2VqcqcwSfzA3PQf0qzH8ECYZQvHEYHvEP04jvjZzhav0rFxLDAhCYUng4zvucrU
/I2FpediMH1MTH1EgaVjdeI6CUkHni/rNg5EkcpGGuHObaWuAQes4QgqqQHuL9Sj
EBZHa1j/PymWtkwTkwJin+BWx2vROAPdFCJ8W0VnGGHkQWp2qQiv5T0xS83/Mw5P
3IO6XXlk3uVgJXZqgZZTwqHUOEAG59IfhPdb5moGla+JitdiSbszeQ==
-----END CERTIFICATE-----