Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/sYxKQwCDfE6hetHjghoJrVN2QIc.cer
File:                     sYxKQwCDfE6hetHjghoJrVN2QIc.cer (raw, json)
Hash identifier:          JB9mo+MfeJcheSWKhdRs/3uV10bn4mbBN/WVTI9rDK0=
Subject key identifier:   B1:8C:4A:43:00:83:7C:4E:A1:7A:D1:E3:82:1A:09:AD:53:76:40:87
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56ED32E08FE5438DA7582B5DEFF6AC9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/03/af4e4b-2026-4bbb-9628-f08a0ae92b8d/1/sYxKQwCDfE6hetHjghoJrVN2QIc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/03/af4e4b-2026-4bbb-9628-f08a0ae92b8d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:30:23 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 213011
                          IP: 91.211.1.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d3:2e:08:fe:54:38:da:75:82:b5:de:ff:6a:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b18c4a4300837c4ea17ad1e3821a09ad53764087
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:2c:bb:c4:d2:53:41:5e:36:8b:c1:25:cc:cf:
                    72:fc:d4:88:4f:96:85:51:24:fe:49:ce:ac:cb:e9:
                    94:f0:ee:e2:d0:1f:02:b1:14:d3:a1:a1:f5:d2:3b:
                    ad:66:66:2e:07:7b:fa:37:1e:98:e9:f6:df:d0:2d:
                    37:98:f9:c5:b1:f4:3f:23:4a:7e:fd:b6:bf:eb:0a:
                    74:12:2b:cc:5f:72:e9:4a:7b:67:3a:65:98:0e:51:
                    c2:7b:83:6f:01:1b:d0:7d:6a:fc:d6:ef:0c:c6:b5:
                    f9:81:87:4e:1c:f1:d8:00:90:53:8f:1e:d9:ae:0b:
                    4f:4a:98:7e:a3:9c:4a:49:2e:7e:91:cf:69:33:6b:
                    b8:ce:0b:9e:aa:20:82:df:49:85:21:3e:e6:27:99:
                    82:25:8d:b9:7a:b7:37:ec:b9:4d:06:17:ad:fe:f0:
                    0c:1a:63:b1:26:78:b5:f3:af:cd:6c:f4:dc:54:8a:
                    3b:cc:d7:e9:c4:af:78:6a:a8:08:fa:40:d2:02:e2:
                    68:bc:d3:8a:a6:18:cd:fe:fe:0c:9b:1c:56:b7:4a:
                    fa:f3:70:1a:b0:57:ef:cb:e4:c5:67:49:53:ec:9a:
                    77:52:1e:80:6c:5d:0e:e5:86:3e:e9:87:aa:ea:c3:
                    fd:1d:ba:df:10:12:fb:99:27:b8:3e:a6:1f:9d:6f:
                    26:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:8C:4A:43:00:83:7C:4E:A1:7A:D1:E3:82:1A:09:AD:53:76:40:87
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/af4e4b-2026-4bbb-9628-f08a0ae92b8d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/af4e4b-2026-4bbb-9628-f08a0ae92b8d/1/sYxKQwCDfE6hetHjghoJrVN2QIc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.1.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213011

    Signature Algorithm: sha256WithRSAEncryption
         4e:4b:fb:12:69:97:1c:1f:e1:93:6b:29:04:16:53:3a:16:89:
         c0:d1:2a:ef:86:ba:59:74:73:79:07:ae:75:18:e4:a4:06:a7:
         73:59:a7:e3:8b:12:d9:e8:99:78:7c:d6:68:96:14:29:52:bf:
         21:30:fe:83:62:5d:ae:33:fb:fc:59:df:7d:31:0f:17:98:0f:
         e9:aa:07:a2:00:c3:e9:b8:1e:74:3a:7a:c6:b1:06:c4:49:7e:
         c6:46:fd:2d:f1:c2:63:2f:39:0b:5f:d3:1d:a5:8d:42:77:02:
         93:2c:7b:f8:34:20:de:02:2b:df:fb:81:92:0b:5d:49:89:9e:
         a3:1e:37:d0:95:80:2a:14:d6:36:d0:dc:eb:1c:50:b9:f9:b7:
         66:4b:d6:dd:39:d2:65:7f:46:a6:f0:a8:8c:22:0a:d6:6d:1c:
         a9:93:8e:96:01:55:9d:f7:51:ee:d6:9e:a8:61:67:fa:46:c1:
         d9:3b:21:ee:50:04:bc:bf:9b:aa:6a:24:b1:24:2e:72:fd:a1:
         c1:37:30:b9:7d:1e:6c:73:33:1f:6d:b3:73:73:d8:83:81:5e:
         52:81:e4:4b:de:e2:7a:0d:d5:7c:9c:0a:7f:08:67:6e:6f:fb:
         02:76:28:3a:60:75:1f:5b:59:1c:d5:39:86:9f:96:62:e1:c2:
         0e:e5:bc:d0
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzFbtMuCP5UONp1grXe/2rJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMThjNGE0MzAwODM3YzRlYTE3YWQxZTM4MjFhMDlhZDUzNzY0MDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCy7xNJTQV42i8ElzM9y/NSIT5aF
UST+Sc6sy+mU8O7i0B8CsRTToaH10jutZmYuB3v6Nx6Y6fbf0C03mPnFsfQ/I0p+
/ba/6wp0EivMX3LpSntnOmWYDlHCe4NvARvQfWr81u8MxrX5gYdOHPHYAJBTjx7Z
rgtPSph+o5xKSS5+kc9pM2u4zgueqiCC30mFIT7mJ5mCJY25erc37LlNBhet/vAM
GmOxJni186/NbPTcVIo7zNfpxK94aqgI+kDSAuJovNOKphjN/v4MmxxWt0r683Aa
sFfvy+TFZ0lT7Jp3Uh6AbF0O5YY+6Yeq6sP9HbrfEBL7mSe4PqYfnW8mXQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFLGMSkMAg3xOoXrR44IaCa1TdkCHMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzAzL2FmNGU0
Yi0yMDI2LTRiYmItOTYyOC1mMDhhMGFlOTJiOGQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMvYWY0ZTRi
LTIwMjYtNGJiYi05NjI4LWYwOGEwYWU5MmI4ZC8xL3NZeEtRd0NEZkU2aGV0SGpn
aG9KclZOMlFJYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9MBMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwNAEzANBgkqhkiG9w0BAQsFAAOCAQEATkv7EmmXHB/hk2spBBZTOhaJwNEq74a6
WXRzeQeudRjkpAanc1mn44sS2eiZeHzWaJYUKVK/ITD+g2JdrjP7/FnffTEPF5gP
6aoHogDD6bgedDp6xrEGxEl+xkb9LfHCYy85C1/THaWNQncCkyx7+DQg3gIr3/uB
kgtdSYmeox430JWAKhTWNtDc6xxQufm3ZkvW3TnSZX9GpvCojCIK1m0cqZOOlgFV
nfdR7taeqGFn+kbB2Tsh7lAEvL+bqmoksSQucv2hwTcwuX0ebHMzH22zc3PYg4Fe
UoHkS97ieg3VfJwKfwhnbm/7AnYoOmB1H1tZHNU5hp+WYuHCDuW80A==
-----END CERTIFICATE-----