Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/tq8SwVTAKQhVvZFCm31JPICI29s.cer
File:                     tq8SwVTAKQhVvZFCm31JPICI29s.cer (raw, json)
Hash identifier:          ZfvI5sDeMs5J/GL+350uaor96qWZ8pxiq5BaA0697n0=
Subject key identifier:   B6:AF:12:C1:54:C0:29:08:55:BD:91:42:9B:7D:49:3C:80:88:DB:DB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56EEBA45DAF4AF12FAB3D531D9382F0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f2/5169fb-a596-4833-9bb4-289d60d42c23/1/tq8SwVTAKQhVvZFCm31JPICI29s.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f2/5169fb-a596-4833-9bb4-289d60d42c23/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:30:30 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 197719
                          IP: 195.128.132.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:eb:a4:5d:af:4a:f1:2f:ab:3d:53:1d:93:82:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6af12c154c0290855bd91429b7d493c8088dbdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:74:22:b9:93:97:f2:78:ff:b0:0d:67:b6:28:
                    c4:2f:f9:70:e6:06:51:21:29:4e:45:98:87:3a:ec:
                    66:a7:13:e9:c1:75:1a:22:0c:c6:65:2b:02:8a:6c:
                    82:ec:20:ba:93:8b:9e:45:2b:24:1b:98:19:c8:2e:
                    46:c0:ac:b6:a9:33:ed:50:e7:74:15:60:68:8b:87:
                    86:7f:63:a5:a2:cd:f7:8f:cf:99:11:f6:2c:44:bb:
                    b5:da:6a:ff:35:3e:93:cd:80:47:3f:c9:e3:b7:90:
                    54:d9:a7:9f:77:cc:28:e9:3e:fa:78:fc:1a:ea:43:
                    9a:ef:71:82:b2:70:bf:f9:81:0b:f8:e8:e8:d3:65:
                    7c:4d:a1:31:ef:95:8f:49:f3:58:cb:bf:0e:bc:0b:
                    13:91:97:fe:10:60:77:5a:0a:de:fa:80:f3:eb:2c:
                    8c:ef:cd:45:40:cb:33:3d:6c:42:59:24:77:b5:9f:
                    e7:22:f2:fb:ec:e2:88:ce:6a:8c:53:6d:02:31:14:
                    80:b5:15:0d:d1:32:8a:3c:60:cf:82:1c:9e:bf:53:
                    3b:aa:77:23:ce:ed:d3:9f:c5:fa:3b:21:8e:e2:29:
                    da:d2:5d:8a:0d:cb:9c:46:cd:29:c3:05:d0:7f:bc:
                    3d:1a:7d:95:d4:80:d5:d7:63:be:61:02:e9:73:7f:
                    0f:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:AF:12:C1:54:C0:29:08:55:BD:91:42:9B:7D:49:3C:80:88:DB:DB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/5169fb-a596-4833-9bb4-289d60d42c23/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/5169fb-a596-4833-9bb4-289d60d42c23/1/tq8SwVTAKQhVvZFCm31JPICI29s.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.128.132.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  197719

    Signature Algorithm: sha256WithRSAEncryption
         72:a5:48:38:5d:bd:f8:9e:27:54:de:7e:9f:d7:58:4a:e8:68:
         4c:d4:92:f4:dd:1b:47:64:21:dd:f9:14:59:6b:8c:50:69:08:
         ae:67:46:a3:98:9c:2f:e6:cf:d6:77:ea:6e:d9:62:41:fa:a0:
         25:54:fb:f7:3c:ae:1b:80:eb:ff:76:bd:6b:ba:df:0e:86:54:
         0c:c5:9b:e2:0a:dc:e6:c3:97:e0:4c:ae:6d:2e:57:e9:e6:c3:
         c2:38:8b:75:e7:8a:27:26:8d:5a:15:7a:da:17:82:f0:95:c7:
         31:bf:7b:0f:a5:fb:44:c3:2c:74:6e:e7:e8:a5:41:af:67:3b:
         b9:78:27:f9:08:82:b2:77:bc:b8:08:f8:8c:c7:0a:f0:c3:e4:
         2b:3d:17:27:bb:ab:83:35:c3:67:ba:56:06:9f:0c:d0:13:81:
         5a:22:17:92:1a:c8:cd:dc:e9:50:b6:fc:a6:44:d9:15:9f:42:
         08:b7:e3:4c:1e:76:22:b4:68:fa:f0:a0:e2:1a:9e:b8:14:da:
         0a:d7:ce:08:cd:27:f8:f3:8d:17:df:35:f2:e3:f7:ad:21:da:
         ee:41:50:2b:75:e6:21:e1:ce:50:32:28:12:f5:a2:8f:9f:83:
         91:61:06:ef:d7:1b:e5:0f:c5:85:39:1c:48:18:05:89:4f:0c:
         8b:a7:e1:4f
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzFbuukXa9K8S+rPVMdk4LwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmFmMTJjMTU0YzAyOTA4NTViZDkxNDI5YjdkNDkzYzgwODhkYmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHQiuZOX8nj/sA1ntijEL/lw5gZR
ISlORZiHOuxmpxPpwXUaIgzGZSsCimyC7CC6k4ueRSskG5gZyC5GwKy2qTPtUOd0
FWBoi4eGf2Olos33j8+ZEfYsRLu12mr/NT6TzYBHP8njt5BU2aefd8wo6T76ePwa
6kOa73GCsnC/+YEL+Ojo02V8TaEx75WPSfNYy78OvAsTkZf+EGB3Wgre+oDz6yyM
781FQMszPWxCWSR3tZ/nIvL77OKIzmqMU20CMRSAtRUN0TKKPGDPghyev1M7qncj
zu3Tn8X6OyGO4ina0l2KDcucRs0pwwXQf7w9Gn2V1IDV12O+YQLpc38PRQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFLavEsFUwCkIVb2RQpt9STyAiNvbMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YyLzUxNjlm
Yi1hNTk2LTQ4MzMtOWJiNC0yODlkNjBkNDJjMjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjIvNTE2OWZi
LWE1OTYtNDgzMy05YmI0LTI4OWQ2MGQ0MmMyMy8xL3RxOFN3VlRBS1FoVnZaRkNt
MzFKUElDSTI5cy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAw4CEMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMEVzANBgkqhkiG9w0BAQsFAAOCAQEAcqVIOF29+J4nVN5+n9dYSuhoTNSS9N0b
R2Qh3fkUWWuMUGkIrmdGo5icL+bP1nfqbtliQfqgJVT79zyuG4Dr/3a9a7rfDoZU
DMWb4grc5sOX4EyubS5X6ebDwjiLdeeKJyaNWhV62heC8JXHMb97D6X7RMMsdG7n
6KVBr2c7uXgn+QiCsne8uAj4jMcK8MPkKz0XJ7urgzXDZ7pWBp8M0BOBWiIXkhrI
zdzpULb8pkTZFZ9CCLfjTB52IrRo+vCg4hqeuBTaCtfOCM0n+PONF9818uP3rSHa
7kFQK3XmIeHOUDIoEvWij5+DkWEG79cb5Q/FhTkcSBgFiU8Mi6fhTw==
-----END CERTIFICATE-----