Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/vDImMeLrfqv7XttPywq4yZaCPEg.cer
File:                     vDImMeLrfqv7XttPywq4yZaCPEg.cer (raw, json)
Hash identifier:          7B2URaJpNDobVjW/ALC45CXCTVUJzVZMMn+mPfE/xuk=
Subject key identifier:   BC:32:26:31:E2:EB:7E:AB:FB:5E:DB:4F:CB:0A:B8:C9:96:82:3C:48
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2A3F84712D96FA8A49097AC027C891
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/99/3086b8-71f3-4a8d-9451-29edfab39f49/1/vDImMeLrfqv7XttPywq4yZaCPEg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/99/3086b8-71f3-4a8d-9451-29edfab39f49/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:33:35 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 49149
                          IP: 91.232.112.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:3f:84:71:2d:96:fa:8a:49:09:7a:c0:27:c8:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:33:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc322631e2eb7eabfb5edb4fcb0ab8c996823c48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:de:2e:dd:f7:73:0c:ba:e2:3f:71:9d:dd:44:
                    80:0d:f5:1a:40:71:61:b2:20:f4:d1:3a:29:8b:3b:
                    3f:4f:4d:cb:ab:4e:17:36:88:81:ae:9d:17:0a:ad:
                    b8:ac:c5:af:ce:14:0c:f4:41:c6:37:7f:1a:0a:49:
                    64:83:cf:c9:64:ee:b1:b1:1d:e9:f1:e3:61:23:6d:
                    76:dc:e9:a3:0b:34:f4:ce:71:7c:1c:ba:04:38:0f:
                    88:eb:b9:5e:4c:99:01:19:fa:01:eb:9a:8d:bd:41:
                    f3:1b:a8:46:5c:27:34:5b:4e:66:dc:3a:42:a7:61:
                    d5:a1:b9:f8:c3:7e:08:02:3d:53:50:c8:20:b4:2a:
                    5c:04:51:82:24:a6:6d:b0:df:3f:f6:da:04:c0:3b:
                    0f:1a:66:e6:3e:b2:5a:02:8f:85:52:39:d1:1a:32:
                    f1:a3:f0:2e:09:eb:f4:50:5e:8a:a0:ac:0b:03:c3:
                    48:60:99:28:de:5e:7b:35:19:15:18:50:18:57:66:
                    77:be:b7:41:38:68:7e:53:c9:8b:dd:6f:32:5e:e2:
                    05:fa:cd:4b:fa:18:90:69:07:8f:56:1f:9b:b2:a5:
                    7b:cf:01:67:b3:70:c0:d5:d2:43:a0:47:74:b5:cf:
                    33:dd:73:4b:e9:80:b8:bb:3e:e2:5d:66:33:bc:de:
                    a6:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:32:26:31:E2:EB:7E:AB:FB:5E:DB:4F:CB:0A:B8:C9:96:82:3C:48
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/3086b8-71f3-4a8d-9451-29edfab39f49/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/3086b8-71f3-4a8d-9451-29edfab39f49/1/vDImMeLrfqv7XttPywq4yZaCPEg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.112.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  49149

    Signature Algorithm: sha256WithRSAEncryption
         07:74:f8:09:30:da:25:a2:66:f2:83:e9:37:d8:25:47:b7:bc:
         30:c0:14:6f:4d:33:bf:08:aa:94:58:7c:73:97:70:35:28:b0:
         d8:06:55:9d:1c:cb:b2:f6:33:8c:c6:65:94:55:83:39:b3:fe:
         e0:47:92:1d:5c:03:9d:f1:83:05:7e:07:90:b1:44:6e:e3:b6:
         85:75:e9:15:4a:44:e8:52:b0:49:5d:1f:0b:be:b5:58:79:0a:
         e7:60:87:2c:66:c5:7e:1b:58:17:7e:04:65:5a:52:01:86:33:
         5b:3c:ca:1f:33:62:6c:01:ff:bd:82:1c:bd:cb:bc:14:30:d5:
         f3:b4:17:ed:e5:96:14:74:04:4b:6e:87:e4:00:eb:8e:ed:e2:
         09:43:21:c2:d6:c5:ca:7e:82:8e:68:49:cc:64:7d:35:eb:78:
         1a:41:34:59:09:e8:e2:21:74:d1:0d:02:e9:ec:fe:75:18:58:
         77:8a:55:b8:50:50:09:44:49:a9:5d:31:c9:2a:91:d1:87:40:
         cc:3d:fb:a8:18:c3:67:fe:42:8d:7f:30:84:c5:15:b5:7f:13:
         d1:fb:2f:3e:e3:fd:69:9a:28:9c:da:a0:0d:0b:e9:97:b9:09:
         87:9e:cb:56:b5:31:1c:01:a9:61:f5:5a:d1:01:d5:f3:fb:ac:
         67:22:95:77
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzKKj+EcS2W+opJCXrAJ8iRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzMzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzMyMjYzMWUyZWI3ZWFiZmI1ZWRiNGZjYjBhYjhjOTk2ODIzYzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy94u3fdzDLriP3Gd3USADfUaQHFh
siD00Topizs/T03Lq04XNoiBrp0XCq24rMWvzhQM9EHGN38aCklkg8/JZO6xsR3p
8eNhI2123OmjCzT0znF8HLoEOA+I67leTJkBGfoB65qNvUHzG6hGXCc0W05m3DpC
p2HVobn4w34IAj1TUMggtCpcBFGCJKZtsN8/9toEwDsPGmbmPrJaAo+FUjnRGjLx
o/AuCev0UF6KoKwLA8NIYJko3l57NRkVGFAYV2Z3vrdBOGh+U8mL3W8yXuIF+s1L
+hiQaQePVh+bsqV7zwFns3DA1dJDoEd0tc8z3XNL6YC4uz7iXWYzvN6mQQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFLwyJjHi636r+17bT8sKuMmWgjxIMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk5LzMwODZi
OC03MWYzLTRhOGQtOTQ1MS0yOWVkZmFiMzlmNDkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTkvMzA4NmI4
LTcxZjMtNGE4ZC05NDUxLTI5ZWRmYWIzOWY0OS8xL3ZESW1NZUxyZnF2N1h0dFB5
d3E0eVphQ1BFZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW+hwMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwC//TANBgkqhkiG9w0BAQsFAAOCAQEAB3T4CTDaJaJm8oPpN9glR7e8MMAUb00z
vwiqlFh8c5dwNSiw2AZVnRzLsvYzjMZllFWDObP+4EeSHVwDnfGDBX4HkLFEbuO2
hXXpFUpE6FKwSV0fC761WHkK52CHLGbFfhtYF34EZVpSAYYzWzzKHzNibAH/vYIc
vcu8FDDV87QX7eWWFHQES26H5ADrju3iCUMhwtbFyn6CjmhJzGR9Net4GkE0WQno
4iF00Q0C6ez+dRhYd4pVuFBQCURJqV0xySqR0YdAzD37qBjDZ/5CjX8whMUVtX8T
0fsvPuP9aZoonNqgDQvpl7kJh57LVrUxHAGpYfVa0QHV8/usZyKVdw==
-----END CERTIFICATE-----