Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/xpZo80fFWt13rFF-kzHd5_w1VqY.cer
File:                     xpZo80fFWt13rFF-kzHd5_w1VqY.cer (raw, json)
Hash identifier:          FRVXIsFTHagzl2SS04qGKNUb6/0VnFRaKuqZVQxaNcs=
Subject key identifier:   C6:96:68:F3:47:C5:5A:DD:77:AC:51:7E:93:31:DD:E7:FC:35:56:A6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56E4FDDCFD3CC36DBBC93D369120F78
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/23/060969-5caf-418f-8c25-acb2723a5076/1/xpZo80fFWt13rFF-kzHd5_w1VqY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/23/060969-5caf-418f-8c25-acb2723a5076/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:29:50 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 197253
                          IP: 91.224.68.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:4f:dd:cf:d3:cc:36:db:bc:93:d3:69:12:0f:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c69668f347c55add77ac517e9331dde7fc3556a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:80:8f:14:a9:4c:d3:07:3d:7d:33:d7:78:25:
                    72:89:fd:13:bb:80:62:59:48:82:b4:3c:80:ba:61:
                    4d:7c:b0:a0:79:3c:38:a6:ee:db:52:bd:30:6f:23:
                    45:1a:30:3c:bb:fb:29:42:37:b9:10:76:e7:90:7a:
                    f9:fb:31:09:85:e1:e9:51:1e:47:07:f4:0f:5d:df:
                    70:90:cc:d1:ba:f8:b6:2f:7f:8f:c1:3e:02:dc:d5:
                    ee:43:a0:58:9c:65:c0:ad:fc:78:1e:e8:b5:b9:a6:
                    b9:eb:ce:db:e1:d0:b3:ff:90:55:75:a8:24:de:f7:
                    14:30:1c:f6:cc:a5:b8:21:71:ae:4b:2e:19:61:8f:
                    c3:89:56:79:0d:56:da:8d:3b:93:14:cd:8a:bb:a9:
                    6c:c1:b6:a2:72:76:0a:5e:f0:ea:8e:0e:36:08:da:
                    a2:aa:23:41:21:7f:a3:57:6a:45:d3:10:36:87:8c:
                    5e:c9:6a:b6:ff:26:68:c0:70:78:a4:95:e4:f8:32:
                    de:ad:b7:04:bd:67:37:55:4b:cd:f4:92:03:48:33:
                    b2:0b:4b:9b:4f:2c:46:a5:62:2a:9b:94:e4:cf:6f:
                    6a:28:b9:17:ef:8d:8d:81:3d:bc:55:b0:06:1e:9c:
                    03:bb:88:6a:9e:5d:41:7e:1d:dd:92:9c:34:a0:c0:
                    18:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:96:68:F3:47:C5:5A:DD:77:AC:51:7E:93:31:DD:E7:FC:35:56:A6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/060969-5caf-418f-8c25-acb2723a5076/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/060969-5caf-418f-8c25-acb2723a5076/1/xpZo80fFWt13rFF-kzHd5_w1VqY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.68.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  197253

    Signature Algorithm: sha256WithRSAEncryption
         2e:bc:e6:29:81:4c:b5:a4:e1:c6:3e:c4:6d:b1:0f:39:6f:37:
         76:3a:83:2d:a5:44:99:f0:7a:90:97:59:03:a0:a8:21:65:86:
         f9:2b:28:81:54:d6:d5:f9:9b:c8:50:8f:99:91:db:98:25:29:
         b5:b9:9d:6b:5b:83:fd:d9:a4:0e:6c:09:b1:ad:65:c9:8b:a3:
         8d:ac:11:b1:1b:61:50:78:aa:10:34:cb:e2:da:73:4b:e4:c8:
         21:4f:41:ef:a1:c3:72:2b:2c:b7:0c:b7:c4:41:33:67:75:71:
         da:dd:a8:8e:a3:dc:b4:02:6b:0f:86:e6:2a:5d:be:73:88:c6:
         37:66:77:a7:5e:80:d9:be:ad:d0:0d:75:6e:cc:15:2f:b8:b9:
         f9:8e:80:66:4b:fe:ba:4b:cd:2b:dd:87:a2:f4:30:81:6f:e2:
         bf:5a:8a:68:6f:91:5b:a1:19:f6:93:9d:11:96:04:41:a3:18:
         55:9a:2b:b1:ba:cb:41:24:ff:a2:56:e4:ae:16:5c:d5:65:ec:
         25:2d:45:b4:0c:86:09:bb:0a:13:65:5a:45:92:72:5e:73:6a:
         ce:67:5b:40:b9:44:70:93:ff:7e:fd:36:24:3d:31:64:7e:94:
         a6:34:a3:77:68:50:49:34:25:53:a6:20:b5:80:ac:c0:e1:0e:
         ba:45:0a:77
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzFbk/dz9PMNtu8k9NpEg94MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjk2NjhmMzQ3YzU1YWRkNzdhYzUxN2U5MzMxZGRlN2ZjMzU1NmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAooCPFKlM0wc9fTPXeCVyif0Tu4Bi
WUiCtDyAumFNfLCgeTw4pu7bUr0wbyNFGjA8u/spQje5EHbnkHr5+zEJheHpUR5H
B/QPXd9wkMzRuvi2L3+PwT4C3NXuQ6BYnGXArfx4Hui1uaa5687b4dCz/5BVdagk
3vcUMBz2zKW4IXGuSy4ZYY/DiVZ5DVbajTuTFM2Ku6lswbaicnYKXvDqjg42CNqi
qiNBIX+jV2pF0xA2h4xeyWq2/yZowHB4pJXk+DLerbcEvWc3VUvN9JIDSDOyC0ub
TyxGpWIqm5Tkz29qKLkX742NgT28VbAGHpwDu4hqnl1Bfh3dkpw0oMAYHwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFMaWaPNHxVrdd6xRfpMx3ef8NVamMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzIzLzA2MDk2
OS01Y2FmLTQxOGYtOGMyNS1hY2IyNzIzYTUwNzYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMvMDYwOTY5
LTVjYWYtNDE4Zi04YzI1LWFjYjI3MjNhNTA3Ni8xL3hwWm84MGZGV3QxM3JGRi1r
ekhkNV93MVZxWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBW+BEMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMChTANBgkqhkiG9w0BAQsFAAOCAQEALrzmKYFMtaThxj7EbbEPOW83djqDLaVE
mfB6kJdZA6CoIWWG+SsogVTW1fmbyFCPmZHbmCUptbmda1uD/dmkDmwJsa1lyYuj
jawRsRthUHiqEDTL4tpzS+TIIU9B76HDcisstwy3xEEzZ3Vx2t2ojqPctAJrD4bm
Kl2+c4jGN2Z3p16A2b6t0A11bswVL7i5+Y6AZkv+ukvNK92HovQwgW/iv1qKaG+R
W6EZ9pOdEZYEQaMYVZorsbrLQST/olbkrhZc1WXsJS1FtAyGCbsKE2VaRZJyXnNq
zmdbQLlEcJP/fv02JD0xZH6UpjSjd2hQSTQlU6YgtYCswOEOukUKdw==
-----END CERTIFICATE-----