Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1-R0gySxlOa1m2ofHz-Zan6rMoGM.cer
File:                     1-R0gySxlOa1m2ofHz-Zan6rMoGM.cer (raw, json)
Hash identifier:          tJsdn9rJTLLeoPa2+wv8xxZXOaoxqAx7xz3x//2Rcyw=
Subject key identifier:   F9:1D:20:C9:2C:65:39:AD:66:DA:87:C7:CF:E6:5A:9F:AA:CC:A0:63
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC425514C763A258143D7AB5222ECE94A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b5/e6513f-7175-463b-ae85-c18e47bd9c64/1/1-R0gySxlOa1m2ofHz-Zan6rMoGM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b5/e6513f-7175-463b-ae85-c18e47bd9c64/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 08:30:29 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 201929
                          IP: 2a02:65a0::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 14:36:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:51:4c:76:3a:25:81:43:d7:ab:52:22:ec:e9:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 08:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f91d20c92c6539ad66da87c7cfe65a9faacca063
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:c3:e1:ac:f4:c7:d5:5c:83:13:a4:a8:f7:22:
                    2f:4e:99:21:9a:ad:48:76:ff:ff:28:97:f3:3a:7d:
                    4b:1a:d8:ba:60:78:ec:5d:0f:23:eb:91:a1:93:53:
                    10:81:11:7b:db:25:a3:4f:7c:cc:a5:4b:8d:69:a1:
                    52:05:1f:c1:3d:5d:74:26:0a:92:2a:e5:e4:f6:b7:
                    0a:ae:27:74:8e:1b:3e:61:b2:7d:51:c7:43:f6:cc:
                    7f:5d:09:e9:1a:53:40:c7:98:e5:33:f9:e4:01:3a:
                    b4:1b:1f:18:51:2e:e9:fc:c4:9c:18:26:56:53:80:
                    1f:2b:83:a7:fc:87:ba:99:cf:fe:d3:76:ce:18:8f:
                    ed:e9:25:92:8c:5a:15:24:1b:54:b9:53:9f:46:f9:
                    b0:56:21:c4:dc:6b:ec:89:a1:c3:79:77:fe:ea:ab:
                    21:ae:dc:75:83:7b:e6:46:81:32:cf:97:30:88:d3:
                    5e:e6:d7:0f:09:f9:bd:56:0b:f4:43:f3:03:53:29:
                    03:2b:fc:da:ef:ea:3d:a9:aa:01:73:4c:0e:dc:f0:
                    29:5b:96:6a:15:da:96:de:2d:57:f2:84:8d:7e:fa:
                    a5:f9:ea:bb:9c:db:4d:c4:cc:70:ef:c9:71:1b:60:
                    e7:e0:f0:76:bd:d8:21:b8:7a:37:fb:c0:4a:a6:4f:
                    ab:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:1D:20:C9:2C:65:39:AD:66:DA:87:C7:CF:E6:5A:9F:AA:CC:A0:63
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/e6513f-7175-463b-ae85-c18e47bd9c64/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/e6513f-7175-463b-ae85-c18e47bd9c64/1/1-R0gySxlOa1m2ofHz-Zan6rMoGM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:65a0::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  201929

    Signature Algorithm: sha256WithRSAEncryption
         03:cd:7a:98:77:38:5a:02:f1:8b:23:06:4b:98:63:04:c6:83:
         f0:48:ba:1a:36:9f:0b:18:ff:53:7d:08:79:a3:29:0b:fe:a8:
         06:04:89:29:25:18:5a:5f:cd:f1:14:7e:12:4a:d4:a4:b6:0a:
         8d:e4:24:3f:a9:9c:88:e3:87:8e:44:72:66:9e:9c:d2:ab:61:
         c3:33:00:ec:d1:fd:fd:ef:4c:9e:45:4e:9f:9d:d4:6f:ab:32:
         80:55:d0:8f:55:7d:a3:14:7f:b7:bc:e8:b3:56:bb:ec:1e:7a:
         ee:a1:7b:5e:4e:84:51:f9:8c:db:6e:9a:14:c0:5f:41:21:5e:
         43:e5:2b:46:8b:e3:56:dd:79:89:0b:0b:a6:ba:a0:1f:e4:2e:
         8d:04:53:11:b0:2d:8d:d5:f0:27:3a:c7:53:ee:28:6b:f6:6a:
         f6:3b:18:d2:cd:bb:79:b6:91:8a:58:df:bd:35:ef:81:81:a3:
         e3:84:ab:98:06:f6:c8:7f:30:15:f4:bc:aa:03:f9:b7:51:e1:
         a2:4c:66:e2:07:59:54:14:0f:cf:6e:6a:d9:92:40:ac:dd:56:
         06:2b:4e:42:00:48:ac:ec:a6:cf:f3:76:c7:32:f1:c1:e4:2a:
         da:fe:10:0b:a8:08:b7:fd:2b:34:82:0e:1b:69:b8:a5:0e:53:
         12:3c:99:d0
-----BEGIN CERTIFICATE-----
MIIFljCCBH6gAwIBAgISAYzEJVFMdjolgUPXq1Ii7OlKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDgzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTFkMjBjOTJjNjUzOWFkNjZkYTg3YzdjZmU2NWE5ZmFhY2NhMDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8PhrPTH1VyDE6So9yIvTpkhmq1I
dv//KJfzOn1LGti6YHjsXQ8j65Ghk1MQgRF72yWjT3zMpUuNaaFSBR/BPV10JgqS
KuXk9rcKrid0jhs+YbJ9UcdD9sx/XQnpGlNAx5jlM/nkATq0Gx8YUS7p/MScGCZW
U4AfK4On/Ie6mc/+03bOGI/t6SWSjFoVJBtUuVOfRvmwViHE3GvsiaHDeXf+6qsh
rtx1g3vmRoEyz5cwiNNe5tcPCfm9Vgv0Q/MDUykDK/za7+o9qaoBc0wO3PApW5Zq
FdqW3i1X8oSNfvql+eq7nNtNxMxw78lxG2Dn4PB2vdghuHo3+8BKpk+rhQIDAQAB
o4ICojCCAp4wHQYDVR0OBBYEFPkdIMksZTmtZtqHx8/mWp+qzKBjMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEkBggrBgEFBQcBCwSCARYwggESMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2I1L2U2NTEz
Zi03MTc1LTQ2M2ItYWU4NS1jMThlNDdiZDljNjQvMS8wfQYIKwYBBQUHMAqGcXJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjUvZTY1MTNm
LTcxNzUtNDYzYi1hZTg1LWMxOGU0N2JkOWM2NC8xLzEtUjBneVN4bE9hMW0yb2ZI
ei1aYW42ck1vR00ubWZ0MDIGCCsGAQUFBzANhiZodHRwczovL3JyZHAucmlwZS5u
ZXQvbm90aWZpY2F0aW9uLnhtbDBZBgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jw
a2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhD
MlFIVlYzZDVtay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAgBggrBgEF
BQcBBwEB/wQRMA8wDQQCAAIwBwMFACoCZaAwGgYIKwYBBQUHAQgBAf8ECzAJoAcw
BQIDAxTJMA0GCSqGSIb3DQEBCwUAA4IBAQADzXqYdzhaAvGLIwZLmGMExoPwSLoa
Np8LGP9TfQh5oykL/qgGBIkpJRhaX83xFH4SStSktgqN5CQ/qZyI44eORHJmnpzS
q2HDMwDs0f3970yeRU6fndRvqzKAVdCPVX2jFH+3vOizVrvsHnruoXteToRR+Yzb
bpoUwF9BIV5D5StGi+NW3XmJCwumuqAf5C6NBFMRsC2N1fAnOsdT7ihr9mr2OxjS
zbt5tpGKWN+9Ne+BgaPjhKuYBvbIfzAV9LyqA/m3UeGiTGbiB1lUFA/PbmrZkkCs
3VYGK05CAEis7KbP83bHMvHB5Cra/hALqAi3/Ss0gg4babilDlMSPJnQ
-----END CERTIFICATE-----