Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1CpT2gOCUvZLbCk1nPrEEEw1t-k.cer
File:                     1CpT2gOCUvZLbCk1nPrEEEw1t-k.cer (raw, json)
Hash identifier:          23vKem1zBTCsF9PUaQu61SiP2AbKTa1ax5UTnk5JX24=
Subject key identifier:   D4:2A:53:DA:03:82:52:F6:4B:6C:29:35:9C:FA:C4:10:4C:35:B7:E9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DABDEEA055BABE0BF91D9CBEFD3B65
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9b/160585-69ed-4bb4-a3da-c8699dc73100/1/1CpT2gOCUvZLbCk1nPrEEEw1t-k.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9b/160585-69ed-4bb4-a3da-c8699dc73100/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:24 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 210645

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:bd:ee:a0:55:ba:be:0b:f9:1d:9c:be:fd:3b:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d42a53da038252f64b6c29359cfac4104c35b7e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:b3:e5:97:e4:5f:ed:86:32:ab:73:0f:0e:55:
                    89:73:8b:15:28:6c:cf:09:3b:50:22:1b:1b:84:39:
                    39:3f:e2:e3:86:c7:20:b4:06:9d:cc:01:f2:88:57:
                    de:85:c2:06:bb:92:f0:c6:f5:dd:0f:41:7b:f2:aa:
                    7b:b0:a5:d5:6f:07:3a:71:77:e2:b6:17:bd:19:3b:
                    79:69:44:df:79:13:07:da:a8:f4:d9:67:09:38:de:
                    64:1b:6a:e4:0b:4f:8b:41:a3:44:6f:5b:9a:3e:a3:
                    29:be:22:0f:96:8c:5c:93:23:07:ca:41:22:a4:01:
                    0d:09:55:20:3c:5c:d1:4a:6b:19:c4:a1:18:d2:a3:
                    5d:22:b6:e7:b0:16:f0:78:14:a0:08:07:6e:b3:35:
                    dc:6e:91:3a:fb:5b:76:b5:f4:8c:a2:a6:e9:ed:50:
                    9a:ae:68:0a:c5:be:f7:d4:b3:c5:a7:bf:d3:31:30:
                    34:6a:11:7f:93:83:a8:9c:fc:bf:b4:a3:1f:93:ad:
                    e9:6f:48:dc:1d:5b:dd:b1:be:04:2d:28:9c:8d:7d:
                    e2:b4:73:36:7d:17:27:a5:bf:4a:8f:8a:c1:cf:1d:
                    47:68:78:e4:ab:0b:92:81:93:3a:ac:f3:e3:60:ca:
                    f9:7d:85:83:06:56:27:6d:64:6e:0a:44:e4:82:58:
                    5d:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:2A:53:DA:03:82:52:F6:4B:6C:29:35:9C:FA:C4:10:4C:35:B7:E9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/160585-69ed-4bb4-a3da-c8699dc73100/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/160585-69ed-4bb4-a3da-c8699dc73100/1/1CpT2gOCUvZLbCk1nPrEEEw1t-k.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210645

    Signature Algorithm: sha256WithRSAEncryption
         6d:f3:46:1f:31:b8:1b:58:32:4e:98:90:36:14:1f:59:00:84:
         65:e0:d0:a9:b1:e1:d4:43:a9:40:f7:67:e2:28:51:ec:4a:39:
         3b:94:ce:d4:bc:27:09:e4:2f:46:08:6b:94:1e:e2:50:e6:93:
         54:b0:57:9e:53:e7:3b:b3:0b:0b:d9:2c:47:5a:f6:77:2b:1f:
         94:aa:3f:43:47:bd:0f:44:84:2b:10:b8:ca:14:64:2b:9e:d8:
         b3:a3:0d:9b:c5:a1:d1:4b:68:9b:41:47:9b:ce:af:99:79:fa:
         77:f9:49:6b:10:a0:c7:cd:7a:85:9b:97:0e:0f:4a:75:f3:d1:
         27:f9:e3:7f:8a:f0:83:76:b8:76:d3:c7:dd:b8:49:31:33:11:
         7b:fe:81:64:c2:d3:d2:8c:c9:9a:3f:87:e2:4a:12:37:a6:97:
         c2:36:4a:57:ec:0a:65:c9:dc:db:c3:27:8c:21:13:65:23:61:
         97:25:00:66:51:75:71:f4:8c:6d:a7:b3:af:58:97:d2:21:11:
         d7:a1:b6:93:9f:10:b5:9d:ec:c0:00:f7:41:c2:cc:07:15:0d:
         73:92:68:9a:89:11:3f:a5:a2:54:50:43:73:9e:3d:e5:9e:ec:
         c9:97:54:c1:46:2b:45:81:dd:0e:b7:86:47:be:93:a7:d6:4a:
         1e:20:4a:0c
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzC2r3uoFW6vgv5HZy+/TtlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDJhNTNkYTAzODI1MmY2NGI2YzI5MzU5Y2ZhYzQxMDRjMzViN2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7Pll+Rf7YYyq3MPDlWJc4sVKGzP
CTtQIhsbhDk5P+LjhscgtAadzAHyiFfehcIGu5LwxvXdD0F78qp7sKXVbwc6cXfi
the9GTt5aUTfeRMH2qj02WcJON5kG2rkC0+LQaNEb1uaPqMpviIPloxckyMHykEi
pAENCVUgPFzRSmsZxKEY0qNdIrbnsBbweBSgCAduszXcbpE6+1t2tfSMoqbp7VCa
rmgKxb731LPFp7/TMTA0ahF/k4OonPy/tKMfk63pb0jcHVvdsb4ELSicjX3itHM2
fRcnpb9Kj4rBzx1HaHjkqwuSgZM6rPPjYMr5fYWDBlYnbWRuCkTkglhd2QIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFNQqU9oDglL2S2wpNZz6xBBMNbfpMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzliLzE2MDU4
NS02OWVkLTRiYjQtYTNkYS1jODY5OWRjNzMxMDAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWIvMTYwNTg1
LTY5ZWQtNGJiNC1hM2RhLWM4Njk5ZGM3MzEwMC8xLzFDcFQyZ09DVXZaTGJDazFu
UHJFRUV3MXQtay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM21TANBgkqhkiG9w0BAQsFAAOCAQEAbfNGHzG4G1gy
TpiQNhQfWQCEZeDQqbHh1EOpQPdn4ihR7Eo5O5TO1LwnCeQvRghrlB7iUOaTVLBX
nlPnO7MLC9ksR1r2dysflKo/Q0e9D0SEKxC4yhRkK57Ys6MNm8Wh0Utom0FHm86v
mXn6d/lJaxCgx816hZuXDg9KdfPRJ/njf4rwg3a4dtPH3bhJMTMRe/6BZMLT0ozJ
mj+H4koSN6aXwjZKV+wKZcnc28MnjCETZSNhlyUAZlF1cfSMbaezr1iX0iER16G2
k58QtZ3swAD3QcLMBxUNc5JomokRP6WiVFBDc5495Z7syZdUwUYrRYHdDreGR76T
p9ZKHiBKDA==
-----END CERTIFICATE-----