Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4npTBThB5i83hzAr07PcF66DR6M.cer
File:                     4npTBThB5i83hzAr07PcF66DR6M.cer (raw, json)
Hash identifier:          4UEVbfGbqsuxP7FaGkLQ4VHacrFFzvb0ADXDZ1lL0Q0=
Subject key identifier:   E2:7A:53:05:38:41:E6:2F:37:87:30:2B:D3:B3:DC:17:AE:83:47:A3
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2BE0E91E1DA081E4B31373C4E0D0C9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/97/8762f5-fae3-45f6-a79b-caedbd7140e9/1/4npTBThB5i83hzAr07PcF66DR6M.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/97/8762f5-fae3-45f6-a79b-caedbd7140e9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:35:22 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 210882
                          IP: 2001:678:e20::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:e0:e9:1e:1d:a0:81:e4:b3:13:73:c4:e0:d0:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:35:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e27a53053841e62f3787302bd3b3dc17ae8347a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c9:f2:32:86:d6:53:3c:51:e0:51:5a:03:17:
                    58:03:b9:c6:6f:c9:ae:40:de:b0:d1:dd:77:8a:6c:
                    45:d7:eb:61:ae:a5:59:1c:da:32:96:81:86:b2:92:
                    df:f2:5d:06:cd:ee:14:90:bc:55:21:5d:60:57:41:
                    75:f6:a0:43:f2:40:ae:07:83:f0:e7:d1:f1:94:0b:
                    f2:45:f0:70:0b:e1:d2:1a:e5:9a:aa:9e:77:e4:87:
                    3c:be:2c:c8:a3:27:67:cf:44:19:d4:5c:0e:ed:cb:
                    dc:aa:ec:99:7e:ec:2a:4e:78:40:f6:57:ef:91:4c:
                    b0:72:b1:ed:df:e9:6b:c6:d5:ed:6a:6c:fe:71:05:
                    a5:34:be:71:03:90:77:1b:68:3e:32:95:25:f1:2e:
                    e2:52:71:51:e8:29:4f:73:1c:d6:22:b5:2c:ce:b9:
                    39:37:32:52:b5:ba:91:79:d4:52:b4:cb:9e:27:4b:
                    42:1a:f9:c7:ad:51:d0:e7:03:98:d4:2d:b2:13:12:
                    c4:c3:63:e0:68:c4:67:cb:47:73:14:ea:c4:25:e9:
                    7f:5c:2c:4d:9b:40:27:3b:eb:5f:16:28:a3:5a:7e:
                    39:9e:09:a8:4c:60:7c:ce:ed:d4:e7:15:3d:2e:0d:
                    37:a7:42:ae:c5:a6:88:08:d2:4a:25:a6:dc:bb:ff:
                    18:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:7A:53:05:38:41:E6:2F:37:87:30:2B:D3:B3:DC:17:AE:83:47:A3
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/8762f5-fae3-45f6-a79b-caedbd7140e9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/8762f5-fae3-45f6-a79b-caedbd7140e9/1/4npTBThB5i83hzAr07PcF66DR6M.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:e20::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210882

    Signature Algorithm: sha256WithRSAEncryption
         a3:30:bf:a8:e2:3e:90:72:a9:69:c2:34:bd:18:5a:0d:6d:53:
         a8:6e:57:54:9c:ee:fc:e7:11:52:de:28:6b:76:b3:6d:e9:23:
         53:c1:da:49:30:46:12:8b:ae:d2:ed:9f:67:33:2e:86:d9:80:
         01:e6:03:4c:b8:16:7f:20:65:90:2d:d5:36:c6:95:31:d5:b4:
         98:f9:d5:03:69:ac:31:d0:75:8b:44:21:42:10:87:47:fc:58:
         09:c0:02:0a:39:f1:73:43:01:74:34:24:5f:f0:26:5b:b0:e9:
         87:b4:48:dc:1c:a5:15:3e:b1:3f:62:cd:7e:b1:fc:1b:7f:ee:
         83:b0:ae:85:88:7a:73:76:f2:0d:c1:d5:42:8f:17:88:a2:cc:
         c9:c3:2d:3c:de:ce:4e:70:ce:6e:e2:22:ae:cc:63:5d:18:50:
         98:22:61:ee:fc:d3:12:84:84:3d:c2:25:48:f9:a6:fc:54:01:
         34:e6:66:a1:a5:8f:3d:f7:2e:8b:69:f5:99:6b:e6:d3:ab:e4:
         52:2f:64:8a:35:bd:d6:58:00:2b:97:5e:cb:20:1e:45:db:28:
         b1:c0:60:3e:1a:3d:86:2b:0e:03:7e:84:c1:a3:2c:28:4c:5e:
         85:5d:b2:a1:3a:a9:d5:1b:91:99:cb:51:f4:f3:02:c3:7d:02:
         40:f2:0e:30
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAYzKK+DpHh2ggeSzE3PE4NDJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjdhNTMwNTM4NDFlNjJmMzc4NzMwMmJkM2IzZGMxN2FlODM0N2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucnyMobWUzxR4FFaAxdYA7nGb8mu
QN6w0d13imxF1+thrqVZHNoyloGGspLf8l0Gze4UkLxVIV1gV0F19qBD8kCuB4Pw
59HxlAvyRfBwC+HSGuWaqp535Ic8vizIoydnz0QZ1FwO7cvcquyZfuwqTnhA9lfv
kUywcrHt3+lrxtXtamz+cQWlNL5xA5B3G2g+MpUl8S7iUnFR6ClPcxzWIrUszrk5
NzJStbqRedRStMueJ0tCGvnHrVHQ5wOY1C2yExLEw2PgaMRny0dzFOrEJel/XCxN
m0AnO+tfFiijWn45ngmoTGB8zu3U5xU9Lg03p0KuxaaICNJKJabcu/8YpwIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFOJ6UwU4QeYvN4cwK9Oz3Beug0ejMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk3Lzg3NjJm
NS1mYWUzLTQ1ZjYtYTc5Yi1jYWVkYmQ3MTQwZTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTcvODc2MmY1
LWZhZTMtNDVmNi1hNzliLWNhZWRiZDcxNDBlOS8xLzRucFRCVGhCNWk4M2h6QXIw
N1BjRjY2RFI2TS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA4gMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwM3wjANBgkqhkiG9w0BAQsFAAOCAQEAozC/qOI+kHKpacI0vRhaDW1TqG5X
VJzu/OcRUt4oa3azbekjU8HaSTBGEouu0u2fZzMuhtmAAeYDTLgWfyBlkC3VNsaV
MdW0mPnVA2msMdB1i0QhQhCHR/xYCcACCjnxc0MBdDQkX/AmW7Dph7RI3BylFT6x
P2LNfrH8G3/ug7CuhYh6c3byDcHVQo8XiKLMycMtPN7OTnDObuIirsxjXRhQmCJh
7vzTEoSEPcIlSPmm/FQBNOZmoaWPPfcui2n1mWvm06vkUi9kijW91lgAK5deyyAe
RdsoscBgPho9hisOA36EwaMsKExehV2yoTqp1RuRmctR9PMCw30CQPIOMA==
-----END CERTIFICATE-----