Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Dms4XHuHeL94ryQhyZ9dOL1VaRQ.cer
File:                     Dms4XHuHeL94ryQhyZ9dOL1VaRQ.cer (raw, json)
Hash identifier:          goZB9g25n7Xrc7nVkQ5HJ16V6IVoKsQsfF2LiNAlzfk=
Subject key identifier:   0E:6B:38:5C:7B:87:78:BF:78:AF:24:21:C9:9F:5D:38:BD:55:69:14
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56E114546CA6B3050C4473415328C6E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ef/0a8fc1-986e-4209-930c-1c77431b05f7/1/Dms4XHuHeL94ryQhyZ9dOL1VaRQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ef/0a8fc1-986e-4209-930c-1c77431b05f7/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:29:34 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 48136
                          IP: 2001:67c:c::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 14:36:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:11:45:46:ca:6b:30:50:c4:47:34:15:32:8c:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e6b385c7b8778bf78af2421c99f5d38bd556914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d4:d5:c3:3f:59:67:7a:65:06:7b:e5:3f:8c:
                    4e:db:c3:3f:79:0b:31:67:84:47:8c:5f:9d:58:b9:
                    b5:68:9a:2c:10:90:a4:57:73:1b:b4:20:53:59:c5:
                    a7:51:16:f9:94:32:33:eb:8e:88:49:d3:a6:25:35:
                    c8:72:dc:08:d2:e1:b0:2c:95:64:45:d3:1a:93:23:
                    a5:fd:9a:09:1e:81:f5:d3:9c:10:04:07:c2:ce:bb:
                    6a:39:f1:e7:45:94:31:61:33:2d:02:0f:68:33:99:
                    a4:ad:42:f9:0e:e4:f8:ee:2f:b4:40:e7:e9:be:05:
                    10:7a:f2:f7:05:6a:d3:37:d6:c1:a0:68:ff:2f:11:
                    cf:13:98:10:36:67:74:42:01:0a:3c:39:3a:09:03:
                    92:5b:50:3b:50:59:65:9c:58:72:66:81:f0:3a:c3:
                    17:6d:00:29:92:2b:cf:c8:14:d1:43:36:85:a9:2a:
                    d4:85:b9:18:76:48:db:d9:a1:4e:ca:a2:0f:3b:ae:
                    87:d3:2a:a6:a0:8f:84:f9:d4:44:5a:63:90:85:0b:
                    be:8d:24:a8:a0:9c:dd:3b:5c:9e:50:1a:d7:5a:7e:
                    d8:23:77:71:44:f7:a2:02:7e:c0:39:4b:d4:31:f9:
                    6d:80:21:64:56:e5:18:8f:06:05:9d:3e:ae:ca:c4:
                    d4:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:6B:38:5C:7B:87:78:BF:78:AF:24:21:C9:9F:5D:38:BD:55:69:14
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/0a8fc1-986e-4209-930c-1c77431b05f7/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/0a8fc1-986e-4209-930c-1c77431b05f7/1/Dms4XHuHeL94ryQhyZ9dOL1VaRQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:c::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  48136

    Signature Algorithm: sha256WithRSAEncryption
         88:30:92:dc:f0:4a:dc:36:d4:22:12:06:89:64:57:db:16:1e:
         46:4b:f5:a6:40:6f:a2:f2:bc:be:e7:d6:9a:b4:58:5e:77:d9:
         d0:27:7d:22:7d:59:ff:be:6f:de:59:5a:95:2c:3b:ee:a3:b6:
         d2:18:a9:1a:13:f3:61:fb:c5:a0:01:f9:95:2a:fa:1f:31:c3:
         eb:5a:14:69:e4:d1:5d:f5:34:75:ff:16:2c:88:ce:2e:e8:dd:
         8d:d2:ed:87:db:61:79:a1:70:b0:34:24:b4:c3:ce:86:9b:e2:
         e6:d8:8f:cc:d7:43:3e:46:07:99:e5:58:bd:4d:c4:10:2b:de:
         2f:6b:e5:6c:ad:a1:be:de:56:4b:b6:8a:96:21:42:58:21:2c:
         ef:99:17:a3:8c:99:9b:51:1b:b9:c3:05:4e:a7:b6:79:aa:ef:
         37:dc:c1:17:f0:cf:cc:7c:98:4f:7d:0a:50:b5:d7:0b:68:34:
         ed:01:90:71:35:ed:8d:8d:c3:e8:3c:cd:05:60:64:45:8f:b9:
         d3:5e:ae:24:31:19:c4:60:f8:6f:e3:cc:61:5b:b5:5e:86:de:
         88:d2:53:db:03:96:a9:88:07:23:c3:47:24:8c:18:72:4d:69:
         af:63:1f:75:f9:a5:c2:9c:c3:d0:98:5e:2f:f0:cd:50:d9:23:
         94:f1:ce:2f
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAYzFbhFFRsprMFDERzQVMoxuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTZiMzg1YzdiODc3OGJmNzhhZjI0MjFjOTlmNWQzOGJkNTU2OTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNTVwz9ZZ3plBnvlP4xO28M/eQsx
Z4RHjF+dWLm1aJosEJCkV3MbtCBTWcWnURb5lDIz646ISdOmJTXIctwI0uGwLJVk
RdMakyOl/ZoJHoH105wQBAfCzrtqOfHnRZQxYTMtAg9oM5mkrUL5DuT47i+0QOfp
vgUQevL3BWrTN9bBoGj/LxHPE5gQNmd0QgEKPDk6CQOSW1A7UFllnFhyZoHwOsMX
bQApkivPyBTRQzaFqSrUhbkYdkjb2aFOyqIPO66H0yqmoI+E+dREWmOQhQu+jSSo
oJzdO1yeUBrXWn7YI3dxRPeiAn7AOUvUMfltgCFkVuUYjwYFnT6uysTU1QIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFA5rOFx7h3i/eK8kIcmfXTi9VWkUMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VmLzBhOGZj
MS05ODZlLTQyMDktOTMwYy0xYzc3NDMxYjA1ZjcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWYvMGE4ZmMx
LTk4NmUtNDIwOS05MzBjLTFjNzc0MzFiMDVmNy8xL0RtczRYSHVIZUw5NHJ5UWh5
WjlkT0wxVmFSUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAAMMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwC8CDANBgkqhkiG9w0BAQsFAAOCAQEAiDCS3PBK3DbUIhIGiWRX2xYeRkv1
pkBvovK8vufWmrRYXnfZ0Cd9In1Z/75v3llalSw77qO20hipGhPzYfvFoAH5lSr6
HzHD61oUaeTRXfU0df8WLIjOLujdjdLth9theaFwsDQktMPOhpvi5tiPzNdDPkYH
meVYvU3EECveL2vlbK2hvt5WS7aKliFCWCEs75kXo4yZm1EbucMFTqe2earvN9zB
F/DPzHyYT30KULXXC2g07QGQcTXtjY3D6DzNBWBkRY+5016uJDEZxGD4b+PMYVu1
XobeiNJT2wOWqYgHI8NHJIwYck1pr2MfdfmlwpzD0JheL/DNUNkjlPHOLw==
-----END CERTIFICATE-----