Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/HF2qvCUGIobrXJpRdGQBMIADdQQ.cer
File:                     HF2qvCUGIobrXJpRdGQBMIADdQQ.cer (raw, json)
Hash identifier:          VBoLt1nbIgyURiRhsN37G+kwYkBG/uIcV9wyoAVHflE=
Subject key identifier:   1C:5D:AA:BC:25:06:22:86:EB:5C:9A:51:74:64:01:30:80:03:75:04
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC4432AE888F906958BB54C1F72CB1BA1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/8/1C5DAABC25062286EB5C9A517464013080037504.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/8/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 09:03:05 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 210563

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:43:2a:e8:88:f9:06:95:8b:b5:4c:1f:72:cb:1b:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 09:03:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c5daabc25062286eb5c9a517464013080037504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:fa:c7:39:b0:80:cb:58:db:5f:2f:c3:8f:89:
                    8e:75:75:d7:c2:05:6c:a8:9f:fe:07:a7:af:4f:68:
                    9e:a2:73:04:6f:5f:52:7e:54:68:bf:61:8d:fc:f8:
                    28:e1:26:6d:59:4b:10:4f:2c:c3:4c:9a:40:3d:87:
                    bc:7f:aa:e0:90:84:70:ba:5c:25:22:31:4b:3a:3e:
                    89:b7:74:be:33:95:f7:a7:96:75:da:b6:46:88:5b:
                    18:2f:c9:8c:13:ca:f3:ec:df:61:c9:f8:fa:62:23:
                    b8:5c:31:1c:53:82:76:41:fe:3d:4c:9d:b9:45:c1:
                    cc:f4:6b:81:92:b7:99:9c:63:8c:c9:42:6e:21:4e:
                    b0:ee:8e:06:aa:8f:8d:4d:df:f9:5c:3f:27:5f:26:
                    25:b9:fc:ef:6a:75:65:37:f0:25:41:9f:e4:eb:0d:
                    22:df:e8:bf:df:14:4c:0e:23:1e:7d:d5:7e:ce:b1:
                    30:c2:25:f1:49:11:c7:e8:34:f6:79:73:46:36:a5:
                    81:06:9b:ad:42:23:a2:18:86:2b:b9:ab:65:22:fc:
                    6c:9a:a7:ef:f5:07:8d:8a:f2:99:ec:20:28:3d:44:
                    c4:a2:91:bb:84:f4:8e:98:c9:6a:c2:29:4d:7a:25:
                    25:52:19:67:9f:21:5a:83:ba:db:df:ec:2d:0f:41:
                    e8:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:5D:AA:BC:25:06:22:86:EB:5C:9A:51:74:64:01:30:80:03:75:04
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/8/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/7b575ea7-786f-4b2d-a455-79d7fc43ecee/8/1C5DAABC25062286EB5C9A517464013080037504.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210563

    Signature Algorithm: sha256WithRSAEncryption
         83:f4:a5:96:77:5e:cd:da:6f:2d:e8:fc:fa:c7:3e:8e:ac:d1:
         1a:ad:98:12:1b:33:71:e3:4e:fa:b4:31:df:08:d3:e7:96:b0:
         50:db:c5:94:33:f1:44:46:93:bc:ae:28:d1:01:0f:65:4e:09:
         3d:05:64:ad:c8:25:0e:85:62:b2:dc:87:a1:d3:e8:44:8f:17:
         22:ea:d6:4e:64:70:f4:98:ef:b5:50:fe:d8:34:89:bb:6d:63:
         40:b1:1f:f0:80:d0:5e:c6:e1:b4:21:c3:3d:9c:42:9b:97:e3:
         c8:b5:83:33:58:c6:5c:96:65:d5:94:90:fc:1d:88:6a:a2:75:
         98:f2:37:55:8a:f9:75:3f:a1:f4:6d:fa:1b:76:a3:fb:87:d4:
         74:6c:19:de:af:f5:f4:84:80:91:97:37:00:ec:18:9b:d1:68:
         4d:a3:97:b1:6a:86:67:13:fe:eb:d3:d3:2c:ad:cd:70:6e:39:
         1f:be:33:67:3d:cb:47:3b:c1:5d:fc:b1:dd:b8:76:ad:3e:96:
         b0:ec:71:83:d0:23:3c:9d:2a:df:a5:22:19:e0:62:3a:36:60:
         d9:ac:8c:82:1d:4c:ad:58:de:58:e0:2e:0b:6b:6d:1f:88:ad:
         c4:93:f2:c1:8f:50:a6:b5:05:df:1e:cf:40:c9:31:0e:1c:dd:
         2b:dd:1a:03
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAYzEQyroiPkGlYu1TB9yyxuhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDkwMzA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzVkYWFiYzI1MDYyMjg2ZWI1YzlhNTE3NDY0MDEzMDgwMDM3NTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPrHObCAy1jbXy/Dj4mOdXXXwgVs
qJ/+B6evT2ieonMEb19SflRov2GN/Pgo4SZtWUsQTyzDTJpAPYe8f6rgkIRwulwl
IjFLOj6Jt3S+M5X3p5Z12rZGiFsYL8mME8rz7N9hyfj6YiO4XDEcU4J2Qf49TJ25
RcHM9GuBkreZnGOMyUJuIU6w7o4Gqo+NTd/5XD8nXyYlufzvanVlN/AlQZ/k6w0i
3+i/3xRMDiMefdV+zrEwwiXxSRHH6DT2eXNGNqWBBputQiOiGIYruatlIvxsmqfv
9QeNivKZ7CAoPUTEopG7hPSOmMlqwilNeiUlUhlnnyFag7rb3+wtD0HoMwIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFBxdqrwlBiKG61yaUXRkATCAA3UEMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdiNTc1
ZWE3LTc4NmYtNGIyZC1hNDU1LTc5ZDdmYzQzZWNlZS84LzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2I1
NzVlYTctNzg2Zi00YjJkLWE0NTUtNzlkN2ZjNDNlY2VlLzgvMUM1REFBQkMyNTA2
MjI4NkVCNUM5QTUxNzQ2NDAxMzA4MDAzNzUwNC5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDNoMw
DQYJKoZIhvcNAQELBQADggEBAIP0pZZ3Xs3aby3o/PrHPo6s0RqtmBIbM3HjTvq0
Md8I0+eWsFDbxZQz8URGk7yuKNEBD2VOCT0FZK3IJQ6FYrLch6HT6ESPFyLq1k5k
cPSY77VQ/tg0ibttY0CxH/CA0F7G4bQhwz2cQpuX48i1gzNYxlyWZdWUkPwdiGqi
dZjyN1WK+XU/ofRt+ht2o/uH1HRsGd6v9fSEgJGXNwDsGJvRaE2jl7FqhmcT/uvT
0yytzXBuOR++M2c9y0c7wV38sd24dq0+lrDscYPQIzydKt+lIhngYjo2YNmsjIId
TK1Y3ljgLgtrbR+IrcST8sGPUKa1Bd8ez0DJMQ4c3SvdGgM=
-----END CERTIFICATE-----