Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1-Y3_9_PNqnmqjFH1zhKyOHBkQIE.cer
File:                     1-Y3_9_PNqnmqjFH1zhKyOHBkQIE.cer (raw, json)
Hash identifier:          0dCCQrgA8RuLg7icb5OAPP6vwFfUsdLd5TLqowA/PSs=
Subject key identifier:   F9:8D:FF:F7:F3:CD:AA:79:AA:8C:51:F5:CE:12:B2:38:70:64:40:81
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC795409AAFE21BF34397BC8AF9C54FEB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/68/5471a8-aedf-4d86-a46d-788c6306bb3f/1/1-Y3_9_PNqnmqjFH1zhKyOHBkQIE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/68/5471a8-aedf-4d86-a46d-788c6306bb3f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:31:36 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 216170
                          IP: 195.62.50.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:40:9a:af:e2:1b:f3:43:97:bc:8a:f9:c5:4f:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f98dfff7f3cdaa79aa8c51f5ce12b23870644081
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:e8:0d:3b:a3:a2:15:5e:5e:68:8e:c5:e5:de:
                    b3:9a:de:48:8a:15:62:bf:d6:61:40:64:96:82:a4:
                    45:b3:85:c3:d0:6e:1b:ed:ed:19:96:3d:35:4b:9c:
                    55:a5:1a:d3:5b:fc:b0:ab:e4:8f:2d:f3:42:e5:46:
                    10:f5:a1:00:7f:3e:87:e4:e1:39:30:89:f0:85:5f:
                    c6:35:46:82:d2:fa:8a:1e:f8:4b:df:a9:48:07:e3:
                    ae:1c:dd:7d:1f:56:cb:36:01:00:ce:73:52:a1:90:
                    94:84:58:85:ac:4a:ee:93:1b:c1:91:24:53:cb:96:
                    65:f8:9c:b2:6c:81:34:f1:6e:f0:7f:b6:94:ec:51:
                    70:f8:4a:88:37:87:92:18:bb:96:8d:26:91:70:a6:
                    ec:45:ff:2e:db:d6:64:e3:ea:c3:22:b0:8f:3c:0e:
                    30:dc:81:7d:76:ec:3d:e7:39:67:53:9e:94:b5:95:
                    c5:fa:cd:c8:4c:ac:62:b7:4c:95:63:28:91:55:40:
                    35:3f:e0:0e:a7:2b:f5:da:bb:94:d2:d3:a6:21:83:
                    22:65:5f:d1:b2:23:f6:12:16:e9:79:04:0a:a9:a6:
                    bd:cc:e9:98:ff:e6:ef:a6:6d:5c:f9:e0:70:d2:84:
                    de:2c:87:c2:0f:14:4b:7c:a9:c2:81:d0:3e:26:3d:
                    71:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:8D:FF:F7:F3:CD:AA:79:AA:8C:51:F5:CE:12:B2:38:70:64:40:81
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/5471a8-aedf-4d86-a46d-788c6306bb3f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/5471a8-aedf-4d86-a46d-788c6306bb3f/1/1-Y3_9_PNqnmqjFH1zhKyOHBkQIE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.62.50.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  216170

    Signature Algorithm: sha256WithRSAEncryption
         0e:65:4a:a2:e5:75:75:cd:27:2e:64:1a:54:69:db:5f:87:34:
         6c:d4:0e:51:93:8b:c0:45:20:08:04:62:ed:48:32:24:54:13:
         09:9e:dd:96:29:fa:b7:82:ac:47:27:ea:5d:02:33:6e:55:3f:
         a1:31:19:1b:6a:31:ac:70:b6:19:58:6b:47:d6:54:c9:4b:35:
         05:19:f2:62:fa:8f:90:0d:a8:77:85:97:0b:b2:6a:92:3c:a8:
         74:9f:ca:ae:9d:9d:95:c7:dc:3f:48:99:73:26:1f:74:41:b8:
         7d:22:59:6f:36:7e:20:49:37:84:42:1c:df:25:28:7c:45:01:
         6a:88:1b:71:89:58:58:8c:30:61:29:b0:03:26:be:8e:ad:7c:
         bc:92:04:e7:7c:bb:91:6d:ff:dd:f4:45:14:e5:37:c4:f1:19:
         df:a6:c3:38:20:a7:70:14:2f:dc:11:25:53:7f:f0:37:2e:b4:
         d4:9c:0d:71:94:c7:18:e7:d8:f4:f1:49:22:45:21:1a:6a:1e:
         fc:97:4d:52:1d:04:de:a1:36:15:d6:45:fd:3f:0b:48:8a:a1:
         e0:cd:57:00:7f:be:b1:5a:c1:39:fb:a9:f2:7a:86:b8:fe:68:
         59:2e:2c:ae:b1:e1:78:3a:83:e8:70:6f:66:a9:cc:84:15:cd:
         ea:2f:50:4a
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAYzHlUCar+Ib80OXvIr5xU/rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOThkZmZmN2YzY2RhYTc5YWE4YzUxZjVjZTEyYjIzODcwNjQ0MDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8OgNO6OiFV5eaI7F5d6zmt5IihVi
v9ZhQGSWgqRFs4XD0G4b7e0Zlj01S5xVpRrTW/ywq+SPLfNC5UYQ9aEAfz6H5OE5
MInwhV/GNUaC0vqKHvhL36lIB+OuHN19H1bLNgEAznNSoZCUhFiFrErukxvBkSRT
y5Zl+JyybIE08W7wf7aU7FFw+EqIN4eSGLuWjSaRcKbsRf8u29Zk4+rDIrCPPA4w
3IF9duw95zlnU56UtZXF+s3ITKxit0yVYyiRVUA1P+AOpyv12ruU0tOmIYMiZV/R
siP2EhbpeQQKqaa9zOmY/+bvpm1c+eBw0oTeLIfCDxRLfKnCgdA+Jj1xHwIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFPmN//fzzap5qoxR9c4SsjhwZECBMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEkBggrBgEFBQcBCwSCARYwggESMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzY4LzU0NzFh
OC1hZWRmLTRkODYtYTQ2ZC03ODhjNjMwNmJiM2YvMS8wfQYIKwYBBQUHMAqGcXJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjgvNTQ3MWE4
LWFlZGYtNGQ4Ni1hNDZkLTc4OGM2MzA2YmIzZi8xLzEtWTNfOV9QTnFubXFqRkgx
emhLeU9IQmtRSUUubWZ0MDIGCCsGAQUFBzANhiZodHRwczovL3JyZHAucmlwZS5u
ZXQvbm90aWZpY2F0aW9uLnhtbDBZBgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jw
a2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhD
MlFIVlYzZDVtay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAMM+MjAaBggrBgEFBQcBCAEB/wQLMAmgBzAF
AgMDTGowDQYJKoZIhvcNAQELBQADggEBAA5lSqLldXXNJy5kGlRp21+HNGzUDlGT
i8BFIAgEYu1IMiRUEwme3ZYp+reCrEcn6l0CM25VP6ExGRtqMaxwthlYa0fWVMlL
NQUZ8mL6j5ANqHeFlwuyapI8qHSfyq6dnZXH3D9ImXMmH3RBuH0iWW82fiBJN4RC
HN8lKHxFAWqIG3GJWFiMMGEpsAMmvo6tfLySBOd8u5Ft/930RRTlN8TxGd+mwzgg
p3AUL9wRJVN/8DcutNScDXGUxxjn2PTxSSJFIRpqHvyXTVIdBN6hNhXWRf0/C0iK
oeDNVwB/vrFawTn7qfJ6hrj+aFkuLK6x4Xg6g+hwb2apzIQVzeovUEo=
-----END CERTIFICATE-----