Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1-hSvFuWJ-YSPxpXQV_gcFn6PY9U.cer
File:                     1-hSvFuWJ-YSPxpXQV_gcFn6PY9U.cer (raw, json)
Hash identifier:          xVYbw+3RroTGiOptgWtto2eYJbepSDrLjnshYuKTaVw=
Subject key identifier:   FA:14:AF:16:E5:89:F9:84:8F:C6:95:D0:57:F8:1C:16:7E:8F:63:D5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8019B7EAEF15E70D1F9741C11F8C177
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/84/6f502a-fd6f-4278-9ce8-ca51ebf3b35f/1/1-hSvFuWJ-YSPxpXQV_gcFn6PY9U.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/84/6f502a-fd6f-4278-9ce8-ca51ebf3b35f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:29:57 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 216264

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:9b:7e:ae:f1:5e:70:d1:f9:74:1c:11:f8:c1:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa14af16e589f9848fc695d057f81c167e8f63d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:33:d4:e4:61:24:f0:90:e2:3d:bb:1b:30:9a:
                    5a:d9:08:ed:15:64:9d:c8:9d:a6:b3:d9:b2:9d:22:
                    cc:0d:c8:a8:d4:7d:8e:41:9e:aa:b9:d5:38:9d:d5:
                    55:f9:5c:3b:ff:2e:be:5a:a7:eb:3d:32:b3:e9:23:
                    c9:cf:a4:c0:18:34:90:4b:38:bd:7f:d8:24:92:6d:
                    c7:36:d4:13:fd:50:b2:da:ec:d8:1c:9e:b1:f5:a6:
                    2a:d5:18:93:32:c1:fb:41:9a:dc:4a:8a:88:c1:41:
                    4e:8a:30:a7:30:9f:5a:c7:43:41:5e:44:b7:0b:72:
                    7a:27:07:e6:7d:12:7d:c3:13:30:97:08:ee:11:05:
                    51:cc:69:dd:68:e4:6e:be:2f:c3:32:5c:57:1a:b6:
                    35:76:2b:c2:72:67:b9:9b:a2:e8:38:4d:8f:b1:e8:
                    a7:ab:71:3f:b5:a6:45:70:37:bf:09:b7:2d:f3:d7:
                    2d:80:8c:b6:be:4c:62:61:d7:67:bf:ca:12:78:92:
                    18:89:3f:74:04:a9:54:7e:a8:39:99:bd:28:26:4f:
                    0d:d8:0c:87:b9:b9:29:d7:6f:ca:30:20:95:0c:f1:
                    e2:60:32:99:88:51:a9:0e:b0:e4:c5:9a:f4:c9:a1:
                    1f:3e:d2:a9:ca:82:3b:d6:74:2c:16:be:2a:ea:87:
                    ca:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:14:AF:16:E5:89:F9:84:8F:C6:95:D0:57:F8:1C:16:7E:8F:63:D5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/6f502a-fd6f-4278-9ce8-ca51ebf3b35f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/6f502a-fd6f-4278-9ce8-ca51ebf3b35f/1/1-hSvFuWJ-YSPxpXQV_gcFn6PY9U.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  216264

    Signature Algorithm: sha256WithRSAEncryption
         81:dd:af:c9:b3:03:d5:b5:94:e3:be:63:33:45:50:5b:27:43:
         3c:27:d9:6f:b1:dc:2f:b2:e1:5d:b1:29:74:52:75:78:8d:4e:
         d2:9d:05:7d:2a:9b:30:44:3d:e3:81:6d:30:9d:3c:fa:bd:4b:
         39:70:c4:23:8d:92:eb:df:34:2b:66:a0:81:02:fc:29:55:84:
         6d:42:0e:ce:94:95:16:76:7e:13:53:92:c8:81:78:d2:7f:c8:
         c3:ed:61:46:2f:ba:80:a2:53:90:9c:a9:3e:d0:8f:84:39:0a:
         cc:7b:06:fc:17:12:a2:f9:ab:71:92:95:1d:09:6b:2c:4d:52:
         aa:75:8b:d1:72:6b:2d:57:52:d6:7c:0f:7a:ad:da:57:7e:d9:
         d5:2c:8f:75:70:e2:82:f3:22:b1:3d:5e:8e:a2:5a:4c:1d:65:
         13:ea:04:d4:cf:e1:d3:11:38:00:ad:9b:26:73:fc:ae:b4:83:
         40:dc:00:5d:e1:bf:66:44:8c:8f:2e:4e:44:12:3d:9f:e8:08:
         eb:0b:9a:19:b0:e9:6c:09:dc:61:82:21:47:20:f0:4c:8e:16:
         bc:83:ff:21:3d:82:17:07:53:ff:bf:7d:9c:9b:41:4b:48:ac:
         9f:f8:42:e0:27:72:05:c1:5c:52:dc:f4:a6:bc:df:88:2f:40:
         7d:f6:71:43
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgISAYzIAZt+rvFecNH5dBwR+MF3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTE0YWYxNmU1ODlmOTg0OGZjNjk1ZDA1N2Y4MWMxNjdlOGY2M2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzPU5GEk8JDiPbsbMJpa2QjtFWSd
yJ2ms9mynSLMDcio1H2OQZ6qudU4ndVV+Vw7/y6+WqfrPTKz6SPJz6TAGDSQSzi9
f9gkkm3HNtQT/VCy2uzYHJ6x9aYq1RiTMsH7QZrcSoqIwUFOijCnMJ9ax0NBXkS3
C3J6JwfmfRJ9wxMwlwjuEQVRzGndaORuvi/DMlxXGrY1divCcme5m6LoOE2Psein
q3E/taZFcDe/Cbct89ctgIy2vkxiYddnv8oSeJIYiT90BKlUfqg5mb0oJk8N2AyH
ubkp12/KMCCVDPHiYDKZiFGpDrDkxZr0yaEfPtKpyoI71nQsFr4q6ofKIwIDAQAB
o4ICgDCCAnwwHQYDVR0OBBYEFPoUrxblifmEj8aV0Ff4HBZ+j2PVMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEkBggrBgEFBQcBCwSCARYwggESMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg0LzZmNTAy
YS1mZDZmLTQyNzgtOWNlOC1jYTUxZWJmM2IzNWYvMS8wfQYIKwYBBQUHMAqGcXJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODQvNmY1MDJh
LWZkNmYtNDI3OC05Y2U4LWNhNTFlYmYzYjM1Zi8xLzEtaFN2RnVXSi1ZU1B4cFhR
Vl9nY0ZuNlBZOVUubWZ0MDIGCCsGAQUFBzANhiZodHRwczovL3JyZHAucmlwZS5u
ZXQvbm90aWZpY2F0aW9uLnhtbDBZBgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jw
a2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhD
MlFIVlYzZDVtay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEF
BQcBCAEB/wQLMAmgBzAFAgMDTMgwDQYJKoZIhvcNAQELBQADggEBAIHdr8mzA9W1
lOO+YzNFUFsnQzwn2W+x3C+y4V2xKXRSdXiNTtKdBX0qmzBEPeOBbTCdPPq9Szlw
xCONkuvfNCtmoIEC/ClVhG1CDs6UlRZ2fhNTksiBeNJ/yMPtYUYvuoCiU5CcqT7Q
j4Q5Csx7BvwXEqL5q3GSlR0JayxNUqp1i9Fyay1XUtZ8D3qt2ld+2dUsj3Vw4oLz
IrE9Xo6iWkwdZRPqBNTP4dMROACtmyZz/K60g0DcAF3hv2ZEjI8uTkQSPZ/oCOsL
mhmw6WwJ3GGCIUcg8EyOFryD/yE9ghcHU/+/fZybQUtIrJ/4QuAncgXBXFLc9Ka8
34gvQH32cUM=
-----END CERTIFICATE-----