Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1-sCJqc1qA3W65JnMBqTKowcbXUw.cer
File:                     1-sCJqc1qA3W65JnMBqTKowcbXUw.cer (raw, json)
Hash identifier:          bepT9Kaz4V4/4KVegrF9H6C13xQ7qxG4+dIJovh/ifs=
Subject key identifier:   FA:C0:89:A9:CD:6A:03:75:BA:E4:99:CC:06:A4:CA:A3:07:1B:5D:4C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8DE392B033E8F615F73493C7F5786AC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8b/2fac9f-618c-42f6-9483-777f86166221/1/1-sCJqc1qA3W65JnMBqTKowcbXUw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8b/2fac9f-618c-42f6-9483-777f86166221/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 06:30:56 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 209154
                          IP: 193.35.200.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:39:2b:03:3e:8f:61:5f:73:49:3c:7f:57:86:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fac089a9cd6a0375bae499cc06a4caa3071b5d4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:28:69:50:11:13:f9:93:00:30:8f:dd:c3:b7:
                    cc:6b:79:d4:95:a4:9e:b0:42:6f:de:47:f3:71:3b:
                    01:07:cf:df:c3:9a:fe:f3:88:fc:8a:1c:1f:b9:75:
                    03:11:59:a8:73:be:90:33:e1:79:63:a5:d1:af:e3:
                    c8:43:52:b0:bb:d5:56:98:dd:8c:5d:99:4e:66:b0:
                    8d:d3:32:d8:d1:21:85:e9:98:91:e3:2d:05:cb:46:
                    ad:bb:02:60:a6:92:a2:c2:c1:8f:ac:81:54:c1:5c:
                    c6:57:56:5a:6e:2e:36:6f:ff:6f:96:ac:31:7a:1b:
                    0b:74:f3:cb:ee:19:ac:12:a6:91:2e:d5:57:9b:19:
                    77:d2:50:77:d2:4b:1a:67:9f:50:21:14:7d:89:6c:
                    14:ac:ce:77:6a:cd:35:31:66:ce:60:8d:7e:a8:9a:
                    99:df:ae:08:71:e6:0c:74:f9:18:0f:e7:2d:57:f0:
                    5e:30:2f:2e:de:43:5f:1c:db:23:20:09:d5:e3:d4:
                    17:0a:ab:ce:20:9d:c1:92:9a:d0:b4:ad:e4:63:4f:
                    02:e2:6b:45:a7:84:f8:d5:bf:a1:70:87:6c:10:99:
                    4a:61:54:a8:28:59:b0:fa:2c:25:d4:52:03:47:c7:
                    38:5f:a0:56:98:5c:8b:37:6e:49:72:34:32:52:85:
                    85:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:C0:89:A9:CD:6A:03:75:BA:E4:99:CC:06:A4:CA:A3:07:1B:5D:4C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/2fac9f-618c-42f6-9483-777f86166221/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/2fac9f-618c-42f6-9483-777f86166221/1/1-sCJqc1qA3W65JnMBqTKowcbXUw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.200.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  209154

    Signature Algorithm: sha256WithRSAEncryption
         6a:c3:45:e4:dd:10:d1:a4:e1:c9:eb:79:5f:7b:6f:a5:d3:a4:
         34:a8:fd:14:71:9a:59:41:b3:d1:6e:72:bb:bc:1e:07:05:d8:
         db:9c:c6:76:b1:c1:a9:2a:c9:29:a8:1d:8b:58:94:1e:dc:b5:
         0f:ec:cd:53:ea:c8:1d:bf:7d:42:f5:60:1f:de:7f:e2:c8:e8:
         50:3b:b6:82:e1:4f:b4:49:be:40:c8:f6:73:56:59:ab:cf:33:
         e0:94:41:b6:00:9d:03:69:f2:9c:0f:85:db:97:b8:0d:15:e9:
         a9:51:3f:8d:96:85:7c:06:3b:cd:86:94:53:97:8e:30:5d:3d:
         fc:25:5a:8d:44:a8:f1:ac:2f:55:19:11:6e:1e:07:0c:8c:f6:
         54:d0:11:ee:d2:ec:99:d2:68:d2:bc:e5:65:51:ef:17:39:53:
         a5:eb:3c:6c:ae:2b:93:3a:9e:7e:6e:cd:76:5f:52:93:1c:1a:
         98:b4:2b:6a:9c:66:c5:2d:c5:bd:83:53:6d:b9:dd:5d:e2:91:
         88:0f:9c:9d:eb:ab:74:d1:e1:f9:c6:97:54:4e:9f:5e:1d:1c:
         25:e4:a2:ed:80:3b:22:93:9c:82:b0:d7:6b:86:8d:dd:27:0a:
         fb:b6:ed:0f:18:c1:2d:b7:62:0a:df:e9:9a:8d:7e:d7:7b:38:
         5b:46:32:31
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAYzI3jkrAz6PYV9zSTx/V4asMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDYzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWMwODlhOWNkNmEwMzc1YmFlNDk5Y2MwNmE0Y2FhMzA3MWI1ZDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuihpUBET+ZMAMI/dw7fMa3nUlaSe
sEJv3kfzcTsBB8/fw5r+84j8ihwfuXUDEVmoc76QM+F5Y6XRr+PIQ1Kwu9VWmN2M
XZlOZrCN0zLY0SGF6ZiR4y0Fy0atuwJgppKiwsGPrIFUwVzGV1Zabi42b/9vlqwx
ehsLdPPL7hmsEqaRLtVXmxl30lB30ksaZ59QIRR9iWwUrM53as01MWbOYI1+qJqZ
364IceYMdPkYD+ctV/BeMC8u3kNfHNsjIAnV49QXCqvOIJ3BkprQtK3kY08C4mtF
p4T41b+hcIdsEJlKYVSoKFmw+iwl1FIDR8c4X6BWmFyLN25JcjQyUoWFiwIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFPrAianNagN1uuSZzAakyqMHG11MMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEkBggrBgEFBQcBCwSCARYwggESMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhiLzJmYWM5
Zi02MThjLTQyZjYtOTQ4My03NzdmODYxNjYyMjEvMS8wfQYIKwYBBQUHMAqGcXJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGIvMmZhYzlm
LTYxOGMtNDJmNi05NDgzLTc3N2Y4NjE2NjIyMS8xLzEtc0NKcWMxcUEzVzY1Sm5N
QnFUS293Y2JYVXcubWZ0MDIGCCsGAQUFBzANhiZodHRwczovL3JyZHAucmlwZS5u
ZXQvbm90aWZpY2F0aW9uLnhtbDBZBgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jw
a2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhD
MlFIVlYzZDVtay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAsEjyDAaBggrBgEFBQcBCAEB/wQLMAmgBzAF
AgMDMQIwDQYJKoZIhvcNAQELBQADggEBAGrDReTdENGk4cnreV97b6XTpDSo/RRx
mllBs9Fucru8HgcF2NucxnaxwakqySmoHYtYlB7ctQ/szVPqyB2/fUL1YB/ef+LI
6FA7toLhT7RJvkDI9nNWWavPM+CUQbYAnQNp8pwPhduXuA0V6alRP42WhXwGO82G
lFOXjjBdPfwlWo1EqPGsL1UZEW4eBwyM9lTQEe7S7JnSaNK85WVR7xc5U6XrPGyu
K5M6nn5uzXZfUpMcGpi0K2qcZsUtxb2DU2253V3ikYgPnJ3rq3TR4fnGl1ROn14d
HCXkou2AOyKTnIKw12uGjd0nCvu27Q8YwS23Ygrf6ZqNftd7OFtGMjE=
-----END CERTIFICATE-----