Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1Gyb5Gy6MFEGYjPKT5Yoom34_Mo.cer
File:                     1Gyb5Gy6MFEGYjPKT5Yoom34_Mo.cer (raw, json)
Hash identifier:          9hIM5AwF31TNnUw2qdYB7ls40fHtj51pRJQtxDLMK8I=
Subject key identifier:   D4:6C:9B:E4:6C:BA:30:51:06:62:33:CA:4F:96:28:A2:6D:F8:FC:CA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC801AC1CB76355E04997184B47D8D708
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/05/dbb2dc-da06-467b-b312-73c8671a90f6/1/1Gyb5Gy6MFEGYjPKT5Yoom34_Mo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/05/dbb2dc-da06-467b-b312-73c8671a90f6/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:30:02 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 43956

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:ac:1c:b7:63:55:e0:49:97:18:4b:47:d8:d7:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d46c9be46cba3051066233ca4f9628a26df8fcca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a2:10:59:fa:26:bf:b4:14:44:4a:6d:6a:cc:
                    f0:a9:d1:28:83:0f:f8:36:51:7c:76:bb:28:cf:d7:
                    b4:db:a5:72:a5:91:82:56:3f:ce:84:48:26:c1:62:
                    b9:b7:bf:26:c2:73:d2:c4:bd:f8:70:7b:41:5e:4b:
                    3b:e7:c8:8e:9b:ac:7d:fa:54:4b:23:2f:57:0e:21:
                    5c:2c:0d:74:e6:d0:07:31:cc:7e:fc:d3:af:eb:23:
                    91:21:d9:bb:f1:23:e2:ee:a7:36:bf:77:74:16:47:
                    95:e3:99:86:3b:58:ac:e7:8f:cd:f9:d2:f4:9a:f7:
                    5f:ef:82:05:8a:c1:75:94:e3:40:1d:2c:71:de:13:
                    f2:a3:c2:c9:27:d4:b1:c3:24:8e:32:81:14:d7:38:
                    38:00:0a:b7:8e:9c:8c:80:69:cc:2d:a9:c3:92:34:
                    4a:98:10:d0:be:8d:1c:da:19:fd:0a:35:d6:d3:b3:
                    45:75:92:18:70:72:3b:bd:95:56:44:09:e6:57:73:
                    e4:b2:87:4b:fb:37:86:af:69:6b:2e:87:8b:6b:52:
                    5e:de:ea:fe:0f:ad:f7:22:76:06:75:d4:c2:a6:26:
                    11:fa:c3:1c:f1:60:b8:b8:f6:ac:6d:fa:02:ca:a9:
                    1d:51:c9:f7:4e:94:32:d0:96:cf:aa:c2:43:a9:a6:
                    02:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:6C:9B:E4:6C:BA:30:51:06:62:33:CA:4F:96:28:A2:6D:F8:FC:CA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/dbb2dc-da06-467b-b312-73c8671a90f6/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/dbb2dc-da06-467b-b312-73c8671a90f6/1/1Gyb5Gy6MFEGYjPKT5Yoom34_Mo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  43956

    Signature Algorithm: sha256WithRSAEncryption
         6a:ff:02:13:f6:bc:74:c2:ed:ea:51:03:10:44:e7:97:07:a3:
         f3:dc:1e:34:5b:32:60:4a:8a:db:fb:46:85:61:4e:cb:d8:4a:
         9c:68:d3:b7:68:54:df:18:53:d8:32:6c:1a:d9:59:ef:1f:4b:
         b4:21:54:52:15:6f:63:c5:ba:da:05:5a:8b:f5:59:a5:e1:11:
         7c:7a:8c:0c:20:aa:1f:7a:82:56:84:a5:77:0c:88:ce:f1:0d:
         9b:d6:c5:24:49:ae:eb:03:b4:95:87:8f:8f:60:44:e6:50:c0:
         a0:e9:b8:56:ae:bd:ad:5c:7c:04:a5:b1:84:4f:6d:45:07:00:
         d8:48:46:ea:42:5d:6b:72:fb:30:4a:8e:a3:7b:8e:a3:f0:23:
         2d:73:ce:3c:6c:6c:55:82:a1:b0:2e:89:a9:93:86:22:ed:31:
         8c:4d:d8:6b:4d:46:35:ef:5b:20:77:a7:7c:f2:6c:cb:35:7e:
         db:cd:e0:96:9e:2a:9e:75:e9:f7:e1:f0:9c:e7:87:4c:61:90:
         64:6d:82:5c:7b:89:a4:17:2a:af:4f:68:f7:92:b0:fb:93:b9:
         75:df:08:15:08:0e:c6:5e:9e:0f:ad:3b:16:9b:5e:ac:21:a8:
         09:7e:40:a8:11:32:f8:90:1e:f8:17:cd:3d:60:2a:d4:c4:5c:
         16:d4:4c:13
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzIAawct2NV4EmXGEtH2NcIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDZjOWJlNDZjYmEzMDUxMDY2MjMzY2E0Zjk2MjhhMjZkZjhmY2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaIQWfomv7QUREptaszwqdEogw/4
NlF8drsoz9e026VypZGCVj/OhEgmwWK5t78mwnPSxL34cHtBXks758iOm6x9+lRL
Iy9XDiFcLA105tAHMcx+/NOv6yORIdm78SPi7qc2v3d0FkeV45mGO1is54/N+dL0
mvdf74IFisF1lONAHSxx3hPyo8LJJ9SxwySOMoEU1zg4AAq3jpyMgGnMLanDkjRK
mBDQvo0c2hn9CjXW07NFdZIYcHI7vZVWRAnmV3PksodL+zeGr2lrLoeLa1Je3ur+
D633InYGddTCpiYR+sMc8WC4uPasbfoCyqkdUcn3TpQy0JbPqsJDqaYClQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFNRsm+RsujBRBmIzyk+WKKJt+PzKMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzA1L2RiYjJk
Yy1kYTA2LTQ2N2ItYjMxMi03M2M4NjcxYTkwZjYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDUvZGJiMmRj
LWRhMDYtNDY3Yi1iMzEyLTczYzg2NzFhOTBmNi8xLzFHeWI1R3k2TUZFR1lqUEtU
NVlvb20zNF9Nby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwCrtDANBgkqhkiG9w0BAQsFAAOCAQEAav8CE/a8dMLt
6lEDEETnlwej89weNFsyYEqK2/tGhWFOy9hKnGjTt2hU3xhT2DJsGtlZ7x9LtCFU
UhVvY8W62gVai/VZpeERfHqMDCCqH3qCVoSldwyIzvENm9bFJEmu6wO0lYePj2BE
5lDAoOm4Vq69rVx8BKWxhE9tRQcA2EhG6kJda3L7MEqOo3uOo/AjLXPOPGxsVYKh
sC6JqZOGIu0xjE3Ya01GNe9bIHenfPJsyzV+283glp4qnnXp9+HwnOeHTGGQZG2C
XHuJpBcqr09o95Kw+5O5dd8IFQgOxl6eD607FpterCGoCX5AqBEy+JAe+BfNPWAq
1MRcFtRMEw==
-----END CERTIFICATE-----