Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1i6pLsybDTVLX9cC4JkfFQown-Q.cer
File:                     1i6pLsybDTVLX9cC4JkfFQown-Q.cer (raw, json)
Hash identifier:          /OmlFWG7ilFEhLw2oOdcRwAGyINp7dTay/9+15RPo7g=
Subject key identifier:   D6:2E:A9:2E:CC:9B:0D:35:4B:5F:D7:02:E0:99:1F:15:0A:30:9F:E4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8DF84DFE58CADF32DA794D8EC46D9C8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/12/7b5814-7c76-495c-a6e7-54594795eea2/1/1i6pLsybDTVLX9cC4JkfFQown-Q.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/12/7b5814-7c76-495c-a6e7-54594795eea2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 06:32:20 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 210010
                          IP: 193.0.161.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Apr 2024 17:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:84:df:e5:8c:ad:f3:2d:a7:94:d8:ec:46:d9:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:32:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d62ea92ecc9b0d354b5fd702e0991f150a309fe4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:75:9b:03:60:af:09:f9:b1:6e:f5:5d:0d:0c:
                    c4:45:c2:ea:8a:00:fd:a8:28:bd:9b:0e:8c:92:68:
                    5b:8c:c9:33:b2:42:b3:05:b4:69:b4:eb:4a:4e:3c:
                    8b:f5:3c:c2:f6:8a:02:b8:60:73:8d:87:15:74:97:
                    99:bc:10:f0:89:60:b0:2d:04:28:bb:86:e4:1f:66:
                    6a:24:71:f7:d9:4c:92:a4:5b:ce:a0:e1:bc:33:c0:
                    45:74:e3:81:3e:30:56:c8:3a:46:8e:84:87:8e:f1:
                    72:42:a7:03:9f:e4:d2:e1:c3:cd:83:64:4b:b5:bb:
                    1c:63:50:40:71:75:0c:cf:3c:cc:d1:d3:d4:71:78:
                    8f:d4:6e:1e:5d:af:62:b3:58:f9:bb:f0:44:36:a6:
                    2e:c6:be:85:65:8e:a3:9b:f1:e6:97:88:af:01:ab:
                    d9:d0:e2:19:89:79:20:c6:9a:b4:83:f4:12:2e:28:
                    93:9c:06:a5:e8:56:0c:63:98:22:15:6e:ea:90:99:
                    14:62:25:0f:18:52:e3:8e:b5:55:98:3a:4e:59:95:
                    3d:21:3c:7d:01:92:b5:9d:31:58:2c:57:79:21:28:
                    fc:78:f4:17:c1:ec:e3:11:3f:e0:3d:46:1a:af:88:
                    15:72:d8:3c:99:63:44:fe:44:9d:08:24:74:94:5d:
                    bc:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:2E:A9:2E:CC:9B:0D:35:4B:5F:D7:02:E0:99:1F:15:0A:30:9F:E4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/7b5814-7c76-495c-a6e7-54594795eea2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/7b5814-7c76-495c-a6e7-54594795eea2/1/1i6pLsybDTVLX9cC4JkfFQown-Q.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.161.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210010

    Signature Algorithm: sha256WithRSAEncryption
         50:60:c0:41:31:fa:45:51:f9:e8:11:3e:43:a4:aa:b2:c6:6b:
         09:67:8f:e7:01:79:1f:5f:7f:74:59:36:ed:fa:d2:42:69:98:
         7a:89:a8:23:80:8a:a5:03:d7:3b:ab:d3:4c:63:65:3c:2f:fa:
         2b:6f:b5:3f:eb:39:d8:d2:c9:c5:c8:25:13:1e:0c:6a:79:88:
         88:36:db:06:cc:dd:53:42:59:2c:2e:35:d6:3d:64:59:63:36:
         f5:76:fd:9f:b2:ad:91:37:94:c7:e7:bf:f0:3b:12:7a:40:1b:
         19:fc:67:51:b0:e0:e0:c8:1d:eb:99:78:7e:93:9c:36:49:30:
         df:3f:43:ad:d0:52:0d:21:42:65:b6:63:7c:46:62:b5:e6:72:
         f1:5f:eb:f5:02:25:40:36:ef:65:cb:09:41:00:72:66:0c:3b:
         ed:74:e7:38:59:8b:eb:7e:7a:c2:5f:12:99:e2:d7:8f:42:4c:
         ad:d6:76:ab:27:e7:c4:2e:ea:67:86:fb:a4:8f:32:81:75:8b:
         ec:aa:0e:71:57:81:71:bd:3b:39:2c:46:91:3e:83:39:58:f5:
         dd:35:51:82:f1:e9:0f:e1:f2:ee:64:96:c5:b2:89:00:12:a6:
         cc:32:7a:7b:96:b9:a8:a7:b6:e4:e9:7d:f4:ca:97:37:4a:89:
         0d:1d:5b:df
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzI34Tf5Yyt8y2nlNjsRtnIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDYzMjIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjJlYTkyZWNjOWIwZDM1NGI1ZmQ3MDJlMDk5MWYxNTBhMzA5ZmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHWbA2CvCfmxbvVdDQzERcLqigD9
qCi9mw6MkmhbjMkzskKzBbRptOtKTjyL9TzC9ooCuGBzjYcVdJeZvBDwiWCwLQQo
u4bkH2ZqJHH32UySpFvOoOG8M8BFdOOBPjBWyDpGjoSHjvFyQqcDn+TS4cPNg2RL
tbscY1BAcXUMzzzM0dPUcXiP1G4eXa9is1j5u/BENqYuxr6FZY6jm/Hml4ivAavZ
0OIZiXkgxpq0g/QSLiiTnAal6FYMY5giFW7qkJkUYiUPGFLjjrVVmDpOWZU9ITx9
AZK1nTFYLFd5ISj8ePQXwezjET/gPUYar4gVctg8mWNE/kSdCCR0lF28XQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFNYuqS7Mmw01S1/XAuCZHxUKMJ/kMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEyLzdiNTgx
NC03Yzc2LTQ5NWMtYTZlNy01NDU5NDc5NWVlYTIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTIvN2I1ODE0
LTdjNzYtNDk1Yy1hNmU3LTU0NTk0Nzk1ZWVhMi8xLzFpNnBMc3liRFRWTFg5Y0M0
SmtmRlFvd24tUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwQChMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwM0WjANBgkqhkiG9w0BAQsFAAOCAQEAUGDAQTH6RVH56BE+Q6SqssZrCWeP5wF5
H19/dFk27frSQmmYeomoI4CKpQPXO6vTTGNlPC/6K2+1P+s52NLJxcglEx4ManmI
iDbbBszdU0JZLC411j1kWWM29Xb9n7KtkTeUx+e/8DsSekAbGfxnUbDg4Mgd65l4
fpOcNkkw3z9DrdBSDSFCZbZjfEZiteZy8V/r9QIlQDbvZcsJQQByZgw77XTnOFmL
6356wl8SmeLXj0JMrdZ2qyfnxC7qZ4b7pI8ygXWL7KoOcVeBcb07OSxGkT6DOVj1
3TVRgvHpD+Hy7mSWxbKJABKmzDJ6e5a5qKe25Ol99MqXN0qJDR1b3w==
-----END CERTIFICATE-----