Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4GY0WcQJMEey4XhSP1umP3X8TxY.cer
File:                     4GY0WcQJMEey4XhSP1umP3X8TxY.cer (raw, json)
Hash identifier:          AX50nqzo7xy7e84oCt80EIx52BoearNFCNCmSIrX0oY=
Subject key identifier:   E0:66:34:59:C4:09:30:47:B2:E1:78:52:3F:5B:A6:3F:75:FC:4F:16
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2A7C54FD7A283288AD328673A82269
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a6/43f654-92ba-4d30-9ed0-2da1253ce993/1/4GY0WcQJMEey4XhSP1umP3X8TxY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a6/43f654-92ba-4d30-9ed0-2da1253ce993/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:33:51 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 210705

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Apr 2024 17:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:7c:54:fd:7a:28:32:88:ad:32:86:73:a8:22:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:33:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0663459c4093047b2e178523f5ba63f75fc4f16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b2:e8:9c:f7:b8:1b:83:62:00:53:74:64:77:
                    25:e0:da:d6:c5:b9:de:aa:f0:88:f7:7f:46:f9:21:
                    88:25:c5:38:d5:4a:39:6f:ef:10:7a:8c:32:a8:a0:
                    9f:43:8e:87:65:70:cd:49:2f:5d:e9:52:b9:b6:06:
                    ad:e6:28:ea:43:d9:cb:4e:bd:bb:62:21:3c:44:56:
                    5d:ea:5d:2a:69:cb:a9:ac:89:bf:c9:cd:3f:69:57:
                    cc:51:ee:5e:3a:3c:f9:38:99:ce:e7:02:4b:7e:70:
                    09:d9:b3:1d:4f:38:d2:e6:23:06:66:32:32:1d:b1:
                    c3:e2:81:95:4e:29:f1:5d:30:91:5b:b2:4f:80:94:
                    f4:06:67:28:a9:24:5c:c9:d9:e0:1c:7f:04:04:a3:
                    b4:ac:a2:16:7d:eb:33:e1:b1:58:85:9f:68:ba:1b:
                    76:86:8d:f0:58:1b:a9:eb:30:d2:46:6c:af:f8:42:
                    95:90:98:f4:25:22:49:b8:27:30:e4:8c:f5:15:3b:
                    8d:74:4d:dd:63:38:d9:d5:62:c5:57:14:af:90:2c:
                    00:e7:5d:61:5f:8f:01:33:54:4e:0f:a7:12:84:d3:
                    e4:e1:ba:07:a0:1c:db:cb:5f:bc:e5:c7:7c:6b:b9:
                    08:18:56:63:44:24:f9:9c:c4:af:ce:29:02:1d:ee:
                    19:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:66:34:59:C4:09:30:47:B2:E1:78:52:3F:5B:A6:3F:75:FC:4F:16
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/43f654-92ba-4d30-9ed0-2da1253ce993/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/43f654-92ba-4d30-9ed0-2da1253ce993/1/4GY0WcQJMEey4XhSP1umP3X8TxY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210705

    Signature Algorithm: sha256WithRSAEncryption
         32:f6:1f:e4:cc:5f:8c:22:e2:d0:34:2b:99:da:6f:d0:3d:ca:
         70:59:ed:47:7d:05:85:97:7b:31:2a:66:97:7f:bd:72:18:c9:
         59:03:75:a0:4b:1c:02:ac:c9:b2:01:28:71:75:86:9b:0c:30:
         92:c5:d2:74:77:45:31:84:6c:3c:71:18:5c:3d:b7:60:2f:83:
         4e:12:76:3f:3c:0a:9f:23:46:42:ac:a1:1b:32:91:d6:1f:75:
         b7:69:29:1a:4a:4b:15:b2:3c:7d:53:23:53:74:88:d4:14:ce:
         33:39:cc:97:40:9d:f8:11:b5:9c:3a:f4:50:ee:37:68:84:42:
         db:f8:74:25:11:da:46:06:ca:cd:e4:98:84:43:8c:da:c0:2a:
         aa:4e:52:34:c9:31:bb:71:ed:8d:57:30:c0:15:2c:18:1d:d8:
         8b:74:fa:df:b6:9d:9d:c8:90:43:7a:03:29:e6:f6:a9:c1:e6:
         e5:a5:7d:66:ce:21:35:09:3a:3d:90:53:41:1c:7d:b9:a4:5e:
         b4:65:26:82:82:b9:41:df:14:49:32:c4:78:47:21:fc:66:cb:
         7b:88:5d:83:ec:13:1b:86:7b:e1:00:81:bd:1c:49:c7:78:81:
         7e:dc:7e:34:11:41:8e:28:a7:2e:35:44:b4:ca:82:b3:54:c5:
         c4:ce:8b:d5
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzKKnxU/XooMoitMoZzqCJpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzMzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDY2MzQ1OWM0MDkzMDQ3YjJlMTc4NTIzZjViYTYzZjc1ZmM0ZjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbLonPe4G4NiAFN0ZHcl4NrWxbne
qvCI939G+SGIJcU41Uo5b+8QeowyqKCfQ46HZXDNSS9d6VK5tgat5ijqQ9nLTr27
YiE8RFZd6l0qacuprIm/yc0/aVfMUe5eOjz5OJnO5wJLfnAJ2bMdTzjS5iMGZjIy
HbHD4oGVTinxXTCRW7JPgJT0BmcoqSRcydngHH8EBKO0rKIWfesz4bFYhZ9ouht2
ho3wWBup6zDSRmyv+EKVkJj0JSJJuCcw5Iz1FTuNdE3dYzjZ1WLFVxSvkCwA511h
X48BM1ROD6cShNPk4boHoBzby1+85cd8a7kIGFZjRCT5nMSvzikCHe4ZZQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFOBmNFnECTBHsuF4Uj9bpj91/E8WMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2E2LzQzZjY1
NC05MmJhLTRkMzAtOWVkMC0yZGExMjUzY2U5OTMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTYvNDNmNjU0
LTkyYmEtNGQzMC05ZWQwLTJkYTEyNTNjZTk5My8xLzRHWTBXY1FKTUVleTRYaFNQ
MXVtUDNYOFR4WS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM3ETANBgkqhkiG9w0BAQsFAAOCAQEAMvYf5MxfjCLi
0DQrmdpv0D3KcFntR30FhZd7MSpml3+9chjJWQN1oEscAqzJsgEocXWGmwwwksXS
dHdFMYRsPHEYXD23YC+DThJ2PzwKnyNGQqyhGzKR1h91t2kpGkpLFbI8fVMjU3SI
1BTOMznMl0Cd+BG1nDr0UO43aIRC2/h0JRHaRgbKzeSYhEOM2sAqqk5SNMkxu3Ht
jVcwwBUsGB3Yi3T637adnciQQ3oDKeb2qcHm5aV9Zs4hNQk6PZBTQRx9uaRetGUm
goK5Qd8USTLEeEch/GbLe4hdg+wTG4Z74QCBvRxJx3iBftx+NBFBjiinLjVEtMqC
s1TFxM6L1Q==
-----END CERTIFICATE-----