Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4R2Kp0uHbWuU_-UJ4k4_ZG2Wld4.cer
File:                     4R2Kp0uHbWuU_-UJ4k4_ZG2Wld4.cer (raw, json)
Hash identifier:          r8/aX/ByRTUOdhSxIlW5wEUd6wV3s+hIpbk403FhSVs=
Subject key identifier:   E1:1D:8A:A7:4B:87:6D:6B:94:FF:E5:09:E2:4E:3F:64:6D:96:95:DE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC42530F6FA8B11AC0ECAE24406520325
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/40/90c150-0a02-4180-9c49-62645295ee1d/1/4R2Kp0uHbWuU_-UJ4k4_ZG2Wld4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/40/90c150-0a02-4180-9c49-62645295ee1d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 08:30:20 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 211704

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:30:f6:fa:8b:11:ac:0e:ca:e2:44:06:52:03:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 08:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e11d8aa74b876d6b94ffe509e24e3f646d9695de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:32:cc:ee:ca:e3:f1:f2:4d:5e:c0:b5:4b:1f:
                    6e:55:0c:83:5a:54:5f:8c:f1:3d:85:17:90:38:ac:
                    f1:b5:1a:43:2d:b3:da:73:0f:59:6a:9d:e4:1f:16:
                    12:71:73:c5:43:8c:33:79:81:89:12:a9:6e:fe:94:
                    49:fe:d5:0f:d6:87:bf:88:57:63:df:24:b8:4d:77:
                    80:ad:45:cc:2d:99:87:2c:81:83:e6:6d:97:8a:71:
                    94:ec:89:79:90:74:ce:be:9b:81:8e:1a:e9:42:51:
                    c1:fa:3b:34:5e:fe:c1:1b:15:3e:12:d9:ff:97:26:
                    65:7b:10:81:d9:a5:2d:2c:e1:b1:6b:6c:47:0a:e3:
                    ba:8a:04:c0:f6:85:3f:17:f7:8f:90:38:42:f5:03:
                    9f:94:05:18:55:3f:8a:9d:53:c7:33:e9:4e:b8:5d:
                    b9:6b:14:17:4d:69:a2:00:81:18:f8:cf:89:71:28:
                    b1:d8:f0:c9:4f:f1:d3:3c:6d:63:63:75:40:48:6f:
                    80:02:0f:11:f9:66:6c:21:0e:e9:32:3a:42:71:ce:
                    bb:39:06:b0:b1:9e:7b:39:69:a1:fa:ce:37:60:09:
                    0b:0c:97:cc:2a:82:19:1f:b1:10:fb:de:8f:3a:0f:
                    e8:e4:ae:4c:fb:c1:2f:9c:c9:02:22:d3:fd:f2:65:
                    db:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:1D:8A:A7:4B:87:6D:6B:94:FF:E5:09:E2:4E:3F:64:6D:96:95:DE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/90c150-0a02-4180-9c49-62645295ee1d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/90c150-0a02-4180-9c49-62645295ee1d/1/4R2Kp0uHbWuU_-UJ4k4_ZG2Wld4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  211704

    Signature Algorithm: sha256WithRSAEncryption
         aa:02:4b:9d:99:39:96:d3:9e:59:df:c9:a9:f5:09:10:e6:bc:
         bd:5c:a0:c8:0e:11:3e:57:d8:1d:9b:60:82:12:32:42:0e:37:
         05:eb:73:81:26:92:4d:c9:d7:4e:f4:9a:b6:0a:2a:dc:3d:6e:
         9b:15:6a:71:1c:49:37:b9:82:0d:bf:c2:41:01:43:bf:d8:79:
         17:77:2c:cc:29:61:0c:22:9c:fd:31:65:31:eb:72:ad:a9:46:
         93:6f:6e:ce:ab:2f:22:0d:c3:bb:67:bd:48:20:16:c8:46:c4:
         fe:f8:77:66:4b:38:6f:fb:24:a1:15:96:20:a7:ef:6a:33:3a:
         ca:83:e9:dc:70:b2:59:dc:72:98:39:d7:9d:c0:c0:ef:d9:1f:
         d6:0b:1b:99:2b:c6:67:9f:98:8a:75:04:8d:8f:35:96:2d:f1:
         c0:f1:be:82:58:74:7f:f5:c3:ec:1c:b3:ed:40:82:0e:9f:11:
         3c:8d:d1:76:e2:52:4b:26:09:81:56:20:4a:5d:b2:ab:e3:f1:
         5c:89:55:66:d8:73:86:8b:fc:2c:30:c2:a5:0b:c7:68:7d:2f:
         fc:34:a8:e1:16:32:48:0c:ff:4a:13:b9:ba:5a:2a:af:91:83:
         a5:a4:e8:cf:7e:70:84:b6:df:e3:bb:bf:a0:a2:7e:2d:e3:50:
         cf:38:91:9b
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzEJTD2+osRrA7K4kQGUgMlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDgzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTFkOGFhNzRiODc2ZDZiOTRmZmU1MDllMjRlM2Y2NDZkOTY5NWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujLM7srj8fJNXsC1Sx9uVQyDWlRf
jPE9hReQOKzxtRpDLbPacw9Zap3kHxYScXPFQ4wzeYGJEqlu/pRJ/tUP1oe/iFdj
3yS4TXeArUXMLZmHLIGD5m2XinGU7Il5kHTOvpuBjhrpQlHB+js0Xv7BGxU+Etn/
lyZlexCB2aUtLOGxa2xHCuO6igTA9oU/F/ePkDhC9QOflAUYVT+KnVPHM+lOuF25
axQXTWmiAIEY+M+JcSix2PDJT/HTPG1jY3VASG+AAg8R+WZsIQ7pMjpCcc67OQaw
sZ57OWmh+s43YAkLDJfMKoIZH7EQ+96POg/o5K5M+8EvnMkCItP98mXbSQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFOEdiqdLh21rlP/lCeJOP2RtlpXeMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQwLzkwYzE1
MC0wYTAyLTQxODAtOWM0OS02MjY0NTI5NWVlMWQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDAvOTBjMTUw
LTBhMDItNDE4MC05YzQ5LTYyNjQ1Mjk1ZWUxZC8xLzRSMktwMHVIYld1VV8tVUo0
azRfWkcyV2xkNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM6+DANBgkqhkiG9w0BAQsFAAOCAQEAqgJLnZk5ltOe
Wd/JqfUJEOa8vVygyA4RPlfYHZtgghIyQg43BetzgSaSTcnXTvSatgoq3D1umxVq
cRxJN7mCDb/CQQFDv9h5F3cszClhDCKc/TFlMetyralGk29uzqsvIg3Du2e9SCAW
yEbE/vh3Zks4b/skoRWWIKfvajM6yoPp3HCyWdxymDnXncDA79kf1gsbmSvGZ5+Y
inUEjY81li3xwPG+glh0f/XD7Byz7UCCDp8RPI3RduJSSyYJgVYgSl2yq+PxXIlV
Zthzhov8LDDCpQvHaH0v/DSo4RYySAz/ShO5uloqr5GDpaToz35whLbf47u/oKJ+
LeNQzziRmw==
-----END CERTIFICATE-----