Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4T6m_xbPc7pgFIzjAJ9w-KPCKPY.cer
File:                     4T6m_xbPc7pgFIzjAJ9w-KPCKPY.cer (raw, json)
Hash identifier:          IgtZn+yaEQ8iTt294LOEt2yme/t45UMCLLGJSwWL6UA=
Subject key identifier:   E1:3E:A6:FF:16:CF:73:BA:60:14:8C:E3:00:9F:70:F8:A3:C2:28:F6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC72764AF6F85BB03CF0813E3B7BC6DC7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/32/b4cd4b-88f2-4e82-b366-99d7c8401683/1/4T6m_xbPc7pgFIzjAJ9w-KPCKPY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/32/b4cd4b-88f2-4e82-b366-99d7c8401683/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 22:31:36 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 199501
                          AS: 200866

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:64:af:6f:85:bb:03:cf:08:13:e3:b7:bc:6d:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e13ea6ff16cf73ba60148ce3009f70f8a3c228f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:9a:b6:f6:55:26:74:d1:a0:61:21:f4:dd:37:
                    5c:82:95:8b:10:43:2c:a5:85:bf:76:36:ba:dc:9a:
                    d5:85:5f:a8:c2:75:cb:49:36:32:b1:7d:83:43:ee:
                    33:c2:b7:7c:cd:eb:c1:08:22:e4:40:5b:23:0b:7f:
                    a0:a8:25:97:48:43:a1:19:8d:0b:68:ac:85:58:f9:
                    cc:74:d2:26:cb:68:99:53:e8:5d:4d:69:d1:50:63:
                    d1:86:2d:fb:25:e4:f0:76:b7:9a:3d:ec:60:b7:df:
                    74:3b:27:45:79:cc:92:4b:a2:4e:11:78:a3:be:41:
                    45:58:73:f1:34:5f:c6:43:eb:4f:d9:b8:36:3b:cd:
                    97:3e:74:df:a8:a1:fc:47:49:d1:1d:98:d7:dd:58:
                    f4:5b:b2:0f:a1:8f:1e:c5:39:2c:de:b8:69:02:1f:
                    28:75:bf:1d:c2:51:76:e0:dd:f8:47:74:d8:15:d6:
                    51:5a:e8:82:8c:81:44:9c:15:ee:29:89:3c:87:f6:
                    40:04:e3:93:4a:69:0d:be:2f:27:41:fb:21:c8:2c:
                    12:5d:ef:6d:64:63:e5:d2:73:c7:43:51:c8:1f:cd:
                    3d:b7:bc:1d:35:cc:11:fc:30:af:d5:5b:83:c5:bc:
                    ba:e3:c5:a1:9e:90:bf:cb:08:d8:ea:fb:70:d4:e2:
                    9f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:3E:A6:FF:16:CF:73:BA:60:14:8C:E3:00:9F:70:F8:A3:C2:28:F6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/b4cd4b-88f2-4e82-b366-99d7c8401683/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/b4cd4b-88f2-4e82-b366-99d7c8401683/1/4T6m_xbPc7pgFIzjAJ9w-KPCKPY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  199501
                  200866

    Signature Algorithm: sha256WithRSAEncryption
         ae:e5:ff:9d:79:5c:ca:12:c3:c1:dc:43:85:86:f6:a8:eb:92:
         d4:03:0e:97:b9:3d:33:e5:3b:ad:dd:50:51:c6:74:8e:cd:98:
         f8:62:ce:ed:87:af:ee:f8:55:06:31:bb:2f:11:2e:3b:b6:e8:
         3d:15:e3:95:0f:62:fa:58:46:b2:28:76:cd:5f:90:f2:37:70:
         c6:b6:96:03:dd:34:db:32:d9:88:a7:c1:61:f8:52:d2:e5:f5:
         b1:fe:d9:8b:83:c0:da:5f:bc:30:c7:09:5c:e0:8a:9d:15:73:
         c8:d7:e1:4e:f5:42:cc:1b:a9:f8:48:23:51:ca:7f:f1:c0:07:
         bf:6c:c8:34:f8:5e:ca:68:de:69:fa:53:74:78:92:c7:f8:7f:
         30:0e:39:37:97:8c:78:3a:27:64:93:89:81:01:3b:49:02:9c:
         aa:fa:0a:84:61:36:79:a0:eb:55:bc:f1:8a:0a:ed:9b:08:69:
         ee:05:a8:01:db:7d:54:e6:e1:8c:34:0b:ef:1b:eb:6d:5f:4d:
         61:1c:0e:9f:3e:df:d1:95:ea:8d:5a:1c:9a:7f:c1:b2:d4:97:
         79:d5:df:11:3f:59:6a:22:29:38:37:4c:d0:62:d5:22:96:60:
         c6:0c:d3:d7:3e:b1:4d:d1:5f:b4:a9:3b:d4:45:8b:0c:95:45:
         30:dc:f4:a5
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzHJ2Svb4W7A88IE+O3vG3HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjIzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTNlYTZmZjE2Y2Y3M2JhNjAxNDhjZTMwMDlmNzBmOGEzYzIyOGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJq29lUmdNGgYSH03TdcgpWLEEMs
pYW/dja63JrVhV+ownXLSTYysX2DQ+4zwrd8zevBCCLkQFsjC3+gqCWXSEOhGY0L
aKyFWPnMdNImy2iZU+hdTWnRUGPRhi37JeTwdreaPexgt990OydFecySS6JOEXij
vkFFWHPxNF/GQ+tP2bg2O82XPnTfqKH8R0nRHZjX3Vj0W7IPoY8exTks3rhpAh8o
db8dwlF24N34R3TYFdZRWuiCjIFEnBXuKYk8h/ZABOOTSmkNvi8nQfshyCwSXe9t
ZGPl0nPHQ1HIH809t7wdNcwR/DCv1VuDxby648WhnpC/ywjY6vtw1OKfZQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFOE+pv8Wz3O6YBSM4wCfcPijwij2MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMyL2I0Y2Q0
Yi04OGYyLTRlODItYjM2Ni05OWQ3Yzg0MDE2ODMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzIvYjRjZDRi
LTg4ZjItNGU4Mi1iMzY2LTk5ZDdjODQwMTY4My8xLzRUNm1feGJQYzdwZ0ZJempB
Sjl3LUtQQ0tQWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEIAQH/BBAwDqAMMAoCAwMLTQIDAxCiMA0GCSqGSIb3DQEBCwUAA4IBAQCu5f+d
eVzKEsPB3EOFhvao65LUAw6XuT0z5Tut3VBRxnSOzZj4Ys7th6/u+FUGMbsvES47
tug9FeOVD2L6WEayKHbNX5DyN3DGtpYD3TTbMtmIp8Fh+FLS5fWx/tmLg8DaX7ww
xwlc4IqdFXPI1+FO9ULMG6n4SCNRyn/xwAe/bMg0+F7KaN5p+lN0eJLH+H8wDjk3
l4x4Oidkk4mBATtJApyq+gqEYTZ5oOtVvPGKCu2bCGnuBagB231U5uGMNAvvG+tt
X01hHA6fPt/RleqNWhyaf8Gy1Jd51d8RP1lqIik4N0zQYtUilmDGDNPXPrFN0V+0
qTvURYsMlUUw3PSl
-----END CERTIFICATE-----