Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5LDTY6ChegaEUahRRc5PpGTX-hs.cer
File:                     5LDTY6ChegaEUahRRc5PpGTX-hs.cer (raw, json)
Hash identifier:          rW+nd4P6hZh/xDz/3zk0Q27OFsjDnWbOxZS+pjfxDLM=
Subject key identifier:   E4:B0:D3:63:A0:A1:7A:06:84:51:A8:51:45:CE:4F:A4:64:D7:FA:1B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC64B75D434CF7FB6E5F388815775AFE4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/0e/4753d3-a1e9-4fd5-aefe-7c7d8a78a963/1/5LDTY6ChegaEUahRRc5PpGTX-hs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/0e/4753d3-a1e9-4fd5-aefe-7c7d8a78a963/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:31:23 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 211243

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 02:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:75:d4:34:cf:7f:b6:e5:f3:88:81:57:75:af:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4b0d363a0a17a068451a85145ce4fa464d7fa1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:72:e1:9f:74:cc:f0:8e:5b:22:e7:ae:a6:6b:
                    7a:db:76:00:da:b7:8a:f9:fe:f4:15:39:b3:0c:76:
                    a7:22:08:2a:93:ad:ca:b5:23:0b:24:f5:dd:33:65:
                    12:2d:92:8b:35:bf:de:57:a3:69:34:90:c1:05:a2:
                    f5:1b:2d:6f:98:b1:58:04:c7:6b:1a:a4:94:be:75:
                    a5:64:cf:ac:02:db:e0:11:5f:c2:0b:81:13:b9:e6:
                    eb:fa:4f:02:52:2b:8c:e4:9d:d0:f0:79:21:ee:bd:
                    8e:c1:aa:5c:ee:54:95:bb:d2:ce:7d:28:d0:dc:70:
                    c6:1c:2c:64:9f:ca:98:b6:76:fb:1e:8d:0b:94:3d:
                    66:b0:11:28:2d:c5:77:90:10:8d:15:83:f6:53:d5:
                    b7:75:f5:9a:4d:58:33:7b:68:2f:ea:70:08:06:4c:
                    38:f0:f8:ec:34:11:6d:49:4b:74:88:9a:77:be:06:
                    e7:6c:d4:6a:72:51:5a:4a:b0:3c:08:03:e7:f2:d7:
                    bc:9f:46:c6:6e:21:b3:1c:93:8a:49:66:00:0b:1c:
                    a4:8e:f0:b7:25:e8:7c:ff:25:d4:dc:fc:af:3c:c6:
                    c0:91:b6:2b:e8:b9:ab:91:e1:1d:c9:19:20:26:a8:
                    0f:f4:bb:cf:00:19:66:be:17:cd:7b:58:55:31:01:
                    37:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:B0:D3:63:A0:A1:7A:06:84:51:A8:51:45:CE:4F:A4:64:D7:FA:1B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/4753d3-a1e9-4fd5-aefe-7c7d8a78a963/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/4753d3-a1e9-4fd5-aefe-7c7d8a78a963/1/5LDTY6ChegaEUahRRc5PpGTX-hs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  211243

    Signature Algorithm: sha256WithRSAEncryption
         0b:ef:02:ca:e3:a1:e0:5f:f4:1a:9e:5a:b2:1e:25:2c:7c:86:
         ac:45:58:10:07:8b:47:ff:da:71:3b:5a:2a:ea:ef:e7:64:f0:
         f3:5a:46:b2:7b:c1:54:48:a5:4f:97:76:b5:66:a8:9f:75:c4:
         3d:3a:2d:94:c3:6b:dd:e4:d3:da:72:d2:29:06:29:c9:bd:c0:
         30:72:6d:98:98:58:56:71:a1:68:7a:65:17:b8:ac:a2:53:31:
         cd:97:05:8a:62:e0:16:df:3c:7c:d3:cc:81:a5:b5:07:bc:96:
         02:6f:4a:43:4f:51:f3:ee:30:c8:05:3c:1b:9e:e4:81:d0:9c:
         c2:10:bd:b1:14:49:ea:33:64:21:b0:45:e1:03:02:12:f9:39:
         eb:6e:e4:4e:c3:5d:04:b0:7b:7d:4d:c3:13:7d:0b:1c:7e:7b:
         2e:49:7a:4a:d2:0f:de:93:9a:6b:22:00:1d:c4:36:f6:d2:5f:
         5c:71:eb:7c:bf:a7:02:17:3d:d4:38:47:a0:c6:45:29:56:41:
         30:42:b3:4a:72:a9:47:0e:3c:50:7b:7d:d0:5f:59:6c:64:5d:
         ae:d9:29:c5:b5:e0:97:19:ee:e1:95:89:88:0e:19:f8:f1:ed:
         cc:5b:90:85:b5:fd:3a:53:d1:7a:88:40:35:95:44:5a:e9:89:
         8f:73:0f:5c
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzGS3XUNM9/tuXziIFXda/kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGIwZDM2M2EwYTE3YTA2ODQ1MWE4NTE0NWNlNGZhNDY0ZDdmYTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3Lhn3TM8I5bIueupmt623YA2reK
+f70FTmzDHanIggqk63KtSMLJPXdM2USLZKLNb/eV6NpNJDBBaL1Gy1vmLFYBMdr
GqSUvnWlZM+sAtvgEV/CC4ETuebr+k8CUiuM5J3Q8Hkh7r2Owapc7lSVu9LOfSjQ
3HDGHCxkn8qYtnb7Ho0LlD1msBEoLcV3kBCNFYP2U9W3dfWaTVgze2gv6nAIBkw4
8PjsNBFtSUt0iJp3vgbnbNRqclFaSrA8CAPn8te8n0bGbiGzHJOKSWYACxykjvC3
Jeh8/yXU3PyvPMbAkbYr6LmrkeEdyRkgJqgP9LvPABlmvhfNe1hVMQE3rwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFOSw02OgoXoGhFGoUUXOT6Rk1/obMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBlLzQ3NTNk
My1hMWU5LTRmZDUtYWVmZS03YzdkOGE3OGE5NjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGUvNDc1M2Qz
LWExZTktNGZkNS1hZWZlLTdjN2Q4YTc4YTk2My8xLzVMRFRZNkNoZWdhRVVhaFJS
YzVQcEdUWC1ocy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM5KzANBgkqhkiG9w0BAQsFAAOCAQEAC+8CyuOh4F/0
Gp5ash4lLHyGrEVYEAeLR//acTtaKurv52Tw81pGsnvBVEilT5d2tWaon3XEPTot
lMNr3eTT2nLSKQYpyb3AMHJtmJhYVnGhaHplF7isolMxzZcFimLgFt88fNPMgaW1
B7yWAm9KQ09R8+4wyAU8G57kgdCcwhC9sRRJ6jNkIbBF4QMCEvk5627kTsNdBLB7
fU3DE30LHH57Lkl6StIP3pOaayIAHcQ29tJfXHHrfL+nAhc91DhHoMZFKVZBMEKz
SnKpRw48UHt90F9ZbGRdrtkpxbXglxnu4ZWJiA4Z+PHtzFuQhbX9OlPReohANZVE
WumJj3MPXA==
-----END CERTIFICATE-----