Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5PFY7_xrOIKiWQweaQasoQjhjsI.cer
File:                     5PFY7_xrOIKiWQweaQasoQjhjsI.cer (raw, json)
Hash identifier:          Jen5mXlUZQrOPSLbgQfBb3YVoemOoufvoZoyFkNHkLE=
Subject key identifier:   E4:F1:58:EF:FC:6B:38:82:A2:59:0C:1E:69:06:AC:A1:08:E1:8E:C2
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC26D87090A766BCAE55594F6DE3B87C2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/5b/83c00e-f414-489d-9470-c693249651d5/1/5PFY7_xrOIKiWQweaQasoQjhjsI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/5b/83c00e-f414-489d-9470-c693249651d5/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 00:30:07 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 8405
                          IP: 193.188.154.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Apr 2024 23:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:87:09:0a:76:6b:ca:e5:55:94:f6:de:3b:87:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4f158effc6b3882a2590c1e6906aca108e18ec2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:26:cd:60:e4:a9:43:32:48:91:de:e5:23:45:
                    28:8f:05:80:7c:80:ee:19:98:8f:42:27:69:6b:33:
                    fb:58:30:c0:18:30:1d:ff:4c:95:63:c0:c1:82:f4:
                    13:41:79:e8:2c:d6:80:7d:c3:9f:2f:f9:62:eb:98:
                    63:93:45:0c:e3:14:64:65:cb:6b:df:4d:67:db:8e:
                    1d:8f:05:f4:a9:d3:cd:ad:4d:fb:28:42:a1:53:91:
                    e4:9d:65:7a:66:2d:dd:12:45:43:89:3b:d3:8b:d9:
                    ca:45:c6:72:2d:d8:ba:a6:78:db:ce:91:86:7a:d2:
                    4c:1a:24:14:d8:c9:55:f9:8e:3d:51:9a:27:33:6b:
                    08:00:08:e7:f7:6d:a8:b1:f7:97:ec:40:2a:00:b8:
                    17:d1:29:2a:24:08:c2:ca:b5:06:6f:ff:98:2d:e7:
                    d7:0b:d2:b8:ad:88:00:69:2f:04:b3:78:2a:a0:05:
                    8c:46:5f:47:28:f4:c8:f6:b0:61:c2:50:46:bd:7d:
                    55:9a:8c:81:b6:02:54:54:e0:8b:d5:e9:72:48:b6:
                    a1:37:4a:d7:fd:c5:a1:d9:9a:a7:05:44:35:cf:5f:
                    20:28:f1:7f:01:b4:95:6f:01:2f:98:9d:e1:51:98:
                    f1:e8:4b:88:9e:c1:0d:f7:7c:6b:f7:5c:8e:09:88:
                    f2:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:F1:58:EF:FC:6B:38:82:A2:59:0C:1E:69:06:AC:A1:08:E1:8E:C2
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/83c00e-f414-489d-9470-c693249651d5/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/83c00e-f414-489d-9470-c693249651d5/1/5PFY7_xrOIKiWQweaQasoQjhjsI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.188.154.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  8405

    Signature Algorithm: sha256WithRSAEncryption
         42:c7:58:05:81:52:90:86:89:6c:a5:b6:fb:3a:c7:2a:1e:f7:
         c0:c3:82:0b:74:40:9b:ed:37:d6:d9:b1:79:8c:47:c7:13:42:
         82:72:59:ed:18:84:57:4e:de:c3:85:b9:63:fe:45:ec:32:5d:
         c5:dc:b3:c7:b3:38:e1:c7:4d:da:90:17:77:2e:04:e0:da:37:
         6f:54:c1:df:b8:b9:63:a7:41:21:26:f6:3b:3a:66:f5:aa:2e:
         17:7a:b7:90:63:37:2a:28:77:9f:e9:b4:ce:d2:a9:d9:a2:cf:
         72:99:a6:3f:27:d6:91:e0:9a:79:a2:ef:b8:b7:ab:b5:59:24:
         fb:20:65:80:c1:e7:9a:66:22:4d:57:4f:de:b2:62:30:2e:56:
         e9:07:3e:da:73:b4:a9:83:06:76:83:55:e4:cb:f1:d6:e2:75:
         67:52:23:f7:b9:4c:b4:bb:f6:c8:9f:59:a6:e1:98:a4:4d:86:
         9c:14:dc:22:ec:ae:01:63:cb:35:95:32:93:ad:cb:84:d5:f6:
         a7:b3:d3:4a:96:07:d1:81:0b:e7:10:30:20:09:f0:c3:b0:fa:
         cb:ad:a0:c7:59:f5:a2:4b:b7:93:51:b8:38:9d:c2:9e:36:4c:
         09:ad:e2:73:57:a5:89:d0:3a:42:1e:33:ce:eb:7a:12:5b:6c:
         8e:a8:d9:f3
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAYzCbYcJCnZryuVVlPbeO4fCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDAzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGYxNThlZmZjNmIzODgyYTI1OTBjMWU2OTA2YWNhMTA4ZTE4ZWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwybNYOSpQzJIkd7lI0UojwWAfIDu
GZiPQidpazP7WDDAGDAd/0yVY8DBgvQTQXnoLNaAfcOfL/li65hjk0UM4xRkZctr
301n244djwX0qdPNrU37KEKhU5HknWV6Zi3dEkVDiTvTi9nKRcZyLdi6pnjbzpGG
etJMGiQU2MlV+Y49UZonM2sIAAjn922osfeX7EAqALgX0SkqJAjCyrUGb/+YLefX
C9K4rYgAaS8Es3gqoAWMRl9HKPTI9rBhwlBGvX1VmoyBtgJUVOCL1elySLahN0rX
/cWh2ZqnBUQ1z18gKPF/AbSVbwEvmJ3hUZjx6EuInsEN93xr91yOCYjytwIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFOTxWO/8aziColkMHmkGrKEI4Y7CMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzViLzgzYzAw
ZS1mNDE0LTQ4OWQtOTQ3MC1jNjkzMjQ5NjUxZDUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWIvODNjMDBl
LWY0MTQtNDg5ZC05NDcwLWM2OTMyNDk2NTFkNS8xLzVQRlk3X3hyT0lLaVdRd2Vh
UWFzb1FqaGpzSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBwbyaMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AiDVMA0GCSqGSIb3DQEBCwUAA4IBAQBCx1gFgVKQholspbb7OscqHvfAw4ILdECb
7TfW2bF5jEfHE0KCclntGIRXTt7Dhblj/kXsMl3F3LPHszjhx03akBd3LgTg2jdv
VMHfuLljp0EhJvY7Omb1qi4XereQYzcqKHef6bTO0qnZos9ymaY/J9aR4Jp5ou+4
t6u1WST7IGWAweeaZiJNV0/esmIwLlbpBz7ac7SpgwZ2g1Xky/HW4nVnUiP3uUy0
u/bIn1mm4ZikTYacFNwi7K4BY8s1lTKTrcuE1fans9NKlgfRgQvnEDAgCfDDsPrL
raDHWfWiS7eTUbg4ncKeNkwJreJzV6WJ0DpCHjPO63oSW2yOqNnz
-----END CERTIFICATE-----