Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5cN18687kSQJ3YNgp0CRNVaTcUE.cer
File:                     5cN18687kSQJ3YNgp0CRNVaTcUE.cer (raw, json)
Hash identifier:          LNxyiVzXbT8adkn8keLO74Bo9JzHCHLsEmVdHi694sY=
Subject key identifier:   E5:C3:75:F3:AF:3B:91:24:09:DD:83:60:A7:40:91:35:56:93:71:41
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018E2D29C2E3C6EC7787A310B30D3B2238F4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/13/8d00c2-71db-4fee-b6cb-c75c6d20d32c/1/5cN18687kSQJ3YNgp0CRNVaTcUE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/13/8d00c2-71db-4fee-b6cb-c75c6d20d32c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 11 Mar 2024 10:58:15 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 215532

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2d:29:c2:e3:c6:ec:77:87:a3:10:b3:0d:3b:22:38:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar 11 10:58:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5c375f3af3b912409dd8360a740913556937141
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:69:9d:c5:4b:0b:2c:29:03:fc:f4:bd:bd:05:
                    e5:b6:2a:f9:3a:ba:99:4c:ee:5f:f0:e2:23:9d:76:
                    36:fc:e9:96:ac:99:08:0f:f6:5d:5d:51:ab:ba:85:
                    52:02:6e:48:3c:31:7d:81:0d:51:e9:06:f8:14:4c:
                    cb:01:3d:2e:b1:d4:6e:38:87:f5:ce:01:7c:ea:ef:
                    1e:c7:2b:58:f9:8a:45:48:99:29:d1:ce:71:1a:be:
                    ba:9a:c1:82:70:83:fa:4a:71:51:cd:67:8a:b6:4d:
                    67:5e:bb:96:61:64:46:60:d5:98:84:69:d2:67:bc:
                    08:db:7a:77:d2:71:ff:71:c1:62:b4:71:03:b3:58:
                    4f:de:f5:ca:2c:75:10:b2:fd:02:dc:e3:45:0d:1b:
                    cc:6a:b1:9b:b2:e0:59:d8:97:2c:b0:5f:e0:76:5e:
                    ad:86:7a:c9:cb:06:18:26:5b:08:91:23:2f:6a:18:
                    ce:7c:85:f4:9a:c8:e6:a7:f4:7f:6d:49:1f:b0:30:
                    54:76:61:bd:06:64:40:06:d0:78:f1:5b:95:30:f9:
                    c5:47:82:17:06:ae:40:4b:53:c1:96:eb:44:f5:21:
                    a6:32:4f:e1:d7:ec:c9:15:60:b8:ce:56:6a:e7:3b:
                    24:04:bb:e3:be:49:85:fd:09:2d:45:50:bf:2e:ab:
                    a6:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:C3:75:F3:AF:3B:91:24:09:DD:83:60:A7:40:91:35:56:93:71:41
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/8d00c2-71db-4fee-b6cb-c75c6d20d32c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/8d00c2-71db-4fee-b6cb-c75c6d20d32c/1/5cN18687kSQJ3YNgp0CRNVaTcUE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215532

    Signature Algorithm: sha256WithRSAEncryption
         27:15:e6:32:05:46:1c:06:4f:3f:b1:3e:d6:ab:56:9d:2a:5c:
         f5:e4:54:fe:c2:1d:ff:c5:32:ed:7a:3f:c4:aa:7c:70:91:6f:
         1e:dc:a1:eb:aa:e7:b1:3e:c9:53:d8:21:4f:31:7a:e5:a1:7a:
         52:24:53:82:4f:c5:aa:b9:bb:de:8b:8c:67:17:ab:38:4f:e7:
         72:68:c7:d9:81:2f:e0:3a:db:c2:51:e4:c5:eb:b1:59:36:ea:
         82:b2:cc:1a:a2:d3:98:65:76:6d:cb:8d:47:42:3e:47:f6:09:
         7c:a6:b2:11:89:59:f7:4e:5f:a2:09:e5:02:82:97:35:5c:b3:
         a4:04:c0:c8:c1:fc:59:58:a8:f3:5c:bb:e7:20:10:fc:bf:18:
         ca:a7:1c:28:de:6a:f6:71:00:dd:e9:2f:6b:96:0f:5c:28:66:
         2a:db:c9:db:53:f2:0b:a0:65:45:09:1a:cd:77:36:30:8e:42:
         dc:7e:0f:27:f5:2a:1d:23:ec:c9:e0:f5:3f:50:33:62:f9:0d:
         4c:8e:fe:9d:32:9d:b5:dd:21:bf:1c:8f:aa:15:7f:4b:88:ea:
         68:88:15:60:0f:58:95:56:b3:ed:9b:58:e2:36:8b:d4:77:f9:
         d7:66:74:ba:3c:02:ed:a0:53:eb:1f:62:34:f6:e4:68:33:8f:
         9b:76:65:97
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAY4tKcLjxux3h6MQsw07Ijj0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMzExMTA1ODE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWMzNzVmM2FmM2I5MTI0MDlkZDgzNjBhNzQwOTEzNTU2OTM3MTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGmdxUsLLCkD/PS9vQXltir5OrqZ
TO5f8OIjnXY2/OmWrJkID/ZdXVGruoVSAm5IPDF9gQ1R6Qb4FEzLAT0usdRuOIf1
zgF86u8exytY+YpFSJkp0c5xGr66msGCcIP6SnFRzWeKtk1nXruWYWRGYNWYhGnS
Z7wI23p30nH/ccFitHEDs1hP3vXKLHUQsv0C3ONFDRvMarGbsuBZ2JcssF/gdl6t
hnrJywYYJlsIkSMvahjOfIX0msjmp/R/bUkfsDBUdmG9BmRABtB48VuVMPnFR4IX
Bq5AS1PBlutE9SGmMk/h1+zJFWC4zlZq5zskBLvjvkmF/QktRVC/LqumpwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFOXDdfOvO5EkCd2DYKdAkTVWk3FBMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEzLzhkMDBj
Mi03MWRiLTRmZWUtYjZjYi1jNzVjNmQyMGQzMmMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTMvOGQwMGMy
LTcxZGItNGZlZS1iNmNiLWM3NWM2ZDIwZDMyYy8xLzVjTjE4Njg3a1NRSjNZTmdw
MENSTlZhVGNVRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNJ7DANBgkqhkiG9w0BAQsFAAOCAQEAJxXmMgVGHAZP
P7E+1qtWnSpc9eRU/sId/8Uy7Xo/xKp8cJFvHtyh66rnsT7JU9ghTzF65aF6UiRT
gk/Fqrm73ouMZxerOE/ncmjH2YEv4DrbwlHkxeuxWTbqgrLMGqLTmGV2bcuNR0I+
R/YJfKayEYlZ905fognlAoKXNVyzpATAyMH8WVio81y75yAQ/L8YyqccKN5q9nEA
3ekva5YPXChmKtvJ21PyC6BlRQkazXc2MI5C3H4PJ/UqHSPsyeD1P1AzYvkNTI7+
nTKdtd0hvxyPqhV/S4jqaIgVYA9YlVaz7ZtY4jaL1Hf512Z0ujwC7aBT6x9iNPbk
aDOPm3Zllw==
-----END CERTIFICATE-----