Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5u1ytGvobGVNWMkwUUpfQ7SkTuI.cer
File:                     5u1ytGvobGVNWMkwUUpfQ7SkTuI.cer (raw, json)
Hash identifier:          MDM7zql3PmrbBfkxDlxHnyCYK0yv6GV/vuc/Jg+KOPw=
Subject key identifier:   E6:ED:72:B4:6B:E8:6C:65:4D:58:C9:30:51:4A:5F:43:B4:A4:4E:E2
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC424C852AC368425E2B27C44117982AC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f9/f8c657-2d5e-46c9-bebc-d8432a2753eb/1/5u1ytGvobGVNWMkwUUpfQ7SkTuI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f9/f8c657-2d5e-46c9-bebc-d8432a2753eb/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 08:29:54 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 212104

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 08:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:c8:52:ac:36:84:25:e2:b2:7c:44:11:79:82:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 08:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6ed72b46be86c654d58c930514a5f43b4a44ee2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:41:5a:99:c3:18:d9:dd:76:e0:0f:e7:68:9f:
                    fe:ee:53:9d:85:12:20:ea:ee:85:2e:c1:f2:df:a2:
                    b9:8b:89:13:81:3b:1e:4b:c6:2a:0a:0b:8d:75:91:
                    be:4e:16:60:e6:79:df:03:66:9f:df:2f:fd:c3:27:
                    d7:82:bd:21:1f:5d:5b:ce:21:4c:b8:0d:bf:b8:49:
                    76:1e:a3:6b:a8:f7:12:47:f7:32:60:f3:a5:53:f0:
                    ae:91:50:49:3f:9e:12:32:2c:b0:1d:03:f1:80:a8:
                    ee:60:ba:f3:6e:47:3e:47:62:71:3d:d7:38:4d:30:
                    e4:e8:54:0e:3c:54:73:a2:12:28:35:20:53:03:fc:
                    0e:a3:f1:81:7e:9f:eb:1b:be:49:ec:ae:36:25:db:
                    b7:d9:17:bf:af:97:b4:5e:a7:4f:51:34:f5:d1:b4:
                    26:be:e0:1f:e7:74:2b:a0:09:a4:d5:bf:83:0d:71:
                    41:1f:a3:aa:eb:a9:fe:c9:25:a6:1a:cc:c9:16:da:
                    97:f3:74:00:8f:89:ec:ef:3f:f4:0d:38:b3:d8:18:
                    e2:ec:17:c0:54:14:f6:dd:fe:86:35:b6:f6:cf:b9:
                    59:0f:72:7a:c5:6c:bd:28:de:3e:3b:0a:bc:d3:cc:
                    e0:7a:70:ac:b3:80:36:34:04:6b:6d:7b:e4:42:9b:
                    72:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:ED:72:B4:6B:E8:6C:65:4D:58:C9:30:51:4A:5F:43:B4:A4:4E:E2
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/f8c657-2d5e-46c9-bebc-d8432a2753eb/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/f8c657-2d5e-46c9-bebc-d8432a2753eb/1/5u1ytGvobGVNWMkwUUpfQ7SkTuI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  212104

    Signature Algorithm: sha256WithRSAEncryption
         9a:3f:ea:c7:cf:84:b2:7c:1b:07:b9:de:e6:1f:08:c4:4d:5d:
         58:56:63:18:9f:d2:26:a5:d6:52:80:28:d6:36:3e:fb:86:a9:
         57:47:ea:53:e5:ac:97:08:d3:54:ec:53:32:03:2b:e9:0c:de:
         cd:e5:8b:23:bd:9b:23:69:26:2a:bc:13:57:87:67:69:6d:4a:
         29:a3:71:02:8b:75:a3:7e:26:4f:9d:8d:76:d5:3b:35:e6:67:
         b3:d6:e1:8c:6a:1e:57:53:30:53:48:4e:af:7f:f2:59:2f:ca:
         97:39:ee:45:b6:2e:80:71:db:fa:68:d4:c4:38:d6:42:41:a0:
         64:ef:1f:71:5e:2e:d1:dd:4b:74:20:13:fd:10:bc:8c:83:5a:
         eb:66:59:3e:3a:e1:c9:7d:2d:d1:8d:91:10:73:7d:b5:ea:4a:
         26:24:d9:ac:35:ec:3d:6b:22:55:31:f1:b5:ef:49:d4:b8:24:
         7e:b3:a9:4e:3a:19:06:d6:f2:e2:39:c9:c1:31:00:89:03:71:
         b6:ee:59:39:33:9a:63:c5:19:22:f7:50:87:a1:07:2f:92:cd:
         5d:f2:55:9c:da:07:8f:6b:4b:19:da:03:0a:79:df:e3:c4:9a:
         df:55:d0:49:e5:a0:57:0f:bd:9c:36:5f:f5:4a:c4:be:fb:59:
         6e:12:b0:cb
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzEJMhSrDaEJeKyfEQReYKsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDgyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmVkNzJiNDZiZTg2YzY1NGQ1OGM5MzA1MTRhNWY0M2I0YTQ0ZWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkFamcMY2d124A/naJ/+7lOdhRIg
6u6FLsHy36K5i4kTgTseS8YqCguNdZG+ThZg5nnfA2af3y/9wyfXgr0hH11bziFM
uA2/uEl2HqNrqPcSR/cyYPOlU/CukVBJP54SMiywHQPxgKjuYLrzbkc+R2JxPdc4
TTDk6FQOPFRzohIoNSBTA/wOo/GBfp/rG75J7K42Jdu32Re/r5e0XqdPUTT10bQm
vuAf53QroAmk1b+DDXFBH6Oq66n+ySWmGszJFtqX83QAj4ns7z/0DTiz2Bji7BfA
VBT23f6GNbb2z7lZD3J6xWy9KN4+Owq808zgenCss4A2NARrbXvkQptygQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFObtcrRr6GxlTVjJMFFKX0O0pE7iMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y5L2Y4YzY1
Ny0yZDVlLTQ2YzktYmViYy1kODQzMmEyNzUzZWIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjkvZjhjNjU3
LTJkNWUtNDZjOS1iZWJjLWQ4NDMyYTI3NTNlYi8xLzV1MXl0R3ZvYkdWTldNa3dV
VXBmUTdTa1R1SS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM8iDANBgkqhkiG9w0BAQsFAAOCAQEAmj/qx8+Esnwb
B7ne5h8IxE1dWFZjGJ/SJqXWUoAo1jY++4apV0fqU+WslwjTVOxTMgMr6QzezeWL
I72bI2kmKrwTV4dnaW1KKaNxAot1o34mT52NdtU7NeZns9bhjGoeV1MwU0hOr3/y
WS/KlznuRbYugHHb+mjUxDjWQkGgZO8fcV4u0d1LdCAT/RC8jINa62ZZPjrhyX0t
0Y2REHN9tepKJiTZrDXsPWsiVTHxte9J1LgkfrOpTjoZBtby4jnJwTEAiQNxtu5Z
OTOaY8UZIvdQh6EHL5LNXfJVnNoHj2tLGdoDCnnf48Sa31XQSeWgVw+9nDZf9UrE
vvtZbhKwyw==
-----END CERTIFICATE-----