Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5wb8lykDS_sEZN1MmF8UuiEOgeM.cer
File:                     5wb8lykDS_sEZN1MmF8UuiEOgeM.cer (raw, json)
Hash identifier:          DMqzI6PJ5wIAVfJG/f9LgQ9vltXgpTv5rRbPOLjuZG0=
Subject key identifier:   E7:06:FC:97:29:03:4B:FB:04:64:DD:4C:98:5F:14:BA:21:0E:81:E3
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC26D5777F51AF6D77EFF6F7917143323
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/64/476383-f6da-4e0e-8e12-d2dcf05d3376/1/5wb8lykDS_sEZN1MmF8UuiEOgeM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/64/476383-f6da-4e0e-8e12-d2dcf05d3376/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 00:29:54 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 48391
                          IP: 193.200.148.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Apr 2024 17:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:57:77:f5:1a:f6:d7:7e:ff:6f:79:17:14:33:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e706fc9729034bfb0464dd4c985f14ba210e81e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:db:54:57:5e:3c:b3:e1:ca:21:b9:a3:10:58:
                    67:7c:d7:be:08:b8:43:42:24:36:b1:3d:e5:80:32:
                    d0:77:bd:50:25:9a:92:e9:e0:4d:24:ca:4f:3e:24:
                    5c:df:a9:bb:f7:fc:6a:43:37:68:20:d4:2b:fa:70:
                    3f:f2:d3:e5:a8:dc:96:94:ec:a0:71:b9:fa:00:6b:
                    d8:39:9d:aa:1b:6e:ac:7b:15:ee:67:5e:ca:79:aa:
                    70:61:13:a5:d5:b0:60:d5:4d:66:b5:70:6c:e0:01:
                    cb:ee:d1:fe:54:ef:8e:93:bf:a1:8c:6a:87:19:8b:
                    08:c5:41:a7:4b:28:d2:b2:2b:7e:16:fe:46:44:2d:
                    f1:7f:55:31:0d:fc:ac:93:72:2f:d3:63:3e:17:16:
                    de:8e:df:3b:98:f7:cb:e0:d2:21:e1:c5:51:ce:8a:
                    7c:f6:35:c2:b7:33:fd:c6:e1:82:6c:50:ee:f6:2b:
                    2b:11:34:9f:74:98:7d:df:76:56:b9:c1:a2:8a:d8:
                    27:23:2f:23:aa:5b:54:64:ca:2e:55:78:5b:bf:67:
                    cc:a7:60:97:60:bf:c3:a0:28:4a:1f:3e:bc:26:61:
                    0b:74:d0:95:77:72:20:84:47:33:5f:f5:0d:22:69:
                    47:69:e2:d6:ec:2f:3b:8c:39:4e:3a:e0:0a:13:43:
                    b2:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:06:FC:97:29:03:4B:FB:04:64:DD:4C:98:5F:14:BA:21:0E:81:E3
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/476383-f6da-4e0e-8e12-d2dcf05d3376/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/476383-f6da-4e0e-8e12-d2dcf05d3376/1/5wb8lykDS_sEZN1MmF8UuiEOgeM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.148.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  48391

    Signature Algorithm: sha256WithRSAEncryption
         0a:8d:c6:5f:39:8b:1b:e8:86:16:77:ea:78:42:6f:69:4c:8e:
         cf:9c:fe:41:4b:14:9b:06:2d:a7:71:18:a0:b0:33:df:13:b4:
         48:ce:04:2a:2c:8c:21:29:f9:fe:63:60:8d:12:1c:77:45:6b:
         8a:9c:17:ec:d4:64:d6:ce:f6:f4:f2:2b:96:7e:22:bc:04:27:
         99:de:1c:c7:72:41:b9:bb:7c:12:15:e4:51:5f:db:e7:a9:62:
         75:20:43:6f:38:01:03:74:b8:19:76:63:bb:30:b2:65:80:55:
         66:54:e2:28:86:cb:dc:d3:31:fd:48:09:37:ca:ec:c5:ce:47:
         cb:4f:5e:e1:f3:34:cf:d0:8c:51:6f:5c:70:a8:57:eb:de:d6:
         4e:47:db:c3:35:00:80:a7:14:21:2a:95:a8:b0:6a:75:c4:44:
         50:ed:67:a1:3a:1e:12:43:af:62:c3:63:0f:d7:3b:d2:fe:b3:
         0f:50:82:f1:15:72:00:6e:5e:e1:62:10:10:e8:3b:61:08:2f:
         d4:17:45:cb:a1:57:12:ff:93:89:32:4f:e3:2c:f3:5c:b6:3e:
         f1:8e:8b:0a:91:4a:10:8f:32:14:5e:10:3a:9f:cb:d8:8f:7c:
         53:36:e7:9c:27:82:68:18:07:bb:70:cd:ee:29:a1:63:e4:27:
         7f:93:28:d2
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzCbVd39Rr2137/b3kXFDMjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDAyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzA2ZmM5NzI5MDM0YmZiMDQ2NGRkNGM5ODVmMTRiYTIxMGU4MWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvttUV148s+HKIbmjEFhnfNe+CLhD
QiQ2sT3lgDLQd71QJZqS6eBNJMpPPiRc36m79/xqQzdoINQr+nA/8tPlqNyWlOyg
cbn6AGvYOZ2qG26sexXuZ17KeapwYROl1bBg1U1mtXBs4AHL7tH+VO+Ok7+hjGqH
GYsIxUGnSyjSsit+Fv5GRC3xf1UxDfysk3Iv02M+Fxbejt87mPfL4NIh4cVRzop8
9jXCtzP9xuGCbFDu9isrETSfdJh933ZWucGiitgnIy8jqltUZMouVXhbv2fMp2CX
YL/DoChKHz68JmELdNCVd3IghEczX/UNImlHaeLW7C87jDlOOuAKE0OyzQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFOcG/JcpA0v7BGTdTJhfFLohDoHjMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzY0LzQ3NjM4
My1mNmRhLTRlMGUtOGUxMi1kMmRjZjA1ZDMzNzYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjQvNDc2Mzgz
LWY2ZGEtNGUwZS04ZTEyLWQyZGNmMDVkMzM3Ni8xLzV3YjhseWtEU19zRVpOMU1t
RjhVdWlFT2dlTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwciUMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwC9BzANBgkqhkiG9w0BAQsFAAOCAQEACo3GXzmLG+iGFnfqeEJvaUyOz5z+QUsU
mwYtp3EYoLAz3xO0SM4EKiyMISn5/mNgjRIcd0VripwX7NRk1s729PIrln4ivAQn
md4cx3JBubt8EhXkUV/b56lidSBDbzgBA3S4GXZjuzCyZYBVZlTiKIbL3NMx/UgJ
N8rsxc5Hy09e4fM0z9CMUW9ccKhX697WTkfbwzUAgKcUISqVqLBqdcREUO1noToe
EkOvYsNjD9c70v6zD1CC8RVyAG5e4WIQEOg7YQgv1BdFy6FXEv+TiTJP4yzzXLY+
8Y6LCpFKEI8yFF4QOp/L2I98UzbnnCeCaBgHu3DN7imhY+Qnf5Mo0g==
-----END CERTIFICATE-----