Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5xHIkR7brjbfGoC76BSyWg-UOfo.cer
File:                     5xHIkR7brjbfGoC76BSyWg-UOfo.cer (raw, json)
Hash identifier:          ukxXp5BKpbAzVrC0cUnHshPidcqctBEzmQe/ABB5q+8=
Subject key identifier:   E7:11:C8:91:1E:DB:AE:36:DF:1A:80:BB:E8:14:B2:5A:0F:94:39:FA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC9BCB11B97E97CA1C6D610D18D381EA2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fe/aafc15-1e79-4fe9-9fad-03a4dd4a9156/1/5xHIkR7brjbfGoC76BSyWg-UOfo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fe/aafc15-1e79-4fe9-9fad-03a4dd4a9156/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 10:33:55 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 41464
                          IP: 194.9.46.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Dec 2024 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:b1:1b:97:e9:7c:a1:c6:d6:10:d1:8d:38:1e:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 10:33:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e711c8911edbae36df1a80bbe814b25a0f9439fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d1:62:43:e9:a9:ee:6d:d2:be:e2:32:28:8c:
                    de:0e:31:87:1a:dc:dc:fd:4a:47:3c:82:8a:99:3d:
                    ee:b0:f8:5e:f4:6a:e2:44:99:81:ce:98:1a:fc:0d:
                    ad:33:96:30:be:92:bd:54:a8:07:fa:fe:f4:48:dd:
                    0f:61:f7:ad:5f:52:66:67:5d:bb:ac:9f:5e:4b:43:
                    71:76:fe:c1:ef:25:52:56:16:15:3f:9e:b1:fe:ae:
                    e8:3b:66:28:c0:e8:89:be:06:92:dd:eb:b7:b1:2d:
                    47:6d:5b:8b:0d:04:3b:19:7a:ff:10:84:b0:9b:a1:
                    34:81:c9:84:a7:ea:6e:56:69:61:21:43:b4:af:59:
                    96:cf:e3:15:8d:b7:a0:74:d9:f6:8b:74:f1:af:5d:
                    68:74:17:b1:33:54:87:bf:d3:43:24:94:e9:6b:b9:
                    10:b9:14:b0:95:e3:f9:98:b1:92:a4:03:ea:af:78:
                    5a:0e:dd:ef:57:28:24:56:ff:ad:1d:80:29:6d:39:
                    b6:57:41:68:19:7c:57:00:34:16:ca:52:96:84:95:
                    f2:62:0c:8a:c3:de:17:5b:3f:ba:e1:83:e6:35:40:
                    35:9f:2a:34:f4:01:59:7e:b7:c3:99:ab:de:ef:96:
                    1b:8b:4b:cc:e2:4c:68:c2:f5:d4:39:a0:4c:db:24:
                    01:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:11:C8:91:1E:DB:AE:36:DF:1A:80:BB:E8:14:B2:5A:0F:94:39:FA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/aafc15-1e79-4fe9-9fad-03a4dd4a9156/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/aafc15-1e79-4fe9-9fad-03a4dd4a9156/1/5xHIkR7brjbfGoC76BSyWg-UOfo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.46.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  41464

    Signature Algorithm: sha256WithRSAEncryption
         37:60:7f:1b:29:38:22:d3:9c:9d:f0:7f:18:10:48:31:0c:d7:
         dd:c8:91:ee:c1:fd:6f:89:35:48:a2:8f:86:04:fa:79:7d:1f:
         1c:c1:db:09:98:41:2c:e8:11:68:49:3f:1d:cc:b2:54:54:be:
         90:82:1b:aa:70:52:de:34:26:99:63:79:f2:1a:37:bf:8a:52:
         c6:b0:35:95:8d:37:f9:64:d3:e1:34:d6:3f:4a:ca:fd:f2:9b:
         67:eb:eb:57:49:8e:22:00:03:c7:65:7d:24:a5:8e:b1:4c:a5:
         63:91:bf:dd:24:73:8b:35:75:7c:25:29:77:de:e5:44:15:33:
         31:4b:1f:45:36:b1:07:24:46:e8:f1:15:f4:53:6b:e3:12:2b:
         fe:3b:a6:ed:62:ad:1e:18:2b:b8:bb:66:9f:21:18:40:cb:ba:
         a1:c9:ed:ac:ce:5e:d4:1c:35:bf:9e:72:c9:8b:d2:7b:00:2c:
         1c:90:26:2d:c7:12:92:dc:dc:44:eb:8c:67:37:96:91:3c:26:
         d4:2d:06:87:d2:b5:16:5c:cc:90:a3:0b:7c:03:2e:93:5a:1b:
         d7:91:46:27:0a:76:fb:37:26:a0:0e:e7:7b:fb:69:fe:ee:ca:
         7e:cb:40:dd:6c:b3:f5:08:71:b2:ff:e5:15:c7:4d:b6:c6:69:
         ac:db:31:82
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzJvLEbl+l8ocbWENGNOB6iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTAzMzU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzExYzg5MTFlZGJhZTM2ZGYxYTgwYmJlODE0YjI1YTBmOTQzOWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9FiQ+mp7m3SvuIyKIzeDjGHGtzc
/UpHPIKKmT3usPhe9GriRJmBzpga/A2tM5YwvpK9VKgH+v70SN0PYfetX1JmZ127
rJ9eS0Nxdv7B7yVSVhYVP56x/q7oO2YowOiJvgaS3eu3sS1HbVuLDQQ7GXr/EISw
m6E0gcmEp+puVmlhIUO0r1mWz+MVjbegdNn2i3Txr11odBexM1SHv9NDJJTpa7kQ
uRSwleP5mLGSpAPqr3haDt3vVygkVv+tHYApbTm2V0FoGXxXADQWylKWhJXyYgyK
w94XWz+64YPmNUA1nyo09AFZfrfDmave75Ybi0vM4kxowvXUOaBM2yQB2wIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFOcRyJEe26423xqAu+gUsloPlDn6MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZlL2FhZmMx
NS0xZTc5LTRmZTktOWZhZC0wM2E0ZGQ0YTkxNTYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmUvYWFmYzE1
LTFlNzktNGZlOS05ZmFkLTAzYTRkZDRhOTE1Ni8xLzV4SElrUjdicmpiZkdvQzc2
QlN5V2ctVU9mby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBwgkuMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCh+DANBgkqhkiG9w0BAQsFAAOCAQEAN2B/Gyk4ItOcnfB/GBBIMQzX3ciR7sH9
b4k1SKKPhgT6eX0fHMHbCZhBLOgRaEk/HcyyVFS+kIIbqnBS3jQmmWN58ho3v4pS
xrA1lY03+WTT4TTWP0rK/fKbZ+vrV0mOIgADx2V9JKWOsUylY5G/3SRzizV1fCUp
d97lRBUzMUsfRTaxByRG6PEV9FNr4xIr/jum7WKtHhgruLtmnyEYQMu6ocntrM5e
1Bw1v55yyYvSewAsHJAmLccSktzcROuMZzeWkTwm1C0Gh9K1FlzMkKMLfAMuk1ob
15FGJwp2+zcmoA7ne/tp/u7KfstA3Wyz9Qhxsv/lFcdNtsZprNsxgg==
-----END CERTIFICATE-----