Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6QYi0fJ5V53qZ1dBXMIs2bpyrL4.cer
File:                     6QYi0fJ5V53qZ1dBXMIs2bpyrL4.cer (raw, json)
Hash identifier:          lU+a1ucRKdkIJYbt7oi+MJmXqVjh4NjDev65QSbT2X4=
Subject key identifier:   E9:06:22:D1:F2:79:57:9D:EA:67:57:41:5C:C2:2C:D9:BA:72:AC:BE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5014E6DFAE0B7FC67D8E215A8649FAC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c5/a6ccf6-2eaf-40ab-82d8-649d21416ba7/1/6QYi0fJ5V53qZ1dBXMIs2bpyrL4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c5/a6ccf6-2eaf-40ab-82d8-649d21416ba7/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:30:46 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 197737

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4e:6d:fa:e0:b7:fc:67:d8:e2:15:a8:64:9f:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e90622d1f279579dea6757415cc22cd9ba72acbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:34:69:c5:ac:6b:6b:f5:50:ec:da:c5:31:5c:
                    16:d1:43:5f:71:f7:1f:65:e4:bc:4b:ce:02:31:02:
                    08:b5:27:fa:bd:80:7d:4f:f1:1a:3f:f7:ac:c7:c2:
                    ef:f9:11:61:6c:8f:2c:6b:0a:1d:01:bb:64:b8:b9:
                    87:60:5e:77:c6:21:db:d4:bd:39:fa:c5:df:3c:b3:
                    17:e4:68:63:71:b7:c1:cd:bd:3d:2c:9d:55:fc:6e:
                    6a:82:f3:56:aa:d2:f4:b7:7e:db:c5:cf:08:81:68:
                    8d:bd:8e:91:4f:52:06:a1:97:f4:28:41:d0:4b:40:
                    d6:91:d8:25:4e:f7:3c:1e:dd:de:4d:9d:4d:90:a1:
                    b1:c4:b7:26:cb:a7:c4:8c:52:aa:3e:a3:bb:be:0b:
                    94:24:83:1f:c8:59:a9:90:30:a0:28:01:05:85:01:
                    d8:57:89:fc:2f:07:3d:9b:e2:35:ff:c8:dc:e0:d6:
                    be:3b:a7:43:d3:c5:45:ad:07:c1:2a:a3:a7:c2:81:
                    21:e6:1d:90:23:d3:ba:55:d9:21:db:41:6f:1f:44:
                    5f:93:bc:11:16:d6:78:a3:d7:5a:91:50:da:3b:55:
                    c2:69:64:46:1a:ab:23:81:b4:7c:f6:2b:f8:ff:d5:
                    6b:c6:d4:c6:83:1d:57:7e:50:89:65:7f:22:fc:2e:
                    64:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:06:22:D1:F2:79:57:9D:EA:67:57:41:5C:C2:2C:D9:BA:72:AC:BE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/a6ccf6-2eaf-40ab-82d8-649d21416ba7/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/a6ccf6-2eaf-40ab-82d8-649d21416ba7/1/6QYi0fJ5V53qZ1dBXMIs2bpyrL4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  197737

    Signature Algorithm: sha256WithRSAEncryption
         11:38:9e:e3:71:0d:17:13:58:05:f6:cf:3f:52:70:1b:8f:00:
         97:cc:4f:2e:ce:ed:8f:3d:45:63:28:3c:59:eb:d1:1a:f0:d3:
         b7:5c:9e:79:60:c8:0d:d0:30:3e:23:a3:a9:48:f4:ef:de:39:
         ee:42:99:7b:83:20:cb:da:a8:4d:dd:d9:89:61:1a:7c:24:e2:
         9e:01:2d:1b:4a:13:3b:22:5d:10:ab:c8:8b:42:eb:b6:7a:8b:
         11:80:30:c9:43:75:da:a1:aa:f8:1e:bc:92:f6:f2:96:fb:c4:
         51:d4:ee:5d:31:13:25:24:75:04:f5:66:fa:0e:cc:40:ff:f7:
         cd:31:53:68:d9:4d:c3:7c:de:00:1c:7b:19:b3:be:91:f6:8f:
         07:55:cf:bf:42:32:2c:94:2d:83:87:09:b3:42:a2:5f:47:d0:
         ee:52:8d:26:69:95:7a:fb:89:31:68:4e:9d:a6:06:16:51:d7:
         9c:90:5f:fd:e8:3b:b9:cb:34:78:a2:97:06:7a:b0:8c:ac:79:
         9e:58:03:0d:0b:ea:d0:33:ed:f4:02:66:aa:b7:58:07:19:16:
         12:89:29:cb:5d:b2:31:cb:36:d7:52:43:8f:7a:1f:cd:62:23:
         ae:4d:89:3b:62:db:fa:97:cb:59:6a:7b:c9:65:13:3f:2e:be:
         19:53:0d:89
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzFAU5t+uC3/GfY4hWoZJ+sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTA2MjJkMWYyNzk1NzlkZWE2NzU3NDE1Y2MyMmNkOWJhNzJhY2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5TRpxaxra/VQ7NrFMVwW0UNfcfcf
ZeS8S84CMQIItSf6vYB9T/EaP/esx8Lv+RFhbI8sawodAbtkuLmHYF53xiHb1L05
+sXfPLMX5GhjcbfBzb09LJ1V/G5qgvNWqtL0t37bxc8IgWiNvY6RT1IGoZf0KEHQ
S0DWkdglTvc8Ht3eTZ1NkKGxxLcmy6fEjFKqPqO7vguUJIMfyFmpkDCgKAEFhQHY
V4n8Lwc9m+I1/8jc4Na+O6dD08VFrQfBKqOnwoEh5h2QI9O6Vdkh20FvH0Rfk7wR
FtZ4o9dakVDaO1XCaWRGGqsjgbR89iv4/9VrxtTGgx1XflCJZX8i/C5kFwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFOkGItHyeVed6mdXQVzCLNm6cqy+MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M1L2E2Y2Nm
Ni0yZWFmLTQwYWItODJkOC02NDlkMjE0MTZiYTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUvYTZjY2Y2
LTJlYWYtNDBhYi04MmQ4LTY0OWQyMTQxNmJhNy8xLzZRWWkwZko1VjUzcVoxZEJY
TUlzMmJweXJMNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMEaTANBgkqhkiG9w0BAQsFAAOCAQEAETie43ENFxNY
BfbPP1JwG48Al8xPLs7tjz1FYyg8WevRGvDTt1yeeWDIDdAwPiOjqUj079457kKZ
e4Mgy9qoTd3ZiWEafCTingEtG0oTOyJdEKvIi0LrtnqLEYAwyUN12qGq+B68kvby
lvvEUdTuXTETJSR1BPVm+g7MQP/3zTFTaNlNw3zeABx7GbO+kfaPB1XPv0IyLJQt
g4cJs0KiX0fQ7lKNJmmVevuJMWhOnaYGFlHXnJBf/eg7ucs0eKKXBnqwjKx5nlgD
DQvq0DPt9AJmqrdYBxkWEokpy12yMcs211JDj3ofzWIjrk2JO2Lb+pfLWWp7yWUT
Py6+GVMNiQ==
-----END CERTIFICATE-----