Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9h_LTRAqGZcioM1qcJfPO5Ic7mI.cer
File:                     9h_LTRAqGZcioM1qcJfPO5Ic7mI.cer (raw, json)
Hash identifier:          S3R7Z+1aIXD4O+WXjwfuJzvV6C9ddZCl8t4uDnjIRgY=
Subject key identifier:   F6:1F:CB:4D:10:2A:19:97:22:A0:CD:6A:70:97:CF:3B:92:1C:EE:62
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56EEEFA01E04A09D6CB5EE19AAB0FFC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7f/9532cf-42d8-48c9-a104-b3f070db819a/1/9h_LTRAqGZcioM1qcJfPO5Ic7mI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7f/9532cf-42d8-48c9-a104-b3f070db819a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:30:30 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 207320

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ee:fa:01:e0:4a:09:d6:cb:5e:e1:9a:ab:0f:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f61fcb4d102a199722a0cd6a7097cf3b921cee62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:74:7b:91:95:a3:91:91:2a:e0:f1:6c:b5:f5:
                    ae:35:3c:b1:62:b0:e6:6f:b5:fb:ca:5c:de:57:59:
                    aa:3b:b5:59:38:9d:8d:35:07:08:b9:02:c1:2e:c3:
                    a6:92:6e:cf:b3:ed:5c:c9:3c:ea:72:25:84:c9:13:
                    e8:02:e6:fd:2e:ae:14:f4:33:4a:22:9e:48:93:c8:
                    e9:11:f6:82:18:e8:a1:a8:a0:3f:31:d5:26:66:63:
                    d5:6a:dc:d6:8a:8d:f2:1b:ef:1d:83:1b:5d:35:b8:
                    00:d8:06:22:d8:5d:d6:e0:ed:cd:20:a3:4a:3b:9b:
                    87:c3:af:0a:b0:29:90:62:6d:98:dd:df:07:ce:30:
                    f5:9d:86:68:83:25:87:5f:03:3d:a8:61:c4:7f:69:
                    b3:df:6a:d0:a1:df:88:3c:93:cc:9b:8f:c3:3e:f9:
                    9b:b1:7c:a0:13:92:a8:30:12:a1:49:25:00:ad:65:
                    54:11:41:60:db:67:5f:97:8a:39:57:16:35:e4:b0:
                    72:4a:ff:11:dd:a8:86:6b:82:a5:2d:98:df:45:ca:
                    e0:31:42:13:54:dd:36:49:46:62:0d:1a:0e:71:a3:
                    bd:2b:8a:48:c3:2a:e3:92:3a:37:53:33:8e:41:f5:
                    8b:16:67:7a:69:70:91:31:3f:3f:97:c4:d3:c8:7b:
                    f4:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:1F:CB:4D:10:2A:19:97:22:A0:CD:6A:70:97:CF:3B:92:1C:EE:62
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/9532cf-42d8-48c9-a104-b3f070db819a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/9532cf-42d8-48c9-a104-b3f070db819a/1/9h_LTRAqGZcioM1qcJfPO5Ic7mI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  207320

    Signature Algorithm: sha256WithRSAEncryption
         70:ea:a4:d5:78:fd:17:57:3e:56:4c:5b:86:3f:ba:c7:63:ea:
         18:9b:09:f3:d3:45:ca:05:86:88:ed:9c:71:61:f8:a7:3e:4e:
         d3:fc:bf:4e:3d:da:b0:d1:78:ba:7e:d2:dc:ca:78:47:5b:15:
         e5:07:a2:ae:58:01:a0:7d:2f:ea:26:38:01:e9:69:b4:c1:8f:
         3c:f0:bb:68:5a:7c:2e:32:04:fc:3b:77:8a:bf:48:ea:ab:cb:
         19:cd:c8:ea:7d:be:67:ec:e1:9b:67:63:91:17:4f:90:86:d4:
         4a:a3:48:c8:71:9b:95:db:87:bc:31:e8:d6:0d:c8:0f:00:32:
         82:01:e6:2f:4a:17:74:3f:92:f3:36:b7:a9:38:2a:73:5e:33:
         4b:d4:c0:cb:a6:51:6c:a2:06:0d:fc:5f:72:bc:26:37:a2:4b:
         19:63:0c:02:67:59:35:91:ea:f0:35:34:68:a3:c4:0b:79:41:
         92:82:de:22:bc:db:ca:3c:4a:26:c2:2f:3f:c8:03:d8:6c:da:
         de:c6:b8:61:c5:6f:54:c9:21:9d:3c:b3:b0:5b:2a:0f:e3:6e:
         cd:32:00:62:54:e2:bf:3f:97:af:80:b0:84:3e:0d:42:05:10:
         cf:bb:94:c8:d2:be:09:ec:9b:ed:08:4f:55:6b:06:dc:05:53:
         58:1f:50:65
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzFbu76AeBKCdbLXuGaqw/8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjFmY2I0ZDEwMmExOTk3MjJhMGNkNmE3MDk3Y2YzYjkyMWNlZTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHR7kZWjkZEq4PFstfWuNTyxYrDm
b7X7ylzeV1mqO7VZOJ2NNQcIuQLBLsOmkm7Ps+1cyTzqciWEyRPoAub9Lq4U9DNK
Ip5Ik8jpEfaCGOihqKA/MdUmZmPVatzWio3yG+8dgxtdNbgA2AYi2F3W4O3NIKNK
O5uHw68KsCmQYm2Y3d8HzjD1nYZogyWHXwM9qGHEf2mz32rQod+IPJPMm4/DPvmb
sXygE5KoMBKhSSUArWVUEUFg22dfl4o5VxY15LBySv8R3aiGa4KlLZjfRcrgMUIT
VN02SUZiDRoOcaO9K4pIwyrjkjo3UzOOQfWLFmd6aXCRMT8/l8TTyHv0DQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFPYfy00QKhmXIqDNanCXzzuSHO5iMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdmLzk1MzJj
Zi00MmQ4LTQ4YzktYTEwNC1iM2YwNzBkYjgxOWEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2YvOTUzMmNm
LTQyZDgtNDhjOS1hMTA0LWIzZjA3MGRiODE5YS8xLzloX0xUUkFxR1pjaW9NMXFj
SmZQTzVJYzdtSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMp2DANBgkqhkiG9w0BAQsFAAOCAQEAcOqk1Xj9F1c+
Vkxbhj+6x2PqGJsJ89NFygWGiO2ccWH4pz5O0/y/Tj3asNF4un7S3Mp4R1sV5Qei
rlgBoH0v6iY4AelptMGPPPC7aFp8LjIE/Dt3ir9I6qvLGc3I6n2+Z+zhm2djkRdP
kIbUSqNIyHGblduHvDHo1g3IDwAyggHmL0oXdD+S8za3qTgqc14zS9TAy6ZRbKIG
DfxfcrwmN6JLGWMMAmdZNZHq8DU0aKPEC3lBkoLeIrzbyjxKJsIvP8gD2Gza3sa4
YcVvVMkhnTyzsFsqD+NuzTIAYlTivz+Xr4CwhD4NQgUQz7uUyNK+Ceyb7QhPVWsG
3AVTWB9QZQ==
-----END CERTIFICATE-----