Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/C5aPKuJz2wxoYOdQSAKWhc6-9EM.cer
File:                     C5aPKuJz2wxoYOdQSAKWhc6-9EM.cer (raw, json)
Hash identifier:          6TNJOy0ycWigVvCDBEmg9cUwdnwZodzXTzJ6boKuNe0=
Subject key identifier:   0B:96:8F:2A:E2:73:DB:0C:68:60:E7:50:48:02:96:85:CE:BE:F4:43
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC79411F5B8AFE5EED8C68E9F0940B7BA
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/76/fef866-d56e-4309-bb39-278b0c20337a/1/C5aPKuJz2wxoYOdQSAKWhc6-9EM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/76/fef866-d56e-4309-bb39-278b0c20337a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:30:19 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 44072

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 25 Apr 2024 02:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:11:f5:b8:af:e5:ee:d8:c6:8e:9f:09:40:b7:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b968f2ae273db0c6860e75048029685cebef443
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:dc:09:d0:e8:ac:83:65:64:3b:98:89:42:e4:
                    a1:ff:a5:10:d0:2d:a7:a6:af:62:5a:ab:e2:21:fe:
                    df:a5:d9:8b:69:0a:a4:ab:ac:5c:f2:af:2b:1a:33:
                    f2:8b:95:ea:5a:12:03:c7:89:8a:f9:5b:d4:35:56:
                    78:43:fd:51:ec:bd:cd:44:77:7a:ff:10:8a:57:d4:
                    88:7c:f5:bd:e4:ef:62:45:1a:5f:64:cb:db:82:99:
                    7f:81:d1:14:fb:fe:86:d1:b2:70:c4:97:e3:5a:32:
                    b5:10:b2:6a:f0:71:14:b0:f0:3f:be:18:8e:ee:57:
                    09:dd:8c:d9:55:2e:c3:4d:04:07:75:e2:0a:ea:ff:
                    8a:41:6c:22:4f:06:dc:ca:7b:ef:4a:85:d6:2e:1e:
                    14:d7:42:50:7d:1a:ec:31:82:08:cb:a9:1f:34:d2:
                    e2:02:e7:56:08:1a:5e:b4:7f:14:96:72:67:c3:63:
                    71:63:26:61:5d:20:2f:c5:9d:26:db:25:ab:f9:98:
                    2d:10:cd:76:10:30:a8:f4:ed:cf:6b:c3:ad:0b:49:
                    a6:d0:c5:16:9b:2b:cc:16:31:26:b9:ed:f0:ef:58:
                    a0:7d:d8:8a:1c:e9:2d:81:e4:8a:34:c4:68:23:44:
                    6a:97:b4:59:54:c0:a9:ab:26:33:50:2e:0a:7d:46:
                    a4:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:96:8F:2A:E2:73:DB:0C:68:60:E7:50:48:02:96:85:CE:BE:F4:43
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/fef866-d56e-4309-bb39-278b0c20337a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/fef866-d56e-4309-bb39-278b0c20337a/1/C5aPKuJz2wxoYOdQSAKWhc6-9EM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  44072

    Signature Algorithm: sha256WithRSAEncryption
         53:bf:df:12:d6:8e:77:f2:ad:cd:f7:fd:a1:a2:ea:6d:e3:a0:
         14:f9:a6:43:b3:11:46:37:c6:16:7a:ea:7e:25:e6:fa:dc:7a:
         3d:5d:7d:21:77:24:8a:0f:ee:a0:5b:89:93:ee:41:c6:07:60:
         4e:a2:b7:1a:68:16:54:46:23:46:42:4d:7a:a8:17:d8:d4:11:
         d0:63:1d:48:17:9a:27:2e:75:fa:92:c2:67:af:ff:55:02:90:
         23:2f:f5:36:06:f5:e3:0e:0c:6d:b6:9a:c1:12:69:86:06:c7:
         f7:ee:30:16:7d:75:24:57:d1:e5:fe:93:7f:84:5b:92:b2:e0:
         f6:22:da:44:f2:30:85:5d:e5:bd:9a:23:c2:57:f5:dd:86:f4:
         5c:3c:6e:b4:21:ab:f5:01:65:cb:a5:05:89:00:b5:f0:4b:ea:
         c2:db:1b:1e:19:51:30:98:f6:56:7f:7b:a4:d9:9d:12:f6:c5:
         95:f9:a7:a0:aa:8b:89:8a:d5:bd:1d:b1:95:f7:1d:da:d8:16:
         ba:a9:86:7f:56:7b:5a:48:79:f7:35:bf:4c:23:89:e1:d5:c2:
         e3:09:85:8f:c0:c8:b2:ad:61:30:06:bf:61:70:6e:9b:81:cc:
         05:22:f5:f2:6b:f1:05:53:b7:68:2d:a5:fd:d6:bb:b0:ce:36:
         f5:13:27:5d
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzHlBH1uK/l7tjGjp8JQLe6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjk2OGYyYWUyNzNkYjBjNjg2MGU3NTA0ODAyOTY4NWNlYmVmNDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptwJ0Oisg2VkO5iJQuSh/6UQ0C2n
pq9iWqviIf7fpdmLaQqkq6xc8q8rGjPyi5XqWhIDx4mK+VvUNVZ4Q/1R7L3NRHd6
/xCKV9SIfPW95O9iRRpfZMvbgpl/gdEU+/6G0bJwxJfjWjK1ELJq8HEUsPA/vhiO
7lcJ3YzZVS7DTQQHdeIK6v+KQWwiTwbcynvvSoXWLh4U10JQfRrsMYIIy6kfNNLi
AudWCBpetH8UlnJnw2NxYyZhXSAvxZ0m2yWr+ZgtEM12EDCo9O3Pa8OtC0mm0MUW
myvMFjEmue3w71igfdiKHOktgeSKNMRoI0Rql7RZVMCpqyYzUC4KfUak3QIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFAuWjyric9sMaGDnUEgCloXOvvRDMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc2L2ZlZjg2
Ni1kNTZlLTQzMDktYmIzOS0yNzhiMGMyMDMzN2EvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzYvZmVmODY2
LWQ1NmUtNDMwOS1iYjM5LTI3OGIwYzIwMzM3YS8xL0M1YVBLdUp6Mnd4b1lPZFFT
QUtXaGM2LTlFTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwCsKDANBgkqhkiG9w0BAQsFAAOCAQEAU7/fEtaOd/Kt
zff9oaLqbeOgFPmmQ7MRRjfGFnrqfiXm+tx6PV19IXckig/uoFuJk+5BxgdgTqK3
GmgWVEYjRkJNeqgX2NQR0GMdSBeaJy51+pLCZ6//VQKQIy/1Ngb14w4MbbaawRJp
hgbH9+4wFn11JFfR5f6Tf4RbkrLg9iLaRPIwhV3lvZojwlf13Yb0XDxutCGr9QFl
y6UFiQC18EvqwtsbHhlRMJj2Vn97pNmdEvbFlfmnoKqLiYrVvR2xlfcd2tgWuqmG
f1Z7Wkh59zW/TCOJ4dXC4wmFj8DIsq1hMAa/YXBum4HMBSL18mvxBVO3aC2l/da7
sM429RMnXQ==
-----END CERTIFICATE-----