Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/C8cxNTcx0n2JxXgoVGnGjF1XrQk.cer
File:                     C8cxNTcx0n2JxXgoVGnGjF1XrQk.cer (raw, json)
Hash identifier:          F+sKWlm8oaUovPuF4YEgt34TNwbZ6LjaF8L1HghSe7c=
Subject key identifier:   0B:C7:31:35:37:31:D2:7D:89:C5:78:28:54:69:C6:8C:5D:57:AD:09
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC7266C4A1EBDFEB4EFD3E0A8FD4E31BF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/43/4946d9-bdb6-45b4-9a9c-4abe6550920a/1/C8cxNTcx0n2JxXgoVGnGjF1XrQk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/43/4946d9-bdb6-45b4-9a9c-4abe6550920a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 22:30:33 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 197411

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:6c:4a:1e:bd:fe:b4:ef:d3:e0:a8:fd:4e:31:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0bc731353731d27d89c578285469c68c5d57ad09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f7:a5:e3:05:b5:f7:e5:71:07:0e:5b:b3:d2:
                    7a:8d:57:a7:d3:d7:5a:02:e2:f4:6a:b1:b2:38:20:
                    68:66:fb:c1:ed:bf:54:5a:ff:52:29:2f:02:68:b4:
                    48:b4:16:3c:1e:1a:d4:b2:a9:0e:51:ed:d6:bd:41:
                    96:6d:c8:09:a2:b3:27:4c:4b:dc:e2:da:d2:38:65:
                    14:4d:3b:fc:9b:78:45:00:fe:47:5e:34:41:f2:85:
                    61:bb:ae:3f:18:6a:ca:18:3e:46:f2:13:ea:09:10:
                    d4:b9:bc:ce:ba:3c:3b:87:55:4c:38:4e:76:22:f0:
                    a9:92:b1:9f:80:8c:b3:a1:0e:db:1c:60:33:d9:94:
                    a8:07:fb:6f:90:42:92:6c:47:65:f5:47:05:fe:a8:
                    a7:db:fb:18:36:3a:50:61:11:d4:3c:e4:29:4d:ff:
                    e9:7d:96:ed:f2:1c:e5:ea:08:93:5a:af:72:2d:39:
                    49:35:fa:01:57:f8:e6:24:0c:b1:48:ee:a6:69:75:
                    4b:fb:4c:5b:9e:1a:72:d0:e4:3c:62:f5:df:f7:67:
                    35:74:6b:ad:1c:8a:56:d3:e6:3b:44:f9:a6:f3:62:
                    0d:f3:2d:ee:43:1e:49:29:d4:bd:68:64:e2:68:4d:
                    34:8c:16:c9:84:9a:12:a7:54:ea:34:4f:2b:9b:f4:
                    82:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:C7:31:35:37:31:D2:7D:89:C5:78:28:54:69:C6:8C:5D:57:AD:09
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/4946d9-bdb6-45b4-9a9c-4abe6550920a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/4946d9-bdb6-45b4-9a9c-4abe6550920a/1/C8cxNTcx0n2JxXgoVGnGjF1XrQk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  197411

    Signature Algorithm: sha256WithRSAEncryption
         4c:68:2f:7b:7e:3e:78:5d:b0:00:08:da:8e:7b:c3:92:7c:8b:
         9a:ca:4a:91:cd:2d:9d:03:5b:53:bd:38:15:67:ef:7a:dc:47:
         94:bc:e8:24:e1:2e:cb:f4:a2:c1:c6:b9:22:2a:c4:12:f4:81:
         cf:09:3d:a1:b6:5f:6c:82:74:f1:65:6d:7f:45:23:b1:01:37:
         fd:49:27:d3:79:e9:61:63:0f:4b:4d:22:4e:76:a5:b4:be:0a:
         81:cc:bd:51:8e:39:aa:c7:d5:db:f0:ff:03:5e:c7:c9:ad:36:
         ea:9a:38:bc:c0:7b:e8:6d:28:94:51:6c:56:42:05:19:d3:9a:
         29:ed:11:ff:1d:8c:57:1f:29:76:ef:a4:e6:97:f5:f5:d6:9c:
         3c:87:80:fd:f1:be:20:10:59:73:5e:ee:7e:4c:d2:ee:5b:07:
         fb:94:81:69:a1:b5:17:89:ad:1f:3a:3f:fa:e8:1c:e8:52:80:
         af:68:33:bc:c9:33:f4:f0:2e:8e:14:a7:dd:d9:82:5c:ab:51:
         49:d6:cb:3f:da:56:9c:c6:ce:1d:0c:7c:74:9a:0b:d8:09:cd:
         a8:b6:e5:4d:12:a2:0f:24:6d:d9:50:b4:d5:ef:cd:b6:eb:11:
         52:7d:bb:7f:1b:18:45:7b:0e:99:fd:04:15:ff:8f:91:5b:5a:
         3f:81:93:7a
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzHJmxKHr3+tO/T4Kj9TjG/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjIzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmM3MzEzNTM3MzFkMjdkODljNTc4Mjg1NDY5YzY4YzVkNTdhZDA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvel4wW19+VxBw5bs9J6jVen09da
AuL0arGyOCBoZvvB7b9UWv9SKS8CaLRItBY8HhrUsqkOUe3WvUGWbcgJorMnTEvc
4trSOGUUTTv8m3hFAP5HXjRB8oVhu64/GGrKGD5G8hPqCRDUubzOujw7h1VMOE52
IvCpkrGfgIyzoQ7bHGAz2ZSoB/tvkEKSbEdl9UcF/qin2/sYNjpQYRHUPOQpTf/p
fZbt8hzl6giTWq9yLTlJNfoBV/jmJAyxSO6maXVL+0xbnhpy0OQ8YvXf92c1dGut
HIpW0+Y7RPmm82IN8y3uQx5JKdS9aGTiaE00jBbJhJoSp1TqNE8rm/SCwwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFAvHMTU3MdJ9icV4KFRpxoxdV60JMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQzLzQ5NDZk
OS1iZGI2LTQ1YjQtOWE5Yy00YWJlNjU1MDkyMGEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDMvNDk0NmQ5
LWJkYjYtNDViNC05YTljLTRhYmU2NTUwOTIwYS8xL0M4Y3hOVGN4MG4ySnhYZ29W
R25HakYxWHJRay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMDIzANBgkqhkiG9w0BAQsFAAOCAQEATGgve34+eF2w
AAjajnvDknyLmspKkc0tnQNbU704FWfvetxHlLzoJOEuy/Siwca5IirEEvSBzwk9
obZfbIJ08WVtf0UjsQE3/Ukn03npYWMPS00iTnaltL4Kgcy9UY45qsfV2/D/A17H
ya026po4vMB76G0olFFsVkIFGdOaKe0R/x2MVx8pdu+k5pf19dacPIeA/fG+IBBZ
c17ufkzS7lsH+5SBaaG1F4mtHzo/+ugc6FKAr2gzvMkz9PAujhSn3dmCXKtRSdbL
P9pWnMbOHQx8dJoL2AnNqLblTRKiDyRt2VC01e/NtusRUn27fxsYRXsOmf0EFf+P
kVtaP4GTeg==
-----END CERTIFICATE-----