Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/CBSas_GOw-02_yqB1ImvEGmcs5I.cer
File:                     CBSas_GOw-02_yqB1ImvEGmcs5I.cer (raw, json)
Hash identifier:          yMJcxWRBSPOLg/M5jQ4qB8w0URK1PgnAU6ATmnnjOOA=
Subject key identifier:   08:14:9A:B3:F1:8E:C3:ED:36:FF:2A:81:D4:89:AF:10:69:9C:B3:92
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC9BC84915D842DE5A32E5F8A455E488A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2c/911a25-a383-48c2-bf63-d87112ca99ae/1/CBSas_GOw-02_yqB1ImvEGmcs5I.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2c/911a25-a383-48c2-bf63-d87112ca99ae/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 10:33:44 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.141.107.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Apr 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:84:91:5d:84:2d:e5:a3:2e:5f:8a:45:5e:48:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 10:33:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08149ab3f18ec3ed36ff2a81d489af10699cb392
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:d9:a5:0a:b3:2e:82:4c:bc:78:69:4d:64:eb:
                    e9:25:a2:a0:c4:d2:70:61:3a:95:0f:d1:0b:26:e4:
                    91:44:19:37:17:0d:a5:15:aa:90:da:f8:fc:15:23:
                    43:05:6f:b4:a5:ed:a0:7f:3a:92:68:5f:90:bf:c3:
                    7f:e9:6e:17:f8:5e:b1:b6:fb:3e:5d:26:57:5f:66:
                    3c:17:4d:b4:31:1b:c5:0e:4f:2b:a4:a2:f7:6c:df:
                    ff:93:ab:53:d9:39:dc:90:a2:25:c4:34:22:d4:4d:
                    6b:bd:fd:b9:b6:4d:c8:a8:3e:d5:55:80:2a:53:2b:
                    dd:dc:28:b3:0d:36:0c:4e:f5:59:ac:d2:0d:0b:19:
                    d8:f0:6e:dd:80:18:76:ae:52:68:0a:85:26:95:cc:
                    fc:01:bf:21:64:70:53:97:fa:4f:95:66:70:7b:cb:
                    7a:7a:58:19:7f:c8:c3:0c:d8:4b:5a:66:9f:07:fb:
                    1b:36:fc:7b:80:58:a0:b0:05:9c:7a:bd:90:58:97:
                    e8:80:80:19:83:76:d9:7c:73:a9:c4:86:f9:27:32:
                    c2:8f:7e:82:b6:28:aa:7b:40:a8:9e:e7:09:5f:9f:
                    d4:74:73:ee:9f:39:e6:1b:a2:d9:b9:b2:07:92:17:
                    4d:66:f2:36:bf:b6:23:73:de:69:e5:bd:6e:12:7c:
                    1f:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:14:9A:B3:F1:8E:C3:ED:36:FF:2A:81:D4:89:AF:10:69:9C:B3:92
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/911a25-a383-48c2-bf63-d87112ca99ae/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/911a25-a383-48c2-bf63-d87112ca99ae/1/CBSas_GOw-02_yqB1ImvEGmcs5I.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.141.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:c5:b5:ab:bf:5c:43:d7:4b:3c:00:bb:e4:83:e6:0d:38:6e:
         c8:c7:00:cd:7e:db:95:8f:80:19:80:78:2c:ee:12:21:cb:e8:
         b4:92:34:a0:6e:1b:c3:cd:3d:fa:60:e8:4a:ea:eb:2a:c1:6a:
         b5:1b:f1:7e:90:a0:97:32:b2:3c:26:cc:b6:b1:b0:4e:94:2a:
         ff:89:a9:c3:89:ee:ab:b1:a8:a1:01:11:36:ee:fd:29:3c:5a:
         d3:51:51:a7:94:14:95:80:f2:e1:e1:68:bd:29:a5:10:d4:03:
         78:5f:49:8c:70:6c:20:94:bd:ef:5d:6e:02:6b:24:41:13:e3:
         ba:0a:84:08:e9:06:44:75:ed:25:b4:fe:c9:6f:58:52:41:ae:
         e5:eb:5d:e7:d4:43:19:97:6a:0c:d2:c5:22:0f:87:55:70:a2:
         04:11:09:a7:41:34:d7:a4:51:03:9b:a8:3b:8a:0a:b0:31:b1:
         5a:aa:a7:e6:60:78:9f:80:aa:03:e1:cd:32:5f:1e:ed:06:91:
         85:63:3e:df:f4:99:44:89:3d:37:6b:d0:99:05:e8:dc:de:b2:
         22:da:51:32:82:ac:db:23:e3:72:68:68:79:6b:27:02:93:62:
         46:0f:ec:91:49:8d:aa:a3:16:11:45:7b:d9:00:d7:9d:cc:61:
         2e:d7:d6:93
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzJvISRXYQt5aMuX4pFXkiKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTAzMzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODE0OWFiM2YxOGVjM2VkMzZmZjJhODFkNDg5YWYxMDY5OWNiMzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1NmlCrMugky8eGlNZOvpJaKgxNJw
YTqVD9ELJuSRRBk3Fw2lFaqQ2vj8FSNDBW+0pe2gfzqSaF+Qv8N/6W4X+F6xtvs+
XSZXX2Y8F020MRvFDk8rpKL3bN//k6tT2TnckKIlxDQi1E1rvf25tk3IqD7VVYAq
Uyvd3CizDTYMTvVZrNINCxnY8G7dgBh2rlJoCoUmlcz8Ab8hZHBTl/pPlWZwe8t6
elgZf8jDDNhLWmafB/sbNvx7gFigsAWcer2QWJfogIAZg3bZfHOpxIb5JzLCj36C
tiiqe0ConucJX5/UdHPunznmG6LZubIHkhdNZvI2v7Yjc95p5b1uEnwfPQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFAgUmrPxjsPtNv8qgdSJrxBpnLOSMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJjLzkxMWEy
NS1hMzgzLTQ4YzItYmY2My1kODcxMTJjYTk5YWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmMvOTExYTI1
LWEzODMtNDhjMi1iZjYzLWQ4NzExMmNhOTlhZS8xL0NCU2FzX0dPdy0wMl95cUIx
SW12RUdtY3M1SS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwY1rMA0GCSqGSIb3DQEBCwUAA4IBAQCFxbWr
v1xD10s8ALvkg+YNOG7IxwDNftuVj4AZgHgs7hIhy+i0kjSgbhvDzT36YOhK6usq
wWq1G/F+kKCXMrI8Jsy2sbBOlCr/ianDie6rsaihARE27v0pPFrTUVGnlBSVgPLh
4Wi9KaUQ1AN4X0mMcGwglL3vXW4CayRBE+O6CoQI6QZEde0ltP7Jb1hSQa7l613n
1EMZl2oM0sUiD4dVcKIEEQmnQTTXpFEDm6g7igqwMbFaqqfmYHifgKoD4c0yXx7t
BpGFYz7f9JlEiT03a9CZBejc3rIi2lEygqzbI+NyaGh5aycCk2JGD+yRSY2qoxYR
RXvZANedzGEu19aT
-----END CERTIFICATE-----