Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/CSaQfEuWlut6_HQka5wpKSBfYQM.cer
File:                     CSaQfEuWlut6_HQka5wpKSBfYQM.cer (raw, json)
Hash identifier:          6plumiuJbTbqLgJqz7IuERbavXbjDGmn5ZopTJfaFYg=
Subject key identifier:   09:26:90:7C:4B:96:96:EB:7A:FC:74:24:6B:9C:29:29:20:5F:61:03
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC348F744FB6EF8405BE6A30429561024
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f5/1fcbcf-823d-477e-ad61-7870c1de94b2/1/CSaQfEuWlut6_HQka5wpKSBfYQM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f5/1fcbcf-823d-477e-ad61-7870c1de94b2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:29:48 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 202742

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 08:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f7:44:fb:6e:f8:40:5b:e6:a3:04:29:56:10:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0926907c4b9696eb7afc74246b9c2929205f6103
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:77:9c:a6:ea:c1:5c:e9:aa:a2:c5:2f:f7:3c:
                    f6:4f:21:19:5e:21:81:a2:0d:cd:70:a0:ea:ed:fb:
                    d4:aa:a2:73:82:35:17:19:9c:f8:69:d9:1a:ee:5d:
                    85:d6:fa:c2:4f:91:84:54:a0:d2:ef:a3:36:55:2d:
                    76:5d:93:2c:84:5b:64:39:c7:87:1a:41:7c:ff:8c:
                    c8:0b:c4:d5:a0:39:b1:f7:32:9e:4b:68:83:b5:cf:
                    3b:16:7d:5e:56:22:5e:5a:4e:26:e1:f0:79:1a:39:
                    e7:89:11:dd:c8:f1:59:e8:62:f9:86:48:9f:90:28:
                    f5:65:a7:26:48:26:2a:b8:6a:ab:74:bb:2b:e3:1a:
                    9f:de:27:6c:2d:3c:11:0d:bf:8f:40:e3:1b:38:87:
                    12:54:c3:cd:d2:63:96:0c:88:5d:53:66:12:ea:f8:
                    55:4d:41:f4:f6:48:13:0d:18:77:49:25:17:4d:64:
                    ee:81:1c:3a:f1:90:9f:73:06:b5:cf:c9:c7:f3:b3:
                    26:a5:e4:7a:85:6d:e0:6d:d8:ff:59:26:05:36:17:
                    7b:7f:e5:f1:4f:96:a7:ec:86:60:1c:03:03:e4:d7:
                    04:8c:05:50:09:be:25:78:08:96:4d:6d:7a:72:02:
                    dd:22:05:d8:39:bb:c9:72:4a:74:b5:a9:bd:be:7d:
                    7f:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:26:90:7C:4B:96:96:EB:7A:FC:74:24:6B:9C:29:29:20:5F:61:03
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/1fcbcf-823d-477e-ad61-7870c1de94b2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/1fcbcf-823d-477e-ad61-7870c1de94b2/1/CSaQfEuWlut6_HQka5wpKSBfYQM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  202742

    Signature Algorithm: sha256WithRSAEncryption
         0b:e1:2f:fa:ce:aa:f1:0e:88:73:fa:10:ed:36:77:cb:40:21:
         82:4e:3b:4c:6d:2a:49:d7:78:bb:d8:fd:5b:56:71:dc:8a:1d:
         c1:0c:63:d3:86:8f:30:d4:51:91:9d:88:fe:7a:3e:f9:09:27:
         74:27:51:9e:c5:7c:4d:3d:56:c3:46:17:72:47:62:42:dd:08:
         ea:82:c5:9e:6c:a9:ba:c5:5b:40:ac:c7:a1:71:5b:9f:3e:7c:
         c8:c0:c6:74:d8:07:98:d8:a2:3d:26:be:c5:54:a4:37:29:26:
         e2:c9:80:85:e4:17:fa:21:34:8c:d9:a9:ef:86:e5:c2:f5:b5:
         54:c6:0f:05:15:ee:31:7f:6d:20:48:60:39:46:56:62:c1:4f:
         1c:4d:95:30:89:5d:f1:a8:8c:39:07:8d:67:9b:08:68:da:f0:
         fa:74:d8:2c:71:62:03:5b:fe:de:b7:d0:b4:ef:9f:2a:cb:d7:
         cd:a0:0d:8e:a3:3e:9e:f6:f2:28:67:38:73:17:80:96:ee:5f:
         60:49:71:72:fc:41:27:29:d3:07:68:75:99:af:fd:fc:96:67:
         37:fb:e6:c8:67:de:ea:8a:c3:bd:0b:cd:e1:f9:45:f5:a0:55:
         76:df:b0:51:34:30:d2:9d:56:53:fd:01:bd:4c:7d:a2:ba:24:
         b0:64:4a:34
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzDSPdE+274QFvmowQpVhAkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTI2OTA3YzRiOTY5NmViN2FmYzc0MjQ2YjljMjkyOTIwNWY2MTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnecpurBXOmqosUv9zz2TyEZXiGB
og3NcKDq7fvUqqJzgjUXGZz4adka7l2F1vrCT5GEVKDS76M2VS12XZMshFtkOceH
GkF8/4zIC8TVoDmx9zKeS2iDtc87Fn1eViJeWk4m4fB5GjnniRHdyPFZ6GL5hkif
kCj1ZacmSCYquGqrdLsr4xqf3idsLTwRDb+PQOMbOIcSVMPN0mOWDIhdU2YS6vhV
TUH09kgTDRh3SSUXTWTugRw68ZCfcwa1z8nH87MmpeR6hW3gbdj/WSYFNhd7f+Xx
T5an7IZgHAMD5NcEjAVQCb4leAiWTW16cgLdIgXYObvJckp0tam9vn1/5wIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFAkmkHxLlpbrevx0JGucKSkgX2EDMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y1LzFmY2Jj
Zi04MjNkLTQ3N2UtYWQ2MS03ODcwYzFkZTk0YjIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjUvMWZjYmNm
LTgyM2QtNDc3ZS1hZDYxLTc4NzBjMWRlOTRiMi8xL0NTYVFmRXVXbHV0Nl9IUWth
NXdwS1NCZllRTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMX9jANBgkqhkiG9w0BAQsFAAOCAQEAC+Ev+s6q8Q6I
c/oQ7TZ3y0Ahgk47TG0qSdd4u9j9W1Zx3IodwQxj04aPMNRRkZ2I/no++QkndCdR
nsV8TT1Ww0YXckdiQt0I6oLFnmypusVbQKzHoXFbnz58yMDGdNgHmNiiPSa+xVSk
Nykm4smAheQX+iE0jNmp74blwvW1VMYPBRXuMX9tIEhgOUZWYsFPHE2VMIld8aiM
OQeNZ5sIaNrw+nTYLHFiA1v+3rfQtO+fKsvXzaANjqM+nvbyKGc4cxeAlu5fYElx
cvxBJynTB2h1ma/9/JZnN/vmyGfe6orDvQvN4flF9aBVdt+wUTQw0p1WU/0BvUx9
oroksGRKNA==
-----END CERTIFICATE-----