Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/CoRnuQcocepoG1eg2AHdo4xr_3U.cer
File:                     CoRnuQcocepoG1eg2AHdo4xr_3U.cer (raw, json)
Hash identifier:          k1jFgq4BBr1w9ZrVcfV7AL6HIH5NANEwLtcq7kZtqRU=
Subject key identifier:   0A:84:67:B9:07:28:71:EA:68:1B:57:A0:D8:01:DD:A3:8C:6B:FF:75
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC86F60FB286ADEF3FBFAADB64C71CA3B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b8/db5301-c163-47a9-b298-ada2df715a1f/1/CoRnuQcocepoG1eg2AHdo4xr_3U.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b8/db5301-c163-47a9-b298-ada2df715a1f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 04:29:51 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 198427

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:60:fb:28:6a:de:f3:fb:fa:ad:b6:4c:71:ca:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a8467b9072871ea681b57a0d801dda38c6bff75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:14:eb:fa:ac:9a:34:71:d7:ef:71:10:ea:b4:
                    ff:e9:12:de:cb:8d:cc:cc:ee:3a:52:aa:b3:cb:d0:
                    2e:5b:ec:af:31:29:ef:60:33:37:22:fb:c1:13:9d:
                    93:ac:63:cc:bf:36:57:e4:ee:39:e5:6f:8a:2d:ee:
                    ad:d7:f1:eb:1d:ba:1a:1b:f0:88:27:4d:50:25:91:
                    ab:41:d3:f9:68:39:60:de:14:3c:a6:09:aa:4c:97:
                    70:63:42:66:1a:94:be:ff:4a:28:28:74:4e:27:f4:
                    a4:3d:31:fb:a9:64:10:96:18:63:74:a7:51:44:65:
                    a7:00:62:cb:94:7c:98:d7:1f:6b:f9:71:1f:85:87:
                    77:fc:02:4c:a7:05:35:1c:1f:22:ae:23:99:67:15:
                    2f:1b:0e:b0:4a:21:c2:bc:a3:5f:bd:b1:1b:2f:6f:
                    2c:cb:98:72:12:cc:a0:7e:31:14:52:d9:30:e2:09:
                    c6:80:3f:78:ff:dc:a1:37:4b:26:3f:1b:7c:be:39:
                    dd:84:f4:65:82:92:e7:ba:03:2d:02:d9:b7:9d:59:
                    04:cc:4f:dd:a9:44:82:cc:4c:c4:2f:ef:a7:30:20:
                    fe:04:c7:85:fb:b1:36:32:52:63:d2:b6:ab:ca:32:
                    f4:e2:97:09:f8:71:7d:3c:a6:c7:6f:55:e3:c6:3a:
                    3e:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:84:67:B9:07:28:71:EA:68:1B:57:A0:D8:01:DD:A3:8C:6B:FF:75
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/db5301-c163-47a9-b298-ada2df715a1f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/db5301-c163-47a9-b298-ada2df715a1f/1/CoRnuQcocepoG1eg2AHdo4xr_3U.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198427

    Signature Algorithm: sha256WithRSAEncryption
         ad:b0:57:dd:61:d4:42:e7:5f:18:03:ba:2a:2b:f2:d4:83:57:
         6c:80:85:0f:26:ca:2d:da:c9:1f:69:a5:a7:59:20:21:f3:95:
         9e:cf:63:9f:7d:55:5a:e4:15:62:af:da:6d:36:4b:2b:bf:a8:
         93:20:33:95:da:df:34:64:d7:d6:66:8f:3c:08:7c:66:db:68:
         a1:df:f7:4f:31:e3:a1:7a:a5:97:37:4f:fa:b5:c4:6a:68:cb:
         c7:a0:07:8d:bf:81:e1:e5:0b:38:76:89:49:8a:24:bd:14:20:
         bf:5e:25:e7:a1:b0:8a:08:cd:77:09:93:2d:5f:00:a7:b2:81:
         6d:54:f7:ea:3c:1f:f0:cb:1b:9a:58:2d:29:ec:80:a7:45:df:
         c1:31:fd:f4:9b:da:20:51:d6:30:fd:14:1b:f5:d6:74:6a:eb:
         75:21:25:fc:2e:56:9a:35:9e:21:2a:84:1a:d3:3c:02:91:07:
         f1:c5:82:d7:3c:70:62:2a:3a:0e:c8:6c:84:ad:35:a1:4b:bf:
         31:ad:06:ac:80:d9:1f:02:98:cf:54:8b:47:4e:52:ee:7c:85:
         a0:0d:19:e0:6f:72:ff:e8:3a:80:86:9b:48:b8:b6:b9:a2:a9:
         98:61:b4:e6:89:95:42:a5:32:27:23:0c:1a:29:ac:bc:83:ad:
         30:20:d8:a4
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzIb2D7KGre8/v6rbZMcco7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDQyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTg0NjdiOTA3Mjg3MWVhNjgxYjU3YTBkODAxZGRhMzhjNmJmZjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBTr+qyaNHHX73EQ6rT/6RLey43M
zO46Uqqzy9AuW+yvMSnvYDM3IvvBE52TrGPMvzZX5O455W+KLe6t1/HrHboaG/CI
J01QJZGrQdP5aDlg3hQ8pgmqTJdwY0JmGpS+/0ooKHROJ/SkPTH7qWQQlhhjdKdR
RGWnAGLLlHyY1x9r+XEfhYd3/AJMpwU1HB8iriOZZxUvGw6wSiHCvKNfvbEbL28s
y5hyEsygfjEUUtkw4gnGgD94/9yhN0smPxt8vjndhPRlgpLnugMtAtm3nVkEzE/d
qUSCzEzEL++nMCD+BMeF+7E2MlJj0raryjL04pcJ+HF9PKbHb1Xjxjo+SwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFAqEZ7kHKHHqaBtXoNgB3aOMa/91MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2I4L2RiNTMw
MS1jMTYzLTQ3YTktYjI5OC1hZGEyZGY3MTVhMWYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjgvZGI1MzAx
LWMxNjMtNDdhOS1iMjk4LWFkYTJkZjcxNWExZi8xL0NvUm51UWNvY2Vwb0cxZWcy
QUhkbzR4cl8zVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMHGzANBgkqhkiG9w0BAQsFAAOCAQEArbBX3WHUQudf
GAO6Kivy1INXbICFDybKLdrJH2mlp1kgIfOVns9jn31VWuQVYq/abTZLK7+okyAz
ldrfNGTX1maPPAh8Zttood/3TzHjoXqllzdP+rXEamjLx6AHjb+B4eULOHaJSYok
vRQgv14l56GwigjNdwmTLV8Ap7KBbVT36jwf8MsbmlgtKeyAp0XfwTH99JvaIFHW
MP0UG/XWdGrrdSEl/C5WmjWeISqEGtM8ApEH8cWC1zxwYio6DshshK01oUu/Ma0G
rIDZHwKYz1SLR05S7nyFoA0Z4G9y/+g6gIabSLi2uaKpmGG05omVQqUyJyMMGims
vIOtMCDYpA==
-----END CERTIFICATE-----