Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/CpywsnmGsNq0gTKBBQN_kKR91vk.cer
File:                     CpywsnmGsNq0gTKBBQN_kKR91vk.cer (raw, json)
Hash identifier:          YkFDELKpvKOSuybVvGD5fTWLpafpRg2R5TRm5RJJY3I=
Subject key identifier:   0A:9C:B0:B2:79:86:B0:DA:B4:81:32:81:05:03:7F:90:A4:7D:D6:F9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC501043BBA2D5501036B4056911C9DB4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/10/973a9c-19a3-4448-9e6b-4d45ab641655/1/CpywsnmGsNq0gTKBBQN_kKR91vk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/10/973a9c-19a3-4448-9e6b-4d45ab641655/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:30:27 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 211578

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Apr 2024 05:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:04:3b:ba:2d:55:01:03:6b:40:56:91:1c:9d:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a9cb0b27986b0dab481328105037f90a47dd6f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c1:87:50:ce:5d:e7:e7:1f:a6:2e:de:30:dc:
                    c6:41:eb:ae:dd:f4:3b:e7:03:6d:32:2c:e8:57:90:
                    8d:8d:de:b8:92:7c:a4:31:fb:d1:ef:03:62:2b:2c:
                    f8:c5:95:2b:40:63:db:b5:b2:10:9a:4d:71:27:fd:
                    74:de:29:2c:d6:c7:e3:34:81:d7:dd:02:8f:bc:b9:
                    32:cc:9b:ce:e4:9c:11:07:b5:c7:8e:de:f4:1b:49:
                    8c:9b:da:dc:f4:38:b1:48:30:9d:e4:0e:fc:78:85:
                    88:b0:e1:10:55:f7:7d:76:bc:7b:7a:b2:f3:f6:41:
                    81:38:cf:07:fb:b9:aa:6e:34:71:f4:74:13:7f:92:
                    6a:8b:b1:7a:9e:35:2a:f8:ea:23:f8:5d:e2:0f:58:
                    94:68:86:e3:ad:f3:2c:22:2a:c4:e7:b0:e9:1c:2c:
                    53:62:a8:02:d6:7b:1b:4c:b1:cf:ef:e3:d7:2f:68:
                    ad:48:3c:2c:0e:ad:b6:7d:d5:ac:03:ca:6d:51:5a:
                    97:88:87:47:df:f1:90:2c:91:6f:ff:db:dc:7f:56:
                    7b:df:63:1e:bb:32:13:70:cc:43:ae:4b:09:56:37:
                    8d:d3:cd:33:90:db:bb:5e:2d:d8:c8:cb:14:7f:bc:
                    df:aa:ba:64:b1:ea:9e:ed:21:a8:8f:b1:ae:17:a4:
                    74:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:9C:B0:B2:79:86:B0:DA:B4:81:32:81:05:03:7F:90:A4:7D:D6:F9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/973a9c-19a3-4448-9e6b-4d45ab641655/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/973a9c-19a3-4448-9e6b-4d45ab641655/1/CpywsnmGsNq0gTKBBQN_kKR91vk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  211578

    Signature Algorithm: sha256WithRSAEncryption
         70:e3:29:2e:aa:9c:59:6f:58:a5:1d:0c:a0:cd:2c:e6:00:f3:
         70:c2:9d:cd:9b:47:7b:9d:0c:a2:93:23:54:32:dc:a5:8f:d7:
         62:3a:34:39:2e:65:c3:08:f4:1f:6f:61:e7:65:a2:89:b5:66:
         dc:d1:7e:dc:d8:df:69:3b:bf:1d:43:f7:e9:90:18:ae:c1:ee:
         fd:49:96:66:9b:3c:50:f1:9e:6e:1e:15:04:ed:5e:e6:2e:57:
         05:c5:92:b7:68:bc:ea:3f:32:5e:c4:33:a1:ce:a2:5b:cf:f7:
         fd:bf:12:08:cc:1b:17:14:5a:82:56:76:d1:57:30:1d:10:53:
         81:87:68:e2:1b:0d:1d:64:db:ce:36:bc:52:28:b6:8f:55:97:
         73:cc:4e:3e:f1:5d:5a:79:a7:1b:72:f5:79:1c:ef:d2:2a:a9:
         e7:b3:84:72:0d:aa:7d:2c:88:5e:b3:ed:9a:19:35:83:9c:86:
         b2:8c:e8:15:7b:59:28:87:83:8a:23:3d:b6:c7:fc:71:08:77:
         c0:30:5d:b7:5e:60:84:36:35:9b:45:ab:f5:31:35:11:72:90:
         d9:77:66:06:db:ef:61:62:ea:03:15:74:27:e3:cf:bd:0d:b9:
         33:d0:f7:95:26:76:e1:40:e4:34:a1:be:63:c3:dd:72:68:ed:
         c6:43:ef:36
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzFAQQ7ui1VAQNrQFaRHJ20MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTljYjBiMjc5ODZiMGRhYjQ4MTMyODEwNTAzN2Y5MGE0N2RkNmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsGHUM5d5+cfpi7eMNzGQeuu3fQ7
5wNtMizoV5CNjd64knykMfvR7wNiKyz4xZUrQGPbtbIQmk1xJ/103iks1sfjNIHX
3QKPvLkyzJvO5JwRB7XHjt70G0mMm9rc9DixSDCd5A78eIWIsOEQVfd9drx7erLz
9kGBOM8H+7mqbjRx9HQTf5Jqi7F6njUq+Ooj+F3iD1iUaIbjrfMsIirE57DpHCxT
YqgC1nsbTLHP7+PXL2itSDwsDq22fdWsA8ptUVqXiIdH3/GQLJFv/9vcf1Z732Me
uzITcMxDrksJVjeN080zkNu7Xi3YyMsUf7zfqrpkseqe7SGoj7GuF6R0ewIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFAqcsLJ5hrDatIEygQUDf5Ckfdb5MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEwLzk3M2E5
Yy0xOWEzLTQ0NDgtOWU2Yi00ZDQ1YWI2NDE2NTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTAvOTczYTlj
LTE5YTMtNDQ0OC05ZTZiLTRkNDVhYjY0MTY1NS8xL0NweXdzbm1Hc05xMGdUS0JC
UU5fa0tSOTF2ay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM6ejANBgkqhkiG9w0BAQsFAAOCAQEAcOMpLqqcWW9Y
pR0MoM0s5gDzcMKdzZtHe50MopMjVDLcpY/XYjo0OS5lwwj0H29h52WiibVm3NF+
3NjfaTu/HUP36ZAYrsHu/UmWZps8UPGebh4VBO1e5i5XBcWSt2i86j8yXsQzoc6i
W8/3/b8SCMwbFxRaglZ20VcwHRBTgYdo4hsNHWTbzja8Uii2j1WXc8xOPvFdWnmn
G3L1eRzv0iqp57OEcg2qfSyIXrPtmhk1g5yGsozoFXtZKIeDiiM9tsf8cQh3wDBd
t15ghDY1m0Wr9TE1EXKQ2XdmBtvvYWLqAxV0J+PPvQ25M9D3lSZ24UDkNKG+Y8Pd
cmjtxkPvNg==
-----END CERTIFICATE-----