Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/H9CHXNAFHQwJJaygQQNOeECmdws.cer
File:                     H9CHXNAFHQwJJaygQQNOeECmdws.cer (raw, json)
Hash identifier:          vI1GGycX2A5wmaFCUdW2bSVL7J0snSEtBQCDIctQXk4=
Subject key identifier:   1F:D0:87:5C:D0:05:1D:0C:09:25:AC:A0:41:03:4E:78:40:A6:77:0B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018D1D1D1F18FD993296E07A927B69F0CFC7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e4/221048-3bad-469c-b933-e0802f474444/1/H9CHXNAFHQwJJaygQQNOeECmdws.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e4/221048-3bad-469c-b933-e0802f474444/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 18 Jan 2024 15:07:44 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 216054
                          IP: 2a14:4f80::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:1d:1d:1f:18:fd:99:32:96:e0:7a:92:7b:69:f0:cf:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 18 15:07:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fd0875cd0051d0c0925aca041034e7840a6770b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:0c:ff:c2:cd:2d:99:5e:4f:c1:83:a5:3d:cf:
                    3a:82:ce:2c:80:81:9a:fc:21:a3:f3:02:32:62:07:
                    72:0b:b0:0e:df:e2:c2:dc:4f:a2:d8:89:d4:ce:53:
                    7a:93:65:5e:6f:9a:bf:cd:a8:26:2d:e0:5f:05:23:
                    f1:87:86:56:2a:cb:bc:5f:5b:6a:0a:c4:6e:4b:d6:
                    dc:7f:d2:60:4d:cc:d2:04:18:35:82:3f:e9:4f:98:
                    92:b9:1e:77:fa:6b:bb:89:08:43:89:a6:92:4b:02:
                    0f:09:cf:9d:71:a2:79:53:b0:a0:f6:12:7a:68:dc:
                    92:7a:67:0c:a3:9d:23:ee:98:1c:99:17:fe:a1:80:
                    3c:8f:63:62:d1:54:cd:05:b0:14:e2:bb:b6:5d:83:
                    f5:dc:80:41:5e:3c:b7:67:0e:92:f6:fb:91:68:53:
                    33:7f:0b:8b:6d:24:4b:7b:9b:a8:4d:fe:47:66:12:
                    e7:6c:d9:b4:95:2e:a6:fe:7d:75:1d:23:be:1b:e5:
                    9f:53:2b:74:0d:db:31:01:eb:03:7f:8e:12:ec:c5:
                    11:17:24:38:63:68:29:1a:6f:46:e4:93:e9:9b:80:
                    93:4a:44:67:d5:a1:6d:3f:02:d6:ad:bc:74:b6:5f:
                    a4:38:7e:70:66:70:7e:1f:8a:c5:e9:f1:12:81:7c:
                    52:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:D0:87:5C:D0:05:1D:0C:09:25:AC:A0:41:03:4E:78:40:A6:77:0B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/221048-3bad-469c-b933-e0802f474444/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/221048-3bad-469c-b933-e0802f474444/1/H9CHXNAFHQwJJaygQQNOeECmdws.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4f80::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  216054

    Signature Algorithm: sha256WithRSAEncryption
         80:33:87:2b:07:39:25:00:95:d6:e7:87:90:b7:d5:21:51:c0:
         1f:d8:13:8f:df:92:0a:00:43:e6:0b:06:5b:3d:e6:78:c3:e7:
         c9:fa:87:b9:76:fc:10:5b:d9:fb:00:6e:93:14:fd:6a:e3:6b:
         5f:43:46:ee:19:f8:58:b3:02:d3:4b:27:61:46:e8:a7:fa:3f:
         d1:69:55:28:2c:7f:f2:53:af:4e:6a:ed:e3:ec:06:ed:49:9e:
         ce:ad:cd:14:8c:8d:3d:0e:83:18:43:7a:d0:4c:37:8e:56:61:
         69:44:ec:26:7f:cb:25:8f:b1:01:84:84:e9:ba:83:c3:3f:7c:
         b3:21:07:40:2a:a8:fc:2e:b2:f6:c5:b5:1a:ba:e3:58:93:d9:
         57:cf:4f:1f:53:6e:32:ea:fb:f5:79:15:7c:1d:f6:6f:37:cc:
         28:79:2b:4c:39:4a:7f:92:a5:a1:31:b6:95:6e:16:88:cf:b6:
         32:1b:1b:cb:14:e4:67:11:90:ca:87:a4:71:24:7c:1a:27:8c:
         f9:4b:d5:60:e0:a0:d2:25:e7:54:3d:69:12:e8:47:f6:c7:d8:
         e3:e8:0d:9c:bc:9d:2a:66:cd:29:16:b3:79:d0:2d:be:2a:34:
         0c:37:11:5a:2b:4e:b5:19:4e:b7:07:6c:0c:e2:08:ea:2b:b5:
         e9:02:48:14
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAY0dHR8Y/ZkyluB6kntp8M/HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTE4MTUwNzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmQwODc1Y2QwMDUxZDBjMDkyNWFjYTA0MTAzNGU3ODQwYTY3NzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQz/ws0tmV5PwYOlPc86gs4sgIGa
/CGj8wIyYgdyC7AO3+LC3E+i2InUzlN6k2Veb5q/zagmLeBfBSPxh4ZWKsu8X1tq
CsRuS9bcf9JgTczSBBg1gj/pT5iSuR53+mu7iQhDiaaSSwIPCc+dcaJ5U7Cg9hJ6
aNySemcMo50j7pgcmRf+oYA8j2Ni0VTNBbAU4ru2XYP13IBBXjy3Zw6S9vuRaFMz
fwuLbSRLe5uoTf5HZhLnbNm0lS6m/n11HSO+G+WfUyt0DdsxAesDf44S7MURFyQ4
Y2gpGm9G5JPpm4CTSkRn1aFtPwLWrbx0tl+kOH5wZnB+H4rF6fESgXxS6wIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFB/Qh1zQBR0MCSWsoEEDTnhApncLMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U0LzIyMTA0
OC0zYmFkLTQ2OWMtYjkzMy1lMDgwMmY0NzQ0NDQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTQvMjIxMDQ4
LTNiYWQtNDY5Yy1iOTMzLWUwODAyZjQ3NDQ0NC8xL0g5Q0hYTkFGSFF3SkpheWdR
UU5PZUVDbWR3cy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUDKhRPgDAaBggrBgEFBQcBCAEB/wQLMAmgBzAF
AgMDS/YwDQYJKoZIhvcNAQELBQADggEBAIAzhysHOSUAldbnh5C31SFRwB/YE4/f
kgoAQ+YLBls95njD58n6h7l2/BBb2fsAbpMU/Wrja19DRu4Z+FizAtNLJ2FG6Kf6
P9FpVSgsf/JTr05q7ePsBu1Jns6tzRSMjT0OgxhDetBMN45WYWlE7CZ/yyWPsQGE
hOm6g8M/fLMhB0AqqPwusvbFtRq641iT2VfPTx9TbjLq+/V5FXwd9m83zCh5K0w5
Sn+SpaExtpVuFojPtjIbG8sU5GcRkMqHpHEkfBonjPlL1WDgoNIl51Q9aRLoR/bH
2OPoDZy8nSpmzSkWs3nQLb4qNAw3EVorTrUZTrcHbAziCOortekCSBQ=
-----END CERTIFICATE-----