Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/HICFhJKexkMiDWmnfl4FDh0J2Wk.cer
File:                     HICFhJKexkMiDWmnfl4FDh0J2Wk.cer (raw, json)
Hash identifier:          xZmZGSHWAhcAlBF4H2o45bLn33iAgcxPow/4DtJkynI=
Subject key identifier:   1C:80:85:84:92:9E:C6:43:22:0D:69:A7:7E:5E:05:0E:1D:09:D9:69
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194236912A23A91948D777806D6B88D1C68
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/fd30a818-e105-413c-9d00-d36a887eff80/0/1C808584929EC643220D69A77E5E050E1D09D969.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/fd30a818-e105-413c-9d00-d36a887eff80/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 19:47:56 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 214806
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:12:a2:3a:91:94:8d:77:78:06:d6:b8:8d:1c:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 19:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c808584929ec643220d69a77e5e050e1d09d969
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e9:21:9b:d4:df:6b:af:fa:2f:be:d1:4c:fc:
                    28:87:16:c7:c8:cc:cc:97:07:2a:d9:04:f2:22:49:
                    46:6e:84:70:f6:10:fe:ba:1e:5d:cf:8e:a5:54:f4:
                    e1:6f:95:19:19:91:3c:84:93:8c:00:1f:5d:9e:b6:
                    ac:16:0d:e3:0b:ca:97:0d:a1:dc:b9:87:02:dd:f8:
                    3c:b6:13:96:74:e1:6d:37:5c:9a:84:bd:b1:58:d2:
                    10:d2:c7:21:da:28:ea:13:3d:e3:78:9b:77:d3:40:
                    c4:f0:8f:5e:38:db:26:dc:23:d7:59:5c:4a:45:d1:
                    92:92:ba:49:f1:54:07:ae:2e:50:05:b7:9d:b3:cc:
                    fc:76:0b:de:da:9d:af:64:db:9d:b3:77:3d:27:ab:
                    b3:6c:72:fd:ee:d5:88:a1:2d:fe:83:b3:17:8d:65:
                    10:7a:d8:a7:a5:7c:a6:06:df:a8:c9:0f:57:2d:df:
                    e5:e2:a6:da:23:6e:3c:58:42:66:12:e6:20:c4:37:
                    a0:38:f8:48:ba:b1:2a:fd:de:26:2f:b4:e1:ca:44:
                    92:8e:9c:d7:29:4f:48:7e:0a:39:45:ad:95:8b:a9:
                    4f:2e:a5:b5:c4:d1:89:6b:3b:11:3e:13:71:bd:de:
                    20:b5:c9:2a:b1:fc:11:60:36:f0:f6:73:f9:c6:f8:
                    2b:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:80:85:84:92:9E:C6:43:22:0D:69:A7:7E:5E:05:0E:1D:09:D9:69
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/fd30a818-e105-413c-9d00-d36a887eff80/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/fd30a818-e105-413c-9d00-d36a887eff80/0/1C808584929EC643220D69A77E5E050E1D09D969.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214806

    Signature Algorithm: sha256WithRSAEncryption
         4c:f4:86:24:48:90:20:33:55:50:f9:0e:b7:80:50:79:d5:4a:
         82:f7:d3:f1:93:e8:33:84:1d:85:14:7e:6c:1a:73:04:30:93:
         50:d3:7d:9a:5f:e5:00:4e:92:63:f0:1e:2b:6d:65:31:67:a0:
         83:2e:ca:82:03:2d:77:a4:6e:b7:9f:83:c5:f5:d9:27:1b:38:
         a6:96:1f:6e:e8:8a:48:63:5a:7b:f5:46:c9:c8:2d:87:b4:00:
         20:5c:87:7b:10:0d:e4:2e:28:30:f9:aa:dd:13:b3:bb:cc:81:
         4e:6f:8d:e6:68:3f:80:d8:69:3b:ca:40:99:dc:13:7d:99:8f:
         23:e1:97:ae:17:b3:0a:e9:cb:95:ea:63:2d:5a:6e:38:d0:e6:
         1a:e3:22:df:21:e7:aa:15:08:76:25:2e:77:46:5e:37:af:a9:
         9b:95:1e:f3:04:ef:fd:83:31:f7:ed:68:62:cf:b1:b1:7c:d3:
         2a:9f:ec:c2:c9:69:8a:05:cf:b2:b1:b6:d6:c7:07:8f:dd:ed:
         ee:2e:fe:7b:cd:3e:08:a2:3e:76:03:f2:21:e4:35:e6:52:45:
         5d:fa:8c:81:1a:f7:09:a0:e2:a0:28:f6:54:5a:ea:ec:34:63:
         b0:20:f6:2d:35:ed:20:57:6e:ba:0c:6a:b1:35:63:43:73:4f:
         eb:5d:58:be
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZQjaRKiOpGUjXd4Bta4jRxoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTk0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzgwODU4NDkyOWVjNjQzMjIwZDY5YTc3ZTVlMDUwZTFkMDlkOTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvekhm9Tfa6/6L77RTPwohxbHyMzM
lwcq2QTyIklGboRw9hD+uh5dz46lVPThb5UZGZE8hJOMAB9dnrasFg3jC8qXDaHc
uYcC3fg8thOWdOFtN1yahL2xWNIQ0sch2ijqEz3jeJt300DE8I9eONsm3CPXWVxK
RdGSkrpJ8VQHri5QBbeds8z8dgve2p2vZNuds3c9J6uzbHL97tWIoS3+g7MXjWUQ
etinpXymBt+oyQ9XLd/l4qbaI248WEJmEuYgxDegOPhIurEq/d4mL7ThykSSjpzX
KU9Ifgo5Ra2Vi6lPLqW1xNGJazsRPhNxvd4gtckqsfwRYDbw9nP5xvgrCwIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFByAhYSSnsZDIg1pp35eBQ4dCdlpMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZkMzBh
ODE4LWUxMDUtNDEzYy05ZDAwLWQzNmE4ODdlZmY4MC8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmQz
MGE4MTgtZTEwNS00MTNjLTlkMDAtZDM2YTg4N2VmZjgwLzAvMUM4MDg1ODQ5MjlF
QzY0MzIyMEQ2OUE3N0U1RTA1MEUxRDA5RDk2OS5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDRxYw
DQYJKoZIhvcNAQELBQADggEBAEz0hiRIkCAzVVD5DreAUHnVSoL30/GT6DOEHYUU
fmwacwQwk1DTfZpf5QBOkmPwHittZTFnoIMuyoIDLXekbrefg8X12ScbOKaWH27o
ikhjWnv1RsnILYe0ACBch3sQDeQuKDD5qt0Ts7vMgU5vjeZoP4DYaTvKQJncE32Z
jyPhl64Xswrpy5XqYy1abjjQ5hrjIt8h56oVCHYlLndGXjevqZuVHvME7/2DMfft
aGLPsbF80yqf7MLJaYoFz7KxttbHB4/d7e4u/nvNPgiiPnYD8iHkNeZSRV36jIEa
9wmg4qAo9lRa6uw0Y7Ag9i017SBXbroMarE1Y0NzT+tdWL4=
-----END CERTIFICATE-----